This file documents the GNU Mach microkernel. This is Edition 0.3, last updated 2001-09-01, of `The GNU Mach Reference Manual', for Version 1.2. Copyright (C) 2001 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being "Free Software Needs Free Documentation" and "GNU Lesser General Public License", the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled "GNU Free Documentation License". (a) The FSF's Front-Cover Text is: A GNU Manual (b) The FSF's Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. This work is based on manual pages under the following copyright and license: Mach Operating System Copyright (C) 1991,1990 Carnegie Mellon University All Rights Reserved. Permission to use, copy, modify and distribute this software and its documentation is hereby granted, provided that both the copyright notice and this permission notice appear in all copies of the software, derivative works or modified versions, and any portions thereof, and that both notices appear in supporting documentation. CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. Main Menu ********* This is Edition 0.3, last updated 2001-09-01, of `The GNU Mach Reference Manual', for Version 1.2 of the GNU Mach microkernel. ifnottex Introduction ************ GNU Mach is the microkernel of the GNU Project. It is the base of the operating system, and provides its functionality to the Hurd servers, the GNU C Library and all user applications. The microkernel itself does not provide much functionality of the system, just enough to make it possible for the Hurd servers and the C library to implement the missing features you would expect from a POSIX compatible operating system. Audience ======== This manual is designed to be useful to everybody who is interested in using, administering, or programming the Mach microkernel. If you are an end-user and you are looking for help on running the Mach kernel, the first few chapters of this manual describe the essential parts of installing and using the kernel in the GNU operating system. The rest of this manual is a technical discussion of the Mach programming interface and its implementation, and would not be helpful until you want to learn how to extend the system or modify the kernel. This manual is organized according to the subsystems of Mach, and each chapter begins with descriptions of conceptual ideas that are related to that subsystem. If you are a programmer and want to learn more about, say, the Mach IPC subsystem, you can skip to the IPC chapter (*note Inter Process Communication::.), and read about the related concepts and interface definitions. Features ======== GNU Mach is not the most advanced microkernel known to the planet, nor is it the fastest or smallest, but it has a rich set of interfaces and some features which make it useful as the base of the Hurd system. it's free software Anybody can use, modify, and redistribute it under the terms of the GNU General Public License (*note Copying::.). GNU Mach is part of the GNU system, which is a complete operating system licensed under the GPL. it's built to survive As a microkernel, GNU Mach doesn't implement a lot of the features commonly found in an operating system, but only the bare minimum that is required to implement a full operating system on top of it. This means that a lot of the operating system code is maintained outside of GNU Mach, and while this code may go through a complete redesign, the code of the microkernel can remain comparatively stable. it's scalable Mach is particularly well suited for SMP and network cluster techniques. Thread support is provided at the kernel level, and the kernel itself takes advantage of that. Network transparency at the IPC level makes resources of the system available across machine boundaries (with NORMA IPC, currently not available in GNU Mach). it exists The Mach microkernel is real software that works Right Now. It is not a research or a proposal. You don't have to wait at all before you can start using and developing it. Mach has been used in many operating systems in the past, usually as the base for a single UNIX server. In the GNU system, Mach is the base of a functional multi-server operating system, the Hurd. Overview ======== An operating system kernel provides a framework for programs to share a computer's hardware resources securely and efficiently. This requires that the programs are seperated and protected from each other. To make running multiple programs in parallel useful, there also needs to be a facility for programs to exchange information by communication. The Mach microkernel provides abstractions of the underlying hardware ressources like devices and memory. It organizes the running programs in tasks and manages the threads (points of execution in the tasks). In addition, Mach provides a rich interface for inter-process communication. What Mach does not provide is a POSIX compatible programming interface. In fact, it has no understanding of file systems, POSIX process semantics, network protocols and many more. All this is implemented in tasks running on top of the microkernel. In the GNU operating system, the Hurd servers and the C library share the responsibility to implement the POSIX interface, and the additional interfaces which are specific to the GNU system. History ======= XXX History of Mach here. Installing ********** Before you can use the Mach microkernel in your system you'll need to install it and all components you want to use with it, e.g. the rest of the operating system. You also need a bootloader to load the kernel from the storage medium and run it when the computer is started. GNU Mach is only available for Intel i386-compatible architectures (such as the Pentium) currently. If you have a different architecture and want to run the GNU Mach microkernel, you will need to port the kernel and all other software of the system to your machine's architecture. Porting is an involved process which requires considerable programming skills, and it is not recommended for the faint-of-heart. If you have the talent and desire to do a port, contact in order to coordinate the effort. Binary Distributions ==================== By far the easiest and best way to install GNU Mach and the operating system is to obtain a GNU binary distribution. The GNU operating system consists of GNU Mach, the Hurd, the C library and many applications. Without the GNU operating system, you will only have a microkernel, which is not very useful by itself, without the other programs. Building the whole operating system takes a huge effort, and you are well advised to not do it yourself, but to get a binary distribution of the GNU operating system. The distribution also includes a binary of the GNU Mach microkernel. Information on how to obtain the GNU system can be found in the Hurd info manual. Compilation =========== If you already have a running GNU system, and only want to recompile the kernel, for example to select a different set of included hardware drivers, you can easily do this. You need the GNU C compiler and MiG, the Mach interface generator, which both come in their own packages. Building and installing the kernel is as easy as with any other GNU software package. The configure script is used to configure the source and set the compile time options. The compilation is done by running: make To install the kernel and its header files, just enter the command: make install This will install the kernel into $(prefix)/boot/gnumach and the header files into $(prefix)/include. You can also only install the kernel or the header files. For this, the two targets install-kernel and install-headers are provided. Configuration ============= The following options can be passed to the configure script as command line arguments and control what components are built into the kernel, or where it is installed. The default for an option is to be disabled, unless otherwise noted. `--prefix PREFIX' Sets the prefix to PREFIX. The default prefix is the empty string, which is the correct value for the GNU system. The prefix is prepended to all path names at installation time. `--enable-kdb' Enables the in-kernel debugger. This is only useful if you actually anticipate debugging the kernel. It is not enabled by default because it adds considerably to the unpageable memory footprint of the kernel. `--enable-kmsg' Enables the kernel message device kmsg. `--enable-lpr' Enables the parallel port devices lpr%d. `--enable-floppy' Enables the PC floppy disk controller devices fd%d. `--enable-ide' Enables the IDE controller devices hd%d, hd%ds%d. The following options enable drivers for various SCSI controller. SCSI devices are named sd%d (disks) or cd%d (CD ROMs). `--enable-advansys' Enables the AdvanSys SCSI controller devices sd%d, cd%d. `--enable-buslogic' Enables the BusLogic SCSI controller devices sd%d, cd%d. `--disable-flashpoint' Only meaningful in conjunction with -enable-buslogic. Omits the FlshPoint support. This option is enabled by default if -enable-buslogic is specified. `--enable-u1434f' Enables the UltraStor 14F/34F SCSI controller devices sd%d, cd%d. `--enable-ultrastor' Enables the UltraStor SCSI controller devices sd%d, cd%d. `--enable-aha152x' `--enable-aha2825' Enables the Adaptec AHA-152x/2825 SCSI controller devices sd%d, cd%d. `--enable-aha1542' Enables the Adaptec AHA-1542 SCSI controller devices sd%d, cd%d. `--enable-aha1740' Enables the Adaptec AHA-1740 SCSI controller devices sd%d, cd%d. `--enable-aic7xxx' Enables the Adaptec AIC7xxx SCSI controller devices sd%d, cd%d. `--enable-futuredomain' Enables the Future Domain 16xx SCSI controller devices sd%d, cd%d. `--enable-in2000' Enables the Always IN 2000 SCSI controller devices sd%d, cd%d. `--enable-ncr5380' `--enable-ncr53c400' Enables the generic NCR5380/53c400 SCSI controller devices sd%d, cd%d. `--enable-ncr53c406a' Enables the NCR53c406a SCSI controller devices sd%d, cd%d. `--enable-pas16' Enables the PAS16 SCSI controller devices sd%d, cd%d. `--enable-seagate' Enables the Seagate ST02 and Future Domain TMC-8xx SCSI controller devices sd%d, cd%d. `--enable-t128' `--enable-t128f' `--enable-t228' Enables the Trantor T128/T128F/T228 SCSI controller devices sd%d, cd%d. `--enable-ncr53c7xx' Enables the NCR53C7,8xx SCSI controller devices sd%d, cd%d. `--enable-eatadma' Enables the EATA-DMA (DPT, NEC, AT&T, SNI, AST, Olivetti, Alphatronix) SCSI controller devices sd%d, cd%d. `--enable-eatapio' Enables the EATA-PIO (old DPT PM2001, PM2012A) SCSI controller devices sd%d, cd%d. `--enable-wd7000' Enables the WD 7000 SCSI controller devices sd%d, cd%d. `--enable-eata' Enables the EATA ISA/EISA/PCI (DPT and generic EATA/DMA-compliant boards) SCSI controller devices sd%d, cd%d. `--enable-am53c974' `--enable-am79c974' Enables the AM53/79C974 SCSI controller devices sd%d, cd%d. `--enable-dtc3280' `--enable-dtc3180' Enables the DTC3180/3280 SCSI controller devices sd%d, cd%d. `--enable-ncr53c8xx' `--enable-dc390w' `--enable-dc390u' `--enable-dc390f' Enables the NCR53C8XX SCSI controller devices sd%d, cd%d. `--enable-dc390t' `--enable-dc390' Enables the Tekram DC-390(T) SCSI controller devices sd%d, cd%d. `--enable-ppa' Enables the IOMEGA Parallel Port ZIP drive device sd%d. `--enable-qlogicfas' Enables the Qlogic FAS SCSI controller devices sd%d, cd%d. `--enable-qlogicisp' Enables the Qlogic ISP SCSI controller devices sd%d, cd%d. `--enable-gdth' Enables the GDT SCSI Disk Array controller devices sd%d, cd%d. The following options enable drivers for various ethernet cards. NIC device names are usually eth%d, except for the pocket adaptors. GNU Mach does only autodetect one ethernet card. To enable any further cards, the source code has to be edited. `--enable-ne2000' `--enable-ne1000' Enables the NE2000/NE1000 ISA netword card devices eth%d. `--enable-3c503' `--enable-el2' Enables the 3Com 503 (Etherlink II) netword card devices eth%d. `--enable-3c509' `--enable-3c579' `--enable-el3' Enables the 3Com 509/579 (Etherlink III) netword card devices eth%d. `--enable-wd80x3' Enables the WD80X3 netword card devices eth%d. `--enable-3c501' `--enable-el1' Enables the 3COM 501 netword card devices eth%d. `--enable-ul' Enables the SMC Ultra netword card devices eth%d. `--enable-ul32' Enables the SMC Ultra 32 netword card devices eth%d. `--enable-hplanplus' Enables the HP PCLAN+ (27247B and 27252A) netword card devices eth%d. `--enable-hplan' Enables the HP PCLAN (27245 and other 27xxx series) netword card devices eth%d. `--enable-3c59x' `--enable-3c90x' `--enable-vortex' Enables the 3Com 590/900 series (592/595/597/900/905) "Vortex/Boomerang" netword card devices eth%d. `--enable-seeq8005' Enables the Seeq8005 netword card devices eth%d. `--enable-hp100' `--enable-hpj2577' `--enable-hpj2573' `--enable-hp27248b' `--enable-hp2585' Enables the HP 10/100VG PCLAN (ISA, EISA, PCI) netword card devices eth%d. `--enable-ac3200' Enables the Ansel Communications EISA 3200 netword card devices eth%d. `--enable-e2100' Enables the Cabletron E21xx netword card devices eth%d. `--enable-at1700' Enables the AT1700 (Fujitsu 86965) netword card devices eth%d. `--enable-eth16i' `--enable-eth32' Enables the ICL EtherTeam 16i/32 netword card devices eth%d. `--enable-znet' `--enable-znote' Enables the Zenith Z-Note netword card devices eth%d. `--enable-eexpress' Enables the EtherExpress 16 netword card devices eth%d. `--enable-eexpresspro' Enables the EtherExpressPro netword card devices eth%d. `--enable-eexpresspro100' Enables the Intel EtherExpressPro PCI 10+/100B/100+ netword card devices eth%d. `--enable-depca' `--enable-de100' `--enable-de101' `--enable-de200' `--enable-de201' `--enable-de202' `--enable-de210' `--enable-de422' Enables the DEPCA, DE10x, DE200, DE201, DE202, DE210, DE422 netword card devices eth%d. `--enable-ewrk3' `--enable-de203' `--enable-de204' `--enable-de205' Enables the EtherWORKS 3 (DE203, DE204, DE205) netword card devices eth%d. `--enable-de4x5' `--enable-de425' `--enable-de434' `--enable-435' `--enable-de450' `--enable-500' Enables the DE425, DE434, DE435, DE450, DE500 netword card devices eth%d. `--enable-apricot' Enables the Apricot XEN-II on board ethernet netword card devices eth%d. `--enable-wavelan' Enables the AT&T WaveLAN & DEC RoamAbout DS netword card devices eth%d. `--enable-3c507' `--enable-el16' Enables the 3Com 507 netword card devices eth%d. `--enable-3c505' `--enable-elplus' Enables the 3Com 505 netword card devices eth%d. `--enable-de600' Enables the D-Link DE-600 netword card devices eth%d. `--enable-de620' Enables the D-Link DE-620 netword card devices eth%d. `--enable-skg16' Enables the Schneider & Koch G16 netword card devices eth%d. `--enable-ni52' Enables the NI5210 netword card devices eth%d. `--enable-ni65' Enables the NI6510 netword card devices eth%d. `--enable-atp' Enables the AT-LAN-TEC/RealTek pocket adaptor netword card devices atp%d. `--enable-lance' `--enable-at1500' `--enable-ne2100' Enables the AMD LANCE and PCnet (AT1500 and NE2100) netword card devices eth%d. `--enable-elcp' `--enable-tulip' Enables the DECchip Tulip (dc21x4x) PCI netword card devices eth%d. `--enable-fmv18x' Enables the FMV-181/182/183/184 netword card devices eth%d. `--enable-3c515' Enables the 3Com 515 ISA Fast EtherLink netword card devices eth%d. `--enable-pcnet32' Enables the AMD PCI PCnet32 (PCI bus NE2100 cards) netword card devices eth%d. `--enable-ne2kpci' Enables the PCI NE2000 netword card devices eth%d. `--enable-yellowfin' Enables the Packet Engines Yellowfin Gigabit-NIC netword card devices eth%d. `--enable-rtl8139' `--enable-rtl8129' Enables the RealTek 8129/8139 (not 8019/8029!) netword card devices eth%d. `--enable-epic' `--enable-epic100' Enables the SMC 83c170/175 EPIC/100 (EtherPower II) netword card devices eth%d. `--enable-tlan' Enables the TI ThunderLAN netword card devices eth%d. `--enable-viarhine' Enables the VIA Rhine netword card devices eth%d. Cross-Compilation ================= Another way to install the kernel is to use an existing operating system in order to compile the kernel binary. This is called "cross-compiling", because it is done between two different platforms. If the pre-built kernels are not working for you, and you can't ask someone to compile a custom kernel for your machine, this is your last chance to get a kernel that boots on your hardware. Luckily, the kernel does have light dependencies. You don't even need a cross compiler if your build machine has a compiler and is the same architecture as the system you want to run GNU Mach on. You need a cross-mig, though. Bootstrap ********* Bootstrapping(1) is the procedure by which your machine loads the microkernel and transfers control to the operating system. ---------- Footnotes ---------- (1) The term "bootstrapping" refers to a Dutch legend about a boy who was able to fly by pulling himself up by his bootstraps. In computers, this term refers to any process where a simple system activates a more complicated system. Bootloader ========== The "bootloader" is the first software that runs on your machine. Many hardware architectures have a very simple startup routine which reads a very simple bootloader from the beginning of the internal hard disk, then transfers control to it. Other architectures have startup routines which are able to understand more of the contents of the hard disk, and directly start a more advanced bootloader. Currently, "GRUB"(1) is the preferred GNU bootloader. GRUB provides advanced functionality, and is capable of loading several different kernels (such as Mach, Linux, DOS, and the *BSD family). GNU Mach conforms to the Multiboot specification which defines an interface between the bootloader and the components that run very early at startup. GNU Mach can be started by any bootloader which supports the multiboot standard. After the bootloader loaded the kernel image to a designated address in the system memory, it jumps into the startup code of the kernel. This code initializes the kernel and detects the available hardware devices. Afterwards, the first system task is started. ---------- Footnotes ---------- (1) The GRand Unified Bootloader, available from `http://www.uruk.org/grub/'. Modules ======= Because the microkernel does not provide filesystem support and other features necessary to load the first system task from a storage medium, the first task is loaded by the bootloader as a module to a specified address. In the GNU system, this first program is the `serverboot' executable. GNU Mach inserts the host control port and the device master port into this task and appends the port numbers to the command line before executing it. The `serverboot' program is responsible for loading and executing the rest of the Hurd servers. Rather than containing specific instructions for starting the Hurd, it follows general steps given in a user-supplied boot script. XXX finish Inter Process Communication *************************** This chapter describes the details of the Mach IPC system. Only the actual calls concerned with sending and receiving messages are discussed here. The details of the port system are described in the next chapter. Major Concepts ============== The Mach kernel provides message-oriented, capability-based interprocess communication. The interprocess communication (IPC) primitives efficiently support many different styles of interaction, including remote procedure calls, object-oriented distributed programming, streaming of data, and sending very large amounts of data. The IPC primitives operate on three abstractions: messages, ports, and port sets. User tasks access all other kernel services and abstractions via the IPC primitives. The message primitives let tasks send and receive messages. Tasks send messages to ports. Messages sent to a port are delivered reliably (messages may not be lost) and are received in the order in which they were sent. Messages contain a fixed-size header and a variable amount of typed data following the header. The header describes the destination and size of the message. The IPC implementation makes use of the VM system to efficiently transfer large amounts of data. The message body can contain the address of a region in the sender's address space which should be transferred as part of the message. When a task receives a message containing an out-of-line region of data, the data appears in an unused portion of the receiver's address space. This transmission of out-of-line data is optimized so that sender and receiver share the physical pages of data copy-on-write, and no actual data copy occurs unless the pages are written. Regions of memory up to the size of a full address space may be sent in this manner. Ports hold a queue of messages. Tasks operate on a port to send and receive messages by exercising capabilities for the port. Multiple tasks can hold send capabilities, or rights, for a port. Tasks can also hold send-once rights, which grant the ability to send a single message. Only one task can hold the receive capability, or receive right, for a port. Port rights can be transferred between tasks via messages. The sender of a message can specify in the message body that the message contains a port right. If a message contains a receive right for a port, then the receive right is removed from the sender of the message and the right is transferred to the receiver of the message. While the receive right is in transit, tasks holding send rights can still send messages to the port, and they are queued until a task acquires the receive right and uses it to receive the messages. Tasks can receive messages from ports and port sets. The port set abstraction allows a single thread to wait for a message from any of several ports. Tasks manipulate port sets with a capability, or port-set right, which is taken from the same space as the port capabilities. The port-set right may not be transferred in a message. A port set holds receive rights, and a receive operation on a port set blocks waiting for a message sent to any of the constituent ports. A port may not belong to more than one port set, and if a port is a member of a port set, the holder of the receive right can't receive directly from the port. Port rights are a secure, location-independent way of naming ports. The port queue is a protected data structure, only accessible via the kernel's exported message primitives. Rights are also protected by the kernel; there is no way for a malicious user task to guess a port name and send a message to a port to which it shouldn't have access. Port rights do not carry any location information. When a receive right for a port moves from task to task, and even between tasks on different machines, the send rights for the port remain unchanged and continue to function. Messaging Interface =================== This section describes how messages are composed, sent and received within the Mach IPC system. Mach Message Call ----------------- To use the `mach_msg' call, you can include the header files `mach/port.h' and `mach/message.h'. - Function: mach_msg_return_t mach_msg (mach_msg_header_t *MSG, mach_msg_option_t OPTION, mach_msg_size_t SEND_SIZE, mach_msg_size_t RCV_SIZE, mach_port_t RCV_NAME, mach_msg_timeout_t TIMEOUT, mach_port_t NOTIFY) The `mach_msg' function is used to send and receive messages. Mach messages contain typed data, which can include port rights and references to large regions of memory. MSG is the address of a buffer in the caller's address space. Message buffers should be aligned on long-word boundaries. The message options OPTION are bit values, combined with bitwise-or. One or both of `MACH_SEND_MSG' and `MACH_RCV_MSG' should be used. Other options act as modifiers. When sending a message, SEND_SIZE specifies the size of the message buffer. Otherwise zero should be supplied. When receiving a message, RCV_SIZE specifies the size of the message buffer. Otherwise zero should be supplied. When receiving a message, RCV_NAME specifies the port or port set. Otherwise `MACH_PORT_NULL' should be supplied. When using the `MACH_SEND_TIMEOUT' and `MACH_RCV_TIMEOUT' options, TIMEOUT specifies the time in milliseconds to wait before giving up. Otherwise `MACH_MSG_TIMEOUT_NONE' should be supplied. When using the `MACH_SEND_NOTIFY', `MACH_SEND_CANCEL', and `MACH_RCV_NOTIFY' options, NOTIFY specifies the port used for the notification. Otherwise `MACH_PORT_NULL' should be supplied. If the option argument is `MACH_SEND_MSG', it sends a message. The SEND_SIZE argument specifies the size of the message to send. The `msgh_remote_port' field of the message header specifies the destination of the message. If the option argument is `MACH_RCV_MSG', it receives a message. The RCV_SIZE argument specifies the size of the message buffer that will receive the message; messages larger than RCV_SIZE are not received. The RCV_NAME argument specifies the port or port set from which to receive. If the option argument is `MACH_SEND_MSG|MACH_RCV_MSG', then `mach_msg' does both send and receive operations. If the send operation encounters an error (any return code other than `MACH_MSG_SUCCESS'), then the call returns immediately without attempting the receive operation. Semantically the combined call is equivalent to separate send and receive calls, but it saves a system call and enables other internal optimizations. If the option argument specifies neither `MACH_SEND_MSG' nor `MACH_RCV_MSG', then `mach_msg' does nothing. Some options, like `MACH_SEND_TIMEOUT' and `MACH_RCV_TIMEOUT', share a supporting argument. If these options are used together, they make independent use of the supporting argument's value. - Data type: natural_t mach_msg_timeout_t The type used by the timeout mechanism. The units are milliseconds. The value to be used when there is no timeout is `MACH_MSG_TIMEOUT_NONE'. Message Format -------------- A Mach message consists of a fixed size message header, a `mach_msg_header_t', followed by zero or more data items. Data items are typed. Each item has a type descriptor followed by the actual data (or the address of the data, for out-of-line memory regions). The following data types are related to Mach ports: - Data type: mach_port_t The `mach_port_t' data type is an unsigned integer type which represents a port name in the task's port name space. In GNU Mach, this is an `unsigned int'. The following data types are related to Mach messages: - Data type: mach_msg_bits_t The `mach_msg_bits_t' data type is an `unsigned int' used to store various flags for a message. - Data type: mach_msg_size_t The `mach_msg_size_t' data type is an `unsigned int' used to store the size of a message. - Data type: mach_msg_id_t The `mach_msg_id_t' data type is an `integer_t' typically used to convey a function or operation id for the receiver. - Data type: mach_msg_header_t This structure is the start of every message in the Mach IPC system. It has the following members: `mach_msg_bits_t msgh_bits' The `msgh_bits' field has the following bits defined, all other bits should be zero: `MACH_MSGH_BITS_REMOTE_MASK' `MACH_MSGH_BITS_LOCAL_MASK' The remote and local bits encode `mach_msg_type_name_t' values that specify the port rights in the `msgh_remote_port' and `msgh_local_port' fields. The remote value must specify a send or send-once right for the destination of the message. If the local value doesn't specify a send or send-once right for the message's reply port, it must be zero and msgh_local_port must be `MACH_PORT_NULL'. `MACH_MSGH_BITS_COMPLEX' The complex bit must be specified if the message body contains port rights or out-of-line memory regions. If it is not specified, then the message body carries no port rights or memory, no matter what the type descriptors may seem to indicate. `MACH_MSGH_BITS_REMOTE' and `MACH_MSGH_BITS_LOCAL' macros return the appropriate `mach_msg_type_name_t' values, given a `msgh_bits' value. The `MACH_MSGH_BITS' macro constructs a value for `msgh_bits', given two `mach_msg_type_name_t' values. `mach_msg_size_t msgh_size' The `msgh_size' field in the header of a received message contains the message's size. The message size, a byte quantity, includes the message header, type descriptors, and in-line data. For out-of-line memory regions, the message size includes the size of the in-line address, not the size of the actual memory region. There are no arbitrary limits on the size of a Mach message, the number of data items in a message, or the size of the data items. `mach_port_t msgh_remote_port' The `msgh_remote_port' field specifies the destination port of the message. The field must carry a legitimate send or send-once right for a port. `mach_port_t msgh_local_port' The `msgh_local_port' field specifies an auxiliary port right, which is conventionally used as a reply port by the recipient of the message. The field must carry a send right, a send-once right, `MACH_PORT_NULL', or `MACH_PORT_DEAD'. `mach_port_seqno_t msgh_seqno' The `msgh_seqno' field provides a sequence number for the message. It is only valid in received messages; its value in sent messages is overwritten. `mach_msg_id_t msgh_id' The `mach_msg' call doesn't use the `msgh_id' field, but it conventionally conveys an operation or function id. - Macro: mach_msg_bits_t MACH_MSGH_BITS (mach_msg_type_name_t REMOTE, mach_msg_type_name_t LOCAL) This macro composes two `mach_msg_type_name_t' values that specify the port rights in the `msgh_remote_port' and `msgh_local_port' fields of a `mach_msg' call into an appropriate `mach_msg_bits_t' value. - Macro: mach_msg_type_name_t MACH_MSGH_BITS_REMOTE (mach_msg_bits_t BITS) This macro extracts the `mach_msg_type_name_t' value for the remote port right in a `mach_msg_bits_t' value. - Macro: mach_msg_type_name_t MACH_MSGH_BITS_LOCAL (mach_msg_bits_t BITS) This macro extracts the `mach_msg_type_name_t' value for the local port right in a `mach_msg_bits_t' value. - Macro: mach_msg_bits_t MACH_MSGH_BITS_PORTS (mach_msg_bits_t BITS) This macro extracts the `mach_msg_bits_t' component consisting of the `mach_msg_type_name_t' values for the remote and local port right in a `mach_msg_bits_t' value. - Macro: mach_msg_bits_t MACH_MSGH_BITS_OTHER (mach_msg_bits_t BITS) This macro extracts the `mach_msg_bits_t' component consisting of everything except the `mach_msg_type_name_t' values for the remote and local port right in a `mach_msg_bits_t' value. Each data item has a type descriptor, a `mach_msg_type_t' or a `mach_msg_type_long_t'. The `mach_msg_type_long_t' type descriptor allows larger values for some fields. The `msgtl_header' field in the long descriptor is only used for its inline, longform, and deallocate bits. - Data type: mach_msg_type_name_t This is an `unsigned int' and can be used to hold the `msgt_name' component of the `mach_msg_type_t' and `mach_msg_type_long_t' structure. - Data type: mach_msg_type_size_t This is an `unsigned int' and can be used to hold the `msgt_size' component of the `mach_msg_type_t' and `mach_msg_type_long_t' structure. - Data type: mach_msg_type_number_t This is an `natural_t' and can be used to hold the `msgt_number' component of the `mach_msg_type_t' and `mach_msg_type_long_t' structure. - Data type: mach_msg_type_t This structure has the following members: `unsigned int msgt_name : 8' The `msgt_name' field specifies the data's type. The following types are predefined: `MACH_MSG_TYPE_UNSTRUCTURED' `MACH_MSG_TYPE_BIT' `MACH_MSG_TYPE_BOOLEAN' `MACH_MSG_TYPE_INTEGER_16' `MACH_MSG_TYPE_INTEGER_32' `MACH_MSG_TYPE_CHAR' `MACH_MSG_TYPE_BYTE' `MACH_MSG_TYPE_INTEGER_8' `MACH_MSG_TYPE_REAL' `MACH_MSG_TYPE_STRING' `MACH_MSG_TYPE_STRING_C' `MACH_MSG_TYPE_PORT_NAME' The following predefined types specify port rights, and receive special treatment. The next section discusses these types in detail. The type `MACH_MSG_TYPE_PORT_NAME' describes port right names, when no rights are being transferred, but just names. For this purpose, it should be used in preference to `MACH_MSG_TYPE_INTEGER_32'. `MACH_MSG_TYPE_MOVE_RECEIVE' `MACH_MSG_TYPE_MOVE_SEND' `MACH_MSG_TYPE_MOVE_SEND_ONCE' `MACH_MSG_TYPE_COPY_SEND' `MACH_MSG_TYPE_MAKE_SEND' `MACH_MSG_TYPE_MAKE_SEND_ONCE' `msgt_size : 8' The `msgt_size' field specifies the size of each datum, in bits. For example, the msgt_size of `MACH_MSG_TYPE_INTEGER_32' data is 32. `msgt_number : 12' The `msgt_number' field specifies how many data elements comprise the data item. Zero is a legitimate number. The total length specified by a type descriptor is `(msgt_size * msgt_number)', rounded up to an integral number of bytes. In-line data is then padded to an integral number of long-words. This ensures that type descriptors always start on long-word boundaries. It implies that message sizes are always an integral multiple of a long-word's size. `msgt_inline : 1' The `msgt_inline' bit specifies, when `FALSE', that the data actually resides in an out-of-line region. The address of the memory region (a `vm_offset_t' or `vm_address_t') follows the type descriptor in the message body. The `msgt_name', `msgt_size', and `msgt_number' fields describe the memory region, not the address. `msgt_longform : 1' The `msgt_longform' bit specifies, when `TRUE', that this type descriptor is a `mach_msg_type_long_t' instead of a `mach_msg_type_t'. The `msgt_name', `msgt_size', and `msgt_number' fields should be zero. Instead, `mach_msg' uses the following `msgtl_name', `msgtl_size', and `msgtl_number' fields. `msgt_deallocate : 1' The `msgt_deallocate' bit is used with out-of-line regions. When `TRUE', it specifies that the memory region should be deallocated from the sender's address space (as if with `vm_deallocate') when the message is sent. `msgt_unused : 1' The `msgt_unused' bit should be zero. - Macro: boolean_t MACH_MSG_TYPE_PORT_ANY (mach_msg_type_name_t type) This macro returns `TRUE' if the given type name specifies a port type, otherwise it returns `FALSE'. - Macro: boolean_t MACH_MSG_TYPE_PORT_ANY_SEND (mach_msg_type_name_t type) This macro returns `TRUE' if the given type name specifies a port type with a send or send-once right, otherwise it returns `FALSE'. - Macro: boolean_t MACH_MSG_TYPE_PORT_ANY_RIGHT (mach_msg_type_name_t type) This macro returns `TRUE' if the given type name specifies a port right type which is moved, otherwise it returns `FALSE'. - Data type: mach_msg_type_long_t This structure has the following members: `mach_msg_type_t msgtl_header' Same meaning as `msgt_header'. `unsigned short msgtl_name' Same meaning as `msgt_name'. `unsigned short msgtl_size' Same meaning as `msgt_size'. `unsigned int msgtl_number' Same meaning as `msgt_number'. Exchanging Port Rights ---------------------- Each task has its own space of port rights. Port rights are named with positive integers. Except for the reserved values `MACH_PORT_NULL (0)'(1) and `MACH_PORT_DEAD (~0)', this is a full 32-bit name space. When the kernel chooses a name for a new right, it is free to pick any unused name (one which denotes no right) in the space. There are five basic kinds of rights: receive rights, send rights, send-once rights, port-set rights, and dead names. Dead names are not capabilities. They act as place-holders to prevent a name from being otherwise used. A port is destroyed, or dies, when its receive right is deallocated. When a port dies, send and send-once rights for the port turn into dead names. Any messages queued at the port are destroyed, which deallocates the port rights and out-of-line memory in the messages. Tasks may hold multiple user-references for send rights and dead names. When a task receives a send right which it already holds, the kernel increments the right's user-reference count. When a task deallocates a send right, the kernel decrements its user-reference count, and the task only loses the send right when the count goes to zero. Send-once rights always have a user-reference count of one, although a port can have multiple send-once rights, because each send-once right held by a task has a different name. In contrast, when a task holds send rights or a receive right for a port, the rights share a single name. A message body can carry port rights; the `msgt_name' (`msgtl_name') field in a type descriptor specifies the type of port right and how the port right is to be extracted from the caller. The values `MACH_PORT_NULL' and `MACH_PORT_DEAD' are always valid in place of a port right in a message body. In a sent message, the following `msgt_name' values denote port rights: `MACH_MSG_TYPE_MAKE_SEND' The message will carry a send right, but the caller must supply a receive right. The send right is created from the receive right, and the receive right's make-send count is incremented. `MACH_MSG_TYPE_COPY_SEND' The message will carry a send right, and the caller should supply a send right. The user reference count for the supplied send right is not changed. The caller may also supply a dead name and the receiving task will get `MACH_PORT_DEAD'. `MACH_MSG_TYPE_MOVE_SEND' The message will carry a send right, and the caller should supply a send right. The user reference count for the supplied send right is decremented, and the right is destroyed if the count becomes zero. Unless a receive right remains, the name becomes available for recycling. The caller may also supply a dead name, which loses a user reference, and the receiving task will get `MACH_PORT_DEAD'. `MACH_MSG_TYPE_MAKE_SEND_ONCE' The message will carry a send-once right, but the caller must supply a receive right. The send-once right is created from the receive right. `MACH_MSG_TYPE_MOVE_SEND_ONCE' The message will carry a send-once right, and the caller should supply a send-once right. The caller loses the supplied send-once right. The caller may also supply a dead name, which loses a user reference, and the receiving task will get `MACH_PORT_DEAD'. `MACH_MSG_TYPE_MOVE_RECEIVE' The message will carry a receive right, and the caller should supply a receive right. The caller loses the supplied receive right, but retains any send rights with the same name. If a message carries a send or send-once right, and the port dies while the message is in transit, then the receiving task will get `MACH_PORT_DEAD' instead of a right. The following `msgt_name' values in a received message indicate that it carries port rights: `MACH_MSG_TYPE_PORT_SEND' This name is an alias for `MACH_MSG_TYPE_MOVE_SEND'. The message carried a send right. If the receiving task already has send and/or receive rights for the port, then that name for the port will be reused. Otherwise, the new right will have a new name. If the task already has send rights, it gains a user reference for the right (unless this would cause the user-reference count to overflow). Otherwise, it acquires the send right, with a user-reference count of one. `MACH_MSG_TYPE_PORT_SEND_ONCE' This name is an alias for `MACH_MSG_TYPE_MOVE_SEND_ONCE'. The message carried a send-once right. The right will have a new name. `MACH_MSG_TYPE_PORT_RECEIVE' This name is an alias for `MACH_MSG_TYPE_MOVE_RECEIVE'. The message carried a receive right. If the receiving task already has send rights for the port, then that name for the port will be reused. Otherwise, the right will have a new name. The make-send count of the receive right is reset to zero, but the port retains other attributes like queued messages, extant send and send-once rights, and requests for port-destroyed and no-senders notifications. When the kernel chooses a new name for a port right, it can choose any name, other than `MACH_PORT_NULL' and `MACH_PORT_DEAD', which is not currently being used for a port right or dead name. It might choose a name which at some previous time denoted a port right, but is currently unused. ---------- Footnotes ---------- (1) In the Hurd system, we don't make the assumption that `MACH_PORT_NULL' is zero and evaluates to false, but rather compare port names to `MACH_PORT_NULL' explicitely Memory ------ A message body can contain the address of a region in the sender's address space which should be transferred as part of the message. The message carries a logical copy of the memory, but the kernel uses VM techniques to defer any actual page copies. Unless the sender or the receiver modifies the data, the physical pages remain shared. An out-of-line transfer occurs when the data's type descriptor specifies `msgt_inline' as `FALSE'. The address of the memory region (a `vm_offset_t' or `vm_address_t') should follow the type descriptor in the message body. The type descriptor and the address contribute to the message's size (`send_size', `msgh_size'). The out-of-line data does not contribute to the message's size. The name, size, and number fields in the type descriptor describe the type and length of the out-of-line data, not the in-line address. Out-of-line memory frequently requires long type descriptors (`mach_msg_type_long_t'), because the `msgt_number' field is too small to describe a page of 4K bytes. Out-of-line memory arrives somewhere in the receiver's address space as new memory. It has the same inheritance and protection attributes as newly `vm_allocate''d memory. The receiver has the responsibility of deallocating (with `vm_deallocate') the memory when it is no longer needed. Security-conscious receivers should exercise caution when using out-of-line memory from untrustworthy sources, because the memory may be backed by an unreliable memory manager. Null out-of-line memory is legal. If the out-of-line region size is zero (for example, because `msgtl_number' is zero), then the region's specified address is ignored. A received null out-of-line memory region always has a zero address. Unaligned addresses and region sizes that are not page multiples are legal. A received message can also contain memory with unaligned addresses and funny sizes. In the general case, the first and last pages in the new memory region in the receiver do not contain only data from the sender, but are partly zero.(1) The received address points to the start of the data in the first page. This possibility doesn't complicate deallocation, because `vm_deallocate' does the right thing, rounding the start address down and the end address up to deallocate all arrived pages. Out-of-line memory has a deallocate option, controlled by the `msgt_deallocate' bit. If it is `TRUE' and the out-of-line memory region is not null, then the region is implicitly deallocated from the sender, as if by `vm_deallocate'. In particular, the start and end addresses are rounded so that every page overlapped by the memory region is deallocated. The use of `msgt_deallocate' effectively changes the memory copy into a memory movement. In a received message, `msgt_deallocate' is `TRUE' in type descriptors for out-of-line memory. Out-of-line memory can carry port rights. ---------- Footnotes ---------- (1) Sending out-of-line memory with a non-page-aligned address, or a size which is not a page multiple, works but with a caveat. The extra bytes in the first and last page of the received memory are not zeroed, so the receiver can peek at more data than the sender intended to transfer. This might be a security problem for the sender. Message Send ------------ The send operation queues a message to a port. The message carries a copy of the caller's data. After the send, the caller can freely modify the message buffer or the out-of-line memory regions and the message contents will remain unchanged. Message delivery is reliable and sequenced. Messages are not lost, and messages sent to a port, from a single thread, are received in the order in which they were sent. If the destination port's queue is full, then several things can happen. If the message is sent to a send-once right (`msgh_remote_port' carries a send-once right), then the kernel ignores the queue limit and delivers the message. Otherwise the caller blocks until there is room in the queue, unless the `MACH_SEND_TIMEOUT' or `MACH_SEND_NOTIFY' options are used. If a port has several blocked senders, then any of them may queue the next message when space in the queue becomes available, with the proviso that a blocked sender will not be indefinitely starved. These options modify `MACH_SEND_MSG'. If `MACH_SEND_MSG' is not also specified, they are ignored. `MACH_SEND_TIMEOUT' The timeout argument should specify a maximum time (in milliseconds) for the call to block before giving up.(1) If the message can't be queued before the timeout interval elapses, then the call returns `MACH_SEND_TIMED_OUT'. A zero timeout is legitimate. `MACH_SEND_NOTIFY' The notify argument should specify a receive right for a notify port. If the send were to block, then instead the message is queued, `MACH_SEND_WILL_NOTIFY' is returned, and a msg-accepted notification is requested. If `MACH_SEND_TIMEOUT' is also specified, then `MACH_SEND_NOTIFY' doesn't take effect until the timeout interval elapses. With `MACH_SEND_NOTIFY', a task can forcibly queue to a send right one message at a time. A msg-accepted notification is sent to the the notify port when another message can be forcibly queued. If an attempt is made to use `MACH_SEND_NOTIFY' before then, the call returns a `MACH_SEND_NOTIFY_IN_PROGRESS' error. The msg-accepted notification carries the name of the send right. If the send right is deallocated before the msg-accepted notification is generated, then the msg-accepted notification carries the value `MACH_PORT_NULL'. If the destination port is destroyed before the notification is generated, then a send-once notification is generated instead. `MACH_SEND_INTERRUPT' If specified, the `mach_msg' call will return `MACH_SEND_INTERRUPTED' if a software interrupt aborts the call. Otherwise, the send operation will be retried. `MACH_SEND_CANCEL' The notify argument should specify a receive right for a notify port. If the send operation removes the destination port right from the caller, and the removed right had a dead-name request registered for it, and notify is the notify port for the dead-name request, then the dead-name request may be silently canceled (instead of resulting in a port-deleted notification). This option is typically used to cancel a dead-name request made with the `MACH_RCV_NOTIFY' option. It should only be used as an optimization. The send operation can generate the following return codes. These return codes imply that the call did nothing: `MACH_SEND_MSG_TOO_SMALL' The specified send_size was smaller than the minimum size for a message. `MACH_SEND_NO_BUFFER' A resource shortage prevented the kernel from allocating a message buffer. `MACH_SEND_INVALID_DATA' The supplied message buffer was not readable. `MACH_SEND_INVALID_HEADER' The `msgh_bits' value was invalid. `MACH_SEND_INVALID_DEST' The `msgh_remote_port' value was invalid. `MACH_SEND_INVALID_REPLY' The `msgh_local_port' value was invalid. `MACH_SEND_INVALID_NOTIFY' When using `MACH_SEND_CANCEL', the notify argument did not denote a valid receive right. These return codes imply that some or all of the message was destroyed: `MACH_SEND_INVALID_MEMORY' The message body specified out-of-line data that was not readable. `MACH_SEND_INVALID_RIGHT' The message body specified a port right which the caller didn't possess. `MACH_SEND_INVALID_TYPE' A type descriptor was invalid. `MACH_SEND_MSG_TOO_SMALL' The last data item in the message ran over the end of the message. These return codes imply that the message was returned to the caller with a pseudo-receive operation: `MACH_SEND_TIMED_OUT' The timeout interval expired. `MACH_SEND_INTERRUPTED' A software interrupt occurred. `MACH_SEND_INVALID_NOTIFY' When using `MACH_SEND_NOTIFY', the notify argument did not denote a valid receive right. `MACH_SEND_NO_NOTIFY' A resource shortage prevented the kernel from setting up a msg-accepted notification. `MACH_SEND_NOTIFY_IN_PROGRESS' A msg-accepted notification was already requested, and hasn't yet been generated. These return codes imply that the message was queued: `MACH_SEND_WILL_NOTIFY' The message was forcibly queued, and a msg-accepted notification was requested. `MACH_MSG_SUCCESS' The message was queued. Some return codes, like `MACH_SEND_TIMED_OUT', imply that the message was almost sent, but could not be queued. In these situations, the kernel tries to return the message contents to the caller with a pseudo-receive operation. This prevents the loss of port rights or memory which only exist in the message. For example, a receive right which was moved into the message, or out-of-line memory sent with the deallocate bit. The pseudo-receive operation is very similar to a normal receive operation. The pseudo-receive handles the port rights in the message header as if they were in the message body. They are not reversed. After the pseudo-receive, the message is ready to be resent. If the message is not resent, note that out-of-line memory regions may have moved and some port rights may have changed names. The pseudo-receive operation may encounter resource shortages. This is similar to a `MACH_RCV_BODY_ERROR' return code from a receive operation. When this happens, the normal send return codes are augmented with the `MACH_MSG_IPC_SPACE', `MACH_MSG_VM_SPACE', `MACH_MSG_IPC_KERNEL', and `MACH_MSG_VM_KERNEL' bits to indicate the nature of the resource shortage. The queueing of a message carrying receive rights may create a circular loop of receive rights and messages, which can never be received. For example, a message carrying a receive right can be sent to that receive right. This situation is not an error, but the kernel will garbage-collect such loops, destroying the messages and ports involved. ---------- Footnotes ---------- (1) If MACH_SEND_TIMEOUT is used without MACH_SEND_INTERRUPT, then the timeout duration might not be accurate. When the call is interrupted and automatically retried, the original timeout is used. If interrupts occur frequently enough, the timeout interval might never expire. Message Receive --------------- The receive operation dequeues a message from a port. The receiving task acquires the port rights and out-of-line memory regions carried in the message. The `rcv_name' argument specifies a port or port set from which to receive. If a port is specified, the caller must possess the receive right for the port and the port must not be a member of a port set. If no message is present, then the call blocks, subject to the `MACH_RCV_TIMEOUT' option. If a port set is specified, the call will receive a message sent to any of the member ports. It is permissible for the port set to have no member ports, and ports may be added and removed while a receive from the port set is in progress. The received message can come from any of the member ports which have messages, with the proviso that a member port with messages will not be indefinitely starved. The `msgh_local_port' field in the received message header specifies from which port in the port set the message came. The `rcv_size' argument specifies the size of the caller's message buffer. The `mach_msg' call will not receive a message larger than `rcv_size'. Messages that are too large are destroyed, unless the `MACH_RCV_LARGE' option is used. The destination and reply ports are reversed in a received message header. The `msgh_local_port' field names the destination port, from which the message was received, and the `msgh_remote_port' field names the reply port right. The bits in `msgh_bits' are also reversed. The `MACH_MSGH_BITS_LOCAL' bits have the value `MACH_MSG_TYPE_PORT_SEND' if the message was sent to a send right, and the value `MACH_MSG_TYPE_PORT_SEND_ONCE' if was sent to a send-once right. The `MACH_MSGH_BITS_REMOTE' bits describe the reply port right. A received message can contain port rights and out-of-line memory. The `msgh_local_port' field does not receive a port right; the act of receiving the message destroys the send or send-once right for the destination port. The msgh_remote_port field does name a received port right, the reply port right, and the message body can carry port rights and memory if `MACH_MSGH_BITS_COMPLEX' is present in msgh_bits. Received port rights and memory should be consumed or deallocated in some fashion. In almost all cases, `msgh_local_port' will specify the name of a receive right, either `rcv_name' or if `rcv_name' is a port set, a member of `rcv_name'. If other threads are concurrently manipulating the receive right, the situation is more complicated. If the receive right is renamed during the call, then `msgh_local_port' specifies the right's new name. If the caller loses the receive right after the message was dequeued from it, then `mach_msg' will proceed instead of returning `MACH_RCV_PORT_DIED'. If the receive right was destroyed, then `msgh_local_port' specifies `MACH_PORT_DEAD'. If the receive right still exists, but isn't held by the caller, then `msgh_local_port' specifies `MACH_PORT_NULL'. Received messages are stamped with a sequence number, taken from the port from which the message was received. (Messages received from a port set are stamped with a sequence number from the appropriate member port.) Newly created ports start with a zero sequence number, and the sequence number is reset to zero whenever the port's receive right moves between tasks. When a message is dequeued from the port, it is stamped with the port's sequence number and the port's sequence number is then incremented. The dequeue and increment operations are atomic, so that multiple threads receiving messages from a port can use the `msgh_seqno' field to reconstruct the original order of the messages. These options modify `MACH_RCV_MSG'. If `MACH_RCV_MSG' is not also specified, they are ignored. `MACH_RCV_TIMEOUT' The timeout argument should specify a maximum time (in milliseconds) for the call to block before giving up.(1) If no message arrives before the timeout interval elapses, then the call returns `MACH_RCV_TIMED_OUT'. A zero timeout is legitimate. `MACH_RCV_NOTIFY' The notify argument should specify a receive right for a notify port. If receiving the reply port creates a new port right in the caller, then the notify port is used to request a dead-name notification for the new port right. `MACH_RCV_INTERRUPT' If specified, the `mach_msg' call will return `MACH_RCV_INTERRUPTED' if a software interrupt aborts the call. Otherwise, the receive operation will be retried. `MACH_RCV_LARGE' If the message is larger than `rcv_size', then the message remains queued instead of being destroyed. The call returns `MACH_RCV_TOO_LARGE' and the actual size of the message is returned in the `msgh_size' field of the message header. The receive operation can generate the following return codes. These return codes imply that the call did not dequeue a message: `MACH_RCV_INVALID_NAME' The specified `rcv_name' was invalid. `MACH_RCV_IN_SET' The specified port was a member of a port set. `MACH_RCV_TIMED_OUT' The timeout interval expired. `MACH_RCV_INTERRUPTED' A software interrupt occurred. `MACH_RCV_PORT_DIED' The caller lost the rights specified by `rcv_name'. `MACH_RCV_PORT_CHANGED' `rcv_name' specified a receive right which was moved into a port set during the call. `MACH_RCV_TOO_LARGE' When using `MACH_RCV_LARGE', and the message was larger than `rcv_size'. The message is left queued, and its actual size is returned in the `msgh_size' field of the message buffer. These return codes imply that a message was dequeued and destroyed: `MACH_RCV_HEADER_ERROR' A resource shortage prevented the reception of the port rights in the message header. `MACH_RCV_INVALID_NOTIFY' When using `MACH_RCV_NOTIFY', the notify argument did not denote a valid receive right. `MACH_RCV_TOO_LARGE' When not using `MACH_RCV_LARGE', a message larger than `rcv_size' was dequeued and destroyed. In these situations, when a message is dequeued and then destroyed, the reply port and all port rights and memory in the message body are destroyed. However, the caller receives the message's header, with all fields correct, including the destination port but excepting the reply port, which is `MACH_PORT_NULL'. These return codes imply that a message was received: `MACH_RCV_BODY_ERROR' A resource shortage prevented the reception of a port right or out-of-line memory region in the message body. The message header, including the reply port, is correct. The kernel attempts to transfer all port rights and memory regions in the body, and only destroys those that can't be transferred. `MACH_RCV_INVALID_DATA' The specified message buffer was not writable. The calling task did successfully receive the port rights and out-of-line memory regions in the message. `MACH_MSG_SUCCESS' A message was received. Resource shortages can occur after a message is dequeued, while transferring port rights and out-of-line memory regions to the receiving task. The `mach_msg' call returns `MACH_RCV_HEADER_ERROR' or `MACH_RCV_BODY_ERROR' in this situation. These return codes always carry extra bits (bitwise-ored) that indicate the nature of the resource shortage: `MACH_MSG_IPC_SPACE' There was no room in the task's IPC name space for another port name. `MACH_MSG_VM_SPACE' There was no room in the task's VM address space for an out-of-line memory region. `MACH_MSG_IPC_KERNEL' A kernel resource shortage prevented the reception of a port right. `MACH_MSG_VM_KERNEL' A kernel resource shortage prevented the reception of an out-of-line memory region. If a resource shortage prevents the reception of a port right, the port right is destroyed and the caller sees the name `MACH_PORT_NULL'. If a resource shortage prevents the reception of an out-of-line memory region, the region is destroyed and the caller receives a zero address. In addition, the `msgt_size' (`msgtl_size') field in the data's type descriptor is changed to zero. If a resource shortage prevents the reception of out-of-line memory carrying port rights, then the port rights are always destroyed if the memory region can not be received. A task never receives port rights or memory regions that it isn't told about. ---------- Footnotes ---------- (1) If MACH_RCV_TIMEOUT is used without MACH_RCV_INTERRUPT, then the timeout duration might not be accurate. When the call is interrupted and automatically retried, the original timeout is used. If interrupts occur frequently enough, the timeout interval might never expire. Atomicity --------- The `mach_msg' call handles port rights in a message header atomically. Port rights and out-of-line memory in a message body do not enjoy this atomicity guarantee. The message body may be processed front-to-back, back-to-front, first out-of-line memory then port rights, in some random order, or even atomically. For example, consider sending a message with the destination port specified as `MACH_MSG_TYPE_MOVE_SEND' and the reply port specified as `MACH_MSG_TYPE_COPY_SEND'. The same send right, with one user-reference, is supplied for both the `msgh_remote_port' and `msgh_local_port' fields. Because `mach_msg' processes the message header atomically, this succeeds. If `msgh_remote_port' were processed before `msgh_local_port', then `mach_msg' would return `MACH_SEND_INVALID_REPLY' in this situation. On the other hand, suppose the destination and reply port are both specified as `MACH_MSG_TYPE_MOVE_SEND', and again the same send right with one user-reference is supplied for both. Now the send operation fails, but because it processes the header atomically, mach_msg can return either `MACH_SEND_INVALID_DEST' or `MACH_SEND_INVALID_REPLY'. For example, consider receiving a message at the same time another thread is deallocating the destination receive right. Suppose the reply port field carries a send right for the destination port. If the deallocation happens before the dequeuing, then the receiver gets `MACH_RCV_PORT_DIED'. If the deallocation happens after the receive, then the `msgh_local_port' and the `msgh_remote_port' fields both specify the same right, which becomes a dead name when the receive right is deallocated. If the deallocation happens between the dequeue and the receive, then the `msgh_local_port' and `msgh_remote_port' fields both specify `MACH_PORT_DEAD'. Because the header is processed atomically, it is not possible for just one of the two fields to hold `MACH_PORT_DEAD'. The `MACH_RCV_NOTIFY' option provides a more likely example. Suppose a message carrying a send-once right reply port is received with `MACH_RCV_NOTIFY' at the same time the reply port is destroyed. If the reply port is destroyed first, then `msgh_remote_port' specifies `MACH_PORT_DEAD' and the kernel does not generate a dead-name notification. If the reply port is destroyed after it is received, then `msgh_remote_port' specifies a dead name for which the kernel generates a dead-name notification. It is not possible to receive the reply port right and have it turn into a dead name before the dead-name notification is requested; as part of the message header the reply port is received atomically. Port Manipulation Interface =========================== This section describes the interface to create, destroy and manipulate ports and port sets. Port Creation ------------- - Function: kern_return_t mach_port_allocate (mach_port_t TASK, mach_port_right_t RIGHT, mach_port_t *NAME) The `mach_port_allocate' function creates a new right in the specified task. The new right's name is returned in NAME, which may be any name that wasn't in use. The RIGHT argument takes the following values: `MACH_PORT_RIGHT_RECEIVE' `mach_port_allocate' creates a port. The new port is not a member of any port set. It doesn't have any extant send or send-once rights. Its make-send count is zero, its sequence number is zero, its queue limit is `MACH_PORT_QLIMIT_DEFAULT', and it has no queued messages. NAME denotes the receive right for the new port. TASK does not hold send rights for the new port, only the receive right. `mach_port_insert_right' and `mach_port_extract_right' can be used to convert the receive right into a combined send/receive right. `MACH_PORT_RIGHT_PORT_SET' `mach_port_allocate' creates a port set. The new port set has no members. `MACH_PORT_RIGHT_DEAD_NAME' `mach_port_allocate' creates a dead name. The new dead name has one user reference. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if RIGHT was invalid, `KERN_NO_SPACE' if there was no room in TASK's IPC name space for another right and `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_allocate' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: mach_port_t mach_reply_port () The `mach_reply_port' system call creates a reply port in the calling task. `mach_reply_port' creates a port, giving the calling task the receive right for the port. The call returns the name of the new receive right. This is very much like creating a receive right with the `mach_port_allocate' call, with two differences. First, `mach_reply_port' is a system call and not an RPC (which requires a reply port). Second, the port created by `mach_reply_port' may be optimized for use as a reply port. The function returns `MACH_PORT_NULL' if a resource shortage prevented the creation of the receive right. - Function: kern_return_t mach_port_allocate_name (mach_port_t TASK, mach_port_right_t RIGHT, mach_port_t NAME) The function `mach_port_allocate_name' creates a new right in the specified task, with a specified name for the new right. NAME must not already be in use for some right, and it can't be the reserved values `MACH_PORT_NULL' and `MACH_PORT_DEAD'. The RIGHT argument takes the following values: `MACH_PORT_RIGHT_RECEIVE' `mach_port_allocate_name' creates a port. The new port is not a member of any port set. It doesn't have any extant send or send-once rights. Its make-send count is zero, its sequence number is zero, its queue limit is `MACH_PORT_QLIMIT_DEFAULT', and it has no queued messages. NAME denotes the receive right for the new port. TASK does not hold send rights for the new port, only the receive right. `mach_port_insert_right' and `mach_port_extract_right' can be used to convert the receive right into a combined send/receive right. `MACH_PORT_RIGHT_PORT_SET' `mach_port_allocate_name' creates a port set. The new port set has no members. `MACH_PORT_RIGHT_DEAD_NAME' `mach_port_allocate_name' creates a new dead name. The new dead name has one user reference. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if RIGHT was invalid or NAME was `MACH_PORT_NULL' or `MACH_PORT_DEAD', `KERN_NAME_EXISTS' if NAME was already in use for a port right and `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_allocate_name' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Port Destruction ---------------- - Function: kern_return_t mach_port_deallocate (mach_port_t TASK, mach_port_t NAME) The function `mach_port_deallocate' releases a user reference for a right in TASK's IPC name space. It allows a task to release a user reference for a send or send-once right without failing if the port has died and the right is now actually a dead name. If NAME denotes a dead name, send right, or send-once right, then the right loses one user reference. If it only had one user reference, then the right is destroyed. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right and `KERN_INVALID_RIGHT' if NAME denoted an invalid right. The `mach_port_deallocate' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_destroy (mach_port_t TASK, mach_port_t NAME) The function `mach_port_destroy' deallocates all rights denoted by a name. The name becomes immediately available for reuse. For most purposes, `mach_port_mod_refs' and `mach_port_deallocate' are preferable. If NAME denotes a port set, then all members of the port set are implicitly removed from the port set. If NAME denotes a receive right that is a member of a port set, the receive right is implicitly removed from the port set. If there is a port-destroyed request registered for the port, then the receive right is not actually destroyed, but instead is sent in a port-destroyed notification to the backup port. If there is no registered port-destroyed request, remaining messages queued to the port are destroyed and extant send and send-once rights turn into dead names. If those send and send-once rights have dead-name requests registered, then dead-name notifications are generated for them. If NAME denotes a send-once right, then the send-once right is used to produce a send-once notification for the port. If NAME denotes a send-once, send, and/or receive right, and it has a dead-name request registered, then the registered send-once right is used to produce a port-deleted notification for the name. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right. The `mach_port_destroy' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Port Names ---------- - Function: kern_return_t mach_port_names (mach_port_t TASK, mach_port_name_array_t *NAMES, mach_msg_type_number_t *NCOUNT, mach_port_type_array_t *TYPES, mach_msg_type_number_t *TCOUNT) The function `mach_port_names' returns information about TASK's port name space. For each name, it also returns what type of rights TASK holds. (The same information returned by `mach_port_type'.) NAMES and TYPES are arrays that are automatically allocated when the reply message is received. The user should `vm_deallocate' them when the data is no longer needed. `mach_port_names' will return in NAMES the names of the ports, port sets, and dead names in the task's port name space, in no particular order and in NCOUNT the number of names returned. It will return in TYPES the type of each corresponding name, which indicates what kind of rights the task holds with that name. TCOUNT should be the same as NCOUNT. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_names' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_type (mach_port_t TASK, mach_port_t NAME, mach_port_type_t *PTYPE) The function `mach_port_type' returns information about TASK's rights for a specific name in its port name space. The returned PTYPE is a bitmask indicating what rights TASK holds for the port, port set or dead name. The bitmask is composed of the following bits: `MACH_PORT_TYPE_SEND' The name denotes a send right. `MACH_PORT_TYPE_RECEIVE' The name denotes a receive right. `MACH_PORT_TYPE_SEND_ONCE' The name denotes a send-once right. `MACH_PORT_TYPE_PORT_SET' The name denotes a port set. `MACH_PORT_TYPE_DEAD_NAME' The name is a dead name. `MACH_PORT_TYPE_DNREQUEST' A dead-name request has been registered for the right. `MACH_PORT_TYPE_MAREQUEST' A msg-accepted request for the right is pending. `MACH_PORT_TYPE_COMPAT' The port right was created in the compatibility mode. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid and `KERN_INVALID_NAME' if NAME did not denote a right. The `mach_port_type' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_rename (mach_port_t TASK, mach_port_t OLD_NAME, mach_port_t NEW_NAME) The function `mach_port_rename' changes the name by which a port, port set, or dead name is known to TASK. OLD_NAME is the original name and NEW_NAME the new name for the port right. NEW_NAME must not already be in use, and it can't be the distinguished values `MACH_PORT_NULL' and `MACH_PORT_DEAD'. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if OLD_NAME did not denote a right, `KERN_INVALID_VALUE' if NEW_NAME was `MACH_PORT_NULL' or `MACH_PORT_DEAD', `KERN_NAME_EXISTS' if `new_name' already denoted a right and `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_rename' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Port Rights ----------- - Function: kern_return_t mach_port_get_refs (mach_port_t TASK, mach_port_t NAME, mach_port_right_t RIGHT, mach_port_urefs_t *REFS) The function `mach_port_get_refs' returns the number of user references a task has for a right. The RIGHT argument takes the following values: * `MACH_PORT_RIGHT_SEND' * `MACH_PORT_RIGHT_RECEIVE' * `MACH_PORT_RIGHT_SEND_ONCE' * `MACH_PORT_RIGHT_PORT_SET' * `MACH_PORT_RIGHT_DEAD_NAME' If NAME denotes a right, but not the type of right specified, then zero is returned. Otherwise a positive number of user references is returned. Note that a name may simultaneously denote send and receive rights. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if RIGHT was invalid and `KERN_INVALID_NAME' if NAME did not denote a right. The `mach_port_get_refs' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_mod_refs (mach_port_t TASK, mach_port_t NAME, mach_port_right_t RIGHT, mach_port_delta_t DELTA) The function `mach_port_mod_refs' requests that the number of user references a task has for a right be changed. This results in the right being destroyed, if the number of user references is changed to zero. The task holding the right is TASK, NAME should denote the specified right. RIGHT denotes the type of right being modified. DELTA is the signed change to the number of user references. The RIGHT argument takes the following values: * `MACH_PORT_RIGHT_SEND' * `MACH_PORT_RIGHT_RECEIVE' * `MACH_PORT_RIGHT_SEND_ONCE' * `MACH_PORT_RIGHT_PORT_SET' * `MACH_PORT_RIGHT_DEAD_NAME' The number of user references for the right is changed by the amount DELTA, subject to the following restrictions: port sets, receive rights, and send-once rights may only have one user reference. The resulting number of user references can't be negative. If the resulting number of user references is zero, the effect is to deallocate the right. For dead names and send rights, there is an implementation-defined maximum number of user references. If the call destroys the right, then the effect is as described for `mach_port_destroy', with the exception that `mach_port_destroy' simultaneously destroys all the rights denoted by a name, while `mach_port_mod_refs' can only destroy one right. The name will be available for reuse if it only denoted the one right. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if RIGHT was invalid or the user-reference count would become negative, `KERN_INVALID_NAME' if NAME did not denote a right, `KERN_INVALID_RIGHT' if NAME denoted a right, but not the specified right and `KERN_UREFS_OVERFLOW' if the user-reference count would overflow. The `mach_port_mod_refs' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Ports and other Tasks --------------------- - Function: kern_return_t mach_port_insert_right (mach_port_t TASK, mach_port_t NAME, mach_port_t RIGHT, mach_msg_type_name_t RIGHT_TYPE) The function MACH_PORT_INSERT_RIGHT inserts into TASK the caller's right for a port, using a specified name for the right in the target task. The specified NAME can't be one of the reserved values `MACH_PORT_NULL' or `MACH_PORT_DEAD'. The RIGHT can't be `MACH_PORT_NULL' or `MACH_PORT_DEAD'. The argument RIGHT_TYPE specifies a right to be inserted and how that right should be extracted from the caller. It should be a value appropriate for MSGT_NAME; see `mach_msg'. If RIGHT_TYPE is `MACH_MSG_TYPE_MAKE_SEND', `MACH_MSG_TYPE_MOVE_SEND', or `MACH_MSG_TYPE_COPY_SEND', then a send right is inserted. If the target already holds send or receive rights for the port, then NAME should denote those rights in the target. Otherwise, NAME should be unused in the target. If the target already has send rights, then those send rights gain an additional user reference. Otherwise, the target gains a send right, with a user reference count of one. If RIGHT_TYPE is `MACH_MSG_TYPE_MAKE_SEND_ONCE' or `MACH_MSG_TYPE_MOVE_SEND_ONCE', then a send-once right is inserted. The name should be unused in the target. The target gains a send-once right. If RIGHT_TYPE is `MACH_MSG_TYPE_MOVE_RECEIVE', then a receive right is inserted. If the target already holds send rights for the port, then name should denote those rights in the target. Otherwise, name should be unused in the target. The receive right is moved into the target task. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if RIGHT was not a port right or NAME was `MACH_PORT_NULL' or `MACH_PORT_DEAD', `KERN_NAME_EXISTS' if NAME already denoted a right, `KERN_INVALID_CAPABILITY' if RIGHT was `MACH_PORT_NULL' or `MACH_PORT_DEAD' `KERN_RIGHT_EXISTS' if TASK already had rights for the port, with a different name, `KERN_UREFS_OVERFLOW' if the user-reference count would overflow and `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_insert_right' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_extract_right (mach_port_t TASK, mach_port_t NAME, mach_msg_type_name_t DESIRED_TYPE, mach_port_t *RIGHT, mach_msg_type_name_t *ACQUIRED_TYPE) The function MACH_PORT_EXTRACT_RIGHT extracts a port right from the target TASK and returns it to the caller as if the task sent the right voluntarily, using DESIRED_TYPE as the value of MSGT_NAME. See `mach_msg'. The returned value of ACQUIRED_TYPE will be `MACH_MSG_TYPE_PORT_SEND' if a send right is extracted, `MACH_MSG_TYPE_PORT_RECEIVE' if a receive right is extracted, and `MACH_MSG_TYPE_PORT_SEND_ONCE' if a send-once right is extracted. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right, `KERN_INVALID_RIGHT' if NAME denoted a right, but an invalid one, `KERN_INVALID_VALUE' if DESIRED_TYPE was invalid. The `mach_port_extract_right' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Receive Rights -------------- - Data type: mach_port_seqno_t The `mach_port_seqno_t' data type is an `unsigned int' which contains the sequence number of a port. - Data type: mach_port_mscount_t The `mach_port_mscount_t' data type is an `unsigned int' which contains the make-send count for a port. - Data type: mach_port_msgcount_t The `mach_port_msgcount_t' data type is an `unsigned int' which contains a number of messages. - Data type: mach_port_rights_t The `mach_port_rights_t' data type is an `unsigned int' which contains a number of rights for a port. - Data type: mach_port_status_t This structure contains some status information about a port, which can be queried with `mach_port_get_receive_status'. It has the following members: `mach_port_t mps_pset' The containing port set. `mach_port_seqno_t mps_seqno' The sequence number. `mach_port_mscount_t mps_mscount' The make-send count. `mach_port_msgcount_t mps_qlimit' The maximum number of messages in the queue. `mach_port_msgcount_t mps_msgcount' The number of messages in the queue. `mach_port_rights_t mps_sorights' The number of send-once rights that exist. `boolean_t mps_srights' `TRUE' when send rights exist. `boolean_t mps_pdrequest' `TRUE' if port-deleted notification is requested. `boolean_t mps_nsrequest' `TRUE' if no-senders notification is requested. - Function: kern_return_t mach_port_get_receive_status (mach_port_t TASK, mach_port_t NAME, mach_port_status_t *STATUS) The function `mach_port_get_receive_status' returns the current status of the specified receive right. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right and `KERN_INVALID_RIGHT' if NAME denoted a right, but not a receive right. The `mach_port_get_receive_status' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_set_mscount (mach_port_t TASK, mach_port_t NAME, mach_port_mscount_t MSCOUNT) The function `mach_port_set_mscount' changes the make-send count of TASK's receive right named NAME to MSCOUNT. All values for MSCOUNT are valid. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right and `KERN_INVALID_RIGHT' if NAME denoted a right, but not a receive right. The `mach_port_set_mscount' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_set_qlimit (mach_port_t TASK, mach_port_t NAME, mach_port_msgcount_t QLIMIT) The function `mach_port_set_qlimit' changes the queue limit TASK's receive right named NAME to QLIMIT. Valid values for QLIMIT are between zero and `MACH_PORT_QLIMIT_MAX', inclusive. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right, `KERN_INVALID_RIGHT' if NAME denoted a right, but not a receive right and `KERN_INVALID_VALUE' if QLIMIT was invalid. The `mach_port_set_qlimit' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_set_seqno (mach_port_t TASK, mach_port_t NAME, mach_port_seqno_t SEQNO) The function `mach_port_set_seqno' changes the sequence number TASK's receive right named NAME to SEQNO. All sequence number values are valid. The next message received from the port will be stamped with the specified sequence number. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right and `KERN_INVALID_RIGHT' if NAME denoted a right, but not a receive right. The `mach_port_set_seqno' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Port Sets --------- - Function: kern_return_t mach_port_get_set_status (mach_port_t TASK, mach_port_t NAME, mach_port_array_t *MEMBERS, mach_msg_type_number_t *COUNT) The function `mach_port_get_set_status' returns the members of a port set. MEMBERS is an array that is automatically allocated when the reply message is received. The user should `vm_deallocate' it when the data is no longer needed. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if NAME did not denote a right, `KERN_INVALID_RIGHT' if NAME denoted a right, but not a receive right and `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory. The `mach_port_get_set_status' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t mach_port_move_member (mach_port_t TASK, mach_port_t MEMBER, mach_port_t AFTER) The function MACH_PORT_MOVE_MEMBER moves the receive right MEMBER into the port set AFTER. If the receive right is already a member of another port set, it is removed from that set first (the whole operation is atomic). If the port set is `MACH_PORT_NULL', then the receive right is not put into a port set, but removed from its current port set. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_NAME' if MEMBER or AFTER did not denote a right, `KERN_INVALID_RIGHT' if MEMBER denoted a right, but not a receive right or AFTER denoted a right, but not a port set, and `KERN_NOT_IN_SET' if AFTER was `MACH_PORT_NULL', but `member' wasn't currently in a port set. The `mach_port_move_member' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Request Notifications --------------------- - Function: kern_return_t mach_port_request_notification (mach_port_t TASK, mach_port_t NAME, mach_msg_id_t VARIANT, mach_port_mscount_t SYNC, mach_port_t NOTIFY, mach_msg_type_name_t NOTIFY_TYPE, mach_port_t *PREVIOUS) The function `mach_port_request_notification' registers a request for a notification and supplies the send-once right NOTIFY to which the notification will be sent. The NOTIFY_TYPE denotes the IPC type for the send-once right, which can be `MACH_MSG_TYPE_MAKE_SEND_ONCE' or `MACH_MSG_TYPE_MOVE_SEND_ONCE'. It is an atomic swap, returning the previously registered send-once right (or `MACH_PORT_NULL' for none) in PREVIOUS. A previous notification request may be cancelled by providing `MACH_PORT_NULL' for NOTIFY. The VARIANT argument takes the following values: `MACH_NOTIFY_PORT_DESTROYED' SYNC must be zero. The NAME must specify a receive right, and the call requests a port-destroyed notification for the receive right. If the receive right were to have been destroyed, say by `mach_port_destroy', then instead the receive right will be sent in a port-destroyed notification to the registered send-once right. `MACH_NOTIFY_DEAD_NAME' The call requests a dead-name notification. NAME specifies send, receive, or send-once rights for a port. If the port is destroyed (and the right remains, becoming a dead name), then a dead-name notification which carries the name of the right will be sent to the registered send-once right. If NOTIFY is not null and sync is non-zero, the name may specify a dead name, and a dead-name notification is immediately generated. Whenever a dead-name notification is generated, the user reference count of the dead name is incremented. For example, a send right with two user refs has a registered dead-name request. If the port is destroyed, the send right turns into a dead name with three user refs (instead of two), and a dead-name notification is generated. If the name is made available for reuse, perhaps because of `mach_port_destroy' or `mach_port_mod_refs', or the name denotes a send-once right which has a message sent to it, then the registered send-once right is used to generate a port-deleted notification. `MACH_NOTIFY_NO_SENDERS' The call requests a no-senders notification. NAME must specify a receive right. If NOTIFY is not null, and the receive right's make-send count is greater than or equal to the sync value, and it has no extant send rights, than an immediate no-senders notification is generated. Otherwise the notification is generated when the receive right next loses its last extant send right. In either case, any previously registered send-once right is returned. The no-senders notification carries the value the port's make-send count had when it was generated. The make-send count is incremented whenever `MACH_MSG_TYPE_MAKE_SEND' is used to create a new send right from the receive right. The make-send count is reset to zero when the receive right is carried in a message. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_TASK' if TASK was invalid, `KERN_INVALID_VALUE' if VARIANT was invalid, `KERN_INVALID_NAME' if NAME did not denote a right, `KERN_INVALID_RIGHT' if NAME denoted an invalid right and `KERN_INVALID_CAPABILITY' if NOTIFY was invalid. When using `MACH_NOTIFY_PORT_DESTROYED', the function returns `KERN_INVALID_VALUE' if SYNC wasn't zero. When using `MACH_NOTIFY_DEAD_NAME', the function returns `KERN_RESOURCE_SHORTAGE' if the kernel ran out of memory, `KERN_INVALID_ARGUMENT' if NAME denotes a dead name, but SYNC is zero or NOTIFY is `MACH_PORT_NULL', and `KERN_UREFS_OVERFLOW' if NAME denotes a dead name, but generating an immediate dead-name notification would overflow the name's user-reference count. The `mach_port_request_notification' call is actually an RPC to TASK, normally a send right for a task port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. Virtual Memory Interface ************************ Memory Allocation ================= - Function: kern_return_t vm_allocate (mach_port_t TARGET_TASK, vm_address_t *ADDRESS, vm_size_t SIZE, boolean_t ANYWHERE) The function `vm_allocate' allocates a region of virtual memory, placing it in the specified TASK's address space. The starting address is ADDRESS. If the ANYWHERE option is false, an attempt is made to allocate virtual memory starting at this virtual address. If this address is not at the beginning of a virtual page, it will be rounded down to one. If there is not enough space at this address, no memory will be allocated. If the ANYWHERE option is true, the input value of this address will be ignored, and the space will be allocated wherever it is available. In either case, the address at which memory was actually allocated will be returned in ADDRESS. SIZE is the number of bytes to allocate (rounded by the system in a machine dependent way to an integral number of virtual pages). If ANYWHERE is true, the kernel should find and allocate any region of the specified size, and return the address of the resulting region in address address, rounded to a virtual page boundary if there is sufficient space. The physical memory is not actually allocated until the new virtual memory is referenced. By default, the kernel rounds all addresses down to the nearest page boundary and all memory sizes up to the nearest page size. The global variable `vm_page_size' contains the page size. `mach_task_self' returns the value of the current task port which should be used as the TARGET_TASK argument in order to allocate memory in the caller's address space. For languages other than C, these values can be obtained by the calls `vm_statistics' and `mach_task_self'. Initially, the pages of allocated memory will be protected to allow all forms of access, and will be inherited in child tasks as a copy. Subsequent calls to `vm_protect' and `vm_inherit' may be used to change these properties. The allocated region is always zero-filled. The function returns `KERN_SUCCESS' if the memory was successfully allocated, `KERN_INVALID_ADDRESS' if an illegal address was specified and `KERN_NO_SPACE' if there was not enough space left to satisfy the request. Memory Deallocation =================== - Function: kern_return_t vm_deallocate (mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_size_t SIZE) `vm_deallocate' relinquishes access to a region of a TASK's address space, causing further access to that memory to fail. This address range will be available for reallocation. ADDRESS is the starting address, which will be rounded down to a page boundary. SIZE is the number of bytes to deallocate, which will be rounded up to give a page boundary. Note, that because of the rounding to virtual page boundaries, more than SIZE bytes may be deallocated. Use `vm_page_size' or `vm_statistics' to find out the current virtual page size. This call may be used to deallocte memory that was passed to a task in a message (via out of line data). In that case, the rounding should cause no trouble, since the region of memory was allocated as a set of pages. The `vm_deallocate' call affects only the task specified by the TARGET_TASK. Other tasks which may have access to this memory may continue to reference it. The function returns `KERN_SUCCESS' if the memory was successfully deallocated and `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified. Data Transfer ============= - Function: kern_return_t vm_read (mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_size_t SIZE, vm_offset_t *DATA, mach_msg_type_number_t *DATA_COUNT) The function `vm_read' allows one task's virtual memory to be read by another task. The TARGET_TASK is the task whose memory is to be read. ADDRESS is the first address to be read and must be on a page boundary. SIZE is the number of bytes of data to be read and must be an integral number of pages. DATA is the array of data copied from the given task, and DATA_COUNT is the size of the data array in bytes (will be an integral number of pages). Note that the data array is returned in a newly allocated region; the task reading the data should `vm_deallocate' this region when it is done with the data. The function returns `KERN_SUCCESS' if the memory was successfully read, `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified or there was not SIZE bytes of data following the address, `KERN_INVALID_ARGUMENT' if the address does not start on a page boundary or the size is not an integral number of pages, `KERN_PROTECTION_FAILURE' if the address region in the target task is protected against reading and `KERN_NO_SPACE' if there was not enough room in the callers virtual memory to allocate space for the data to be returned. - Function: kern_return_t vm_write (mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_offset_t DATA, mach_msg_type_number_t DATA_COUNT) The function `vm_write' allows a task to write to the vrtual memory of TARGET_TASK. ADDRESS is the starting address in task to be affected. DATA is an array of bytes to be written, and DATA_COUNT the size of the DATA array. The current implementation requires that ADDRESS, DATA and DATA_COUNT all be page-aligned. Otherwise, `KERN_INVALID_ARGUMENT' is returned. The function returns `KERN_SUCCESS' if the memory was successfully written, `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified or there was not DATA_COUNT bytes of allocated memory starting at ADDRESS and `KERN_PROTECTION_FAILURE' if the address region in the target task is protected against writing. - Function: kern_return_t vm_copy (mach_port_t TARGET_TASK, vm_address_t SOURCE_ADDRESS, vm_size_t COUNT, vm_offset_t DEST_ADDRESS) The function `vm_copy' causes the source memory range to be copied to the destination address. The source and destination memory ranges may overlap. The destination address range must already be allocated and writable; the source range must be readable. `vm_copy' is equivalent to `vm_read' followed by `vm_write'. The current implementation requires that ADDRESS, DATA and DATA_COUNT all be page-aligned. Otherwise, `KERN_INVALID_ARGUMENT' is returned. The function returns `KERN_SUCCESS' if the memory was successfully written, `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified or there was insufficient memory allocated at one of the addresses and `KERN_PROTECTION_FAILURE' if the destination region was not writable or the source region was not readable. Memory Attributes ================= - Function: kern_return_t vm_region (mach_port_t TARGET_TASK, vm_address_t *ADDRESS, vm_size_t *SIZE, vm_prot_t *PROTECTION, vm_prot_t *MAX_PROTECTION, vm_inherit_t *INHERITANCE, boolean_t *SHARED, mach_port_t *OBJECT_NAME, vm_offset_t *OFFSET) The function `vm_region' returns a description of the specified region of TARGET_TASK's virtual address space. `vm_region' begins at ADDRESS and looks forward through memory until it comes to an allocated region. If address is within a region, then that region is used. Various bits of information about the region are returned. If ADDRESS was not within a region, then ADDRESS is set to the start of the first region which follows the incoming value. In this way an entire address space can be scanned. The SIZE returned is the size of the located region in bytes. PROTECTION is the current protection of the region, MAX_PROTECTION is the maximum allowable protection for this region. INHERITANCE is the inheritance attribute for this region. SHARED tells if the region is shared or not. The port OBJECT_NAME identifies the memory object associated with this region, and OFFSET is the offset into the pager object that this region begins at. The function returns `KERN_SUCCESS' if the memory region was successfully located and the information returned and `KERN_NO_SPACE' if there is no region at or above ADDRESS in the specified task. - Function: kern_return_t vm_protect (mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_size_t SIZE, boolean_t SET_MAXIMUM, vm_prot_t NEW_PROTECTION) The function `vm_protect' sets the virtual memory access privileges for a range of allocated addresses in TARGET_TASK's virtual address space. The protection argument describes a combination of read, write, and execute accesses that should be *permitted*. ADDRESS is the starting address, which will be rounded down to a page boundary. SIZE is the size in bytes of the region for which protection is to change, and will be rounded up to give a page boundary. If SET_MAXIMUM is set, make the protection change apply to the maximum protection associated with this address range; otherwise, the current protection on this range is changed. If the maximum protection is reduced below the current protection, both will be changed to reflect the new maximum. NEW_PROTECTION is the new protection value for this region; a set of: `VM_PROT_READ', `VM_PROT_WRITE', `VM_PROT_EXECUTE'. The enforcement of virtual memory protection is machine-dependent. Nominally read access requires `VM_PROT_READ' permission, write access requires `VM_PROT_WRITE' permission, and execute access requires `VM_PROT_EXECUTE' permission. However, some combinations of access rights may not be supported. In particular, the kernel interface allows write access to require `VM_PROT_READ' and `VM_PROT_WRITE' permission and execute access to require `VM_PROT_READ' permission. The function returns `KERN_SUCCESS' if the memory was successfully protected, `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified and `KERN_PROTECTION_FAILURE' if an attempt was made to increase the current or maximum protection beyond the existing maximum protection value. - Function: kern_return_t vm_inherit (mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_size_t SIZE, vm_inherit_t NEW_INHERITANCE) The function `vm_inherit' specifies how a region of TARGET_TASK's address space is to be passed to child tasks at the time of task creation. Inheritance is an attribute of virtual pages, so ADDRESS to start from will be rounded down to a page boundary and SIZE, the size in bytes of the region for wihch inheritance is to change, will be rounded up to give a page boundary. How this memory is to be inherited in child tasks is specified by NEW_INHERITANCE. Inheritance is specified by using one of these following three values: `VM_INHERIT_SHARE' Child tasks will share this memory with this task. `VM_INHERIT_COPY' Child tasks will receive a copy of this region. `VM_INHERIT_NONE' This region will be absent from child tasks. Setting `vm_inherit' to `VM_INHERIT_SHARE' and forking a child task is the only way two Mach tasks can share physical memory. Remember that all the theads of a given task share all the same memory. The function returns `KERN_SUCCESS' if the memory inheritance was successfully set and `KERN_INVALID_ADDRESS' if an illegal or non-allocated address was specified. - Function: kern_return_t vm_wire (mach_port_t HOST_PRIV, mach_port_t TARGET_TASK, vm_address_t ADDRESS, vm_size_t SIZE, vm_prot_t ACCESS) The function `vm_wire' allows privileged applications to control memory pageability. HOST_PRIV is the privileged host port for the host on which TARGET_TASK resides. ADDRESS is the starting address, which will be rounded down to a page boundary. SIZE is the size in bytes of the region for which protection is to change, and will be rounded up to give a page boundary. ACCESS specifies the types of accesses that must not cause page faults. The semantics of a successful `vm_wire' operation are that memory in the specified range will not cause page faults for any accesses included in access. Data memory can be made non-pageable (wired) with a access argument of `VM_PROT_READ | VM_PROT_WRITE'. A special case is that `VM_PROT_NONE' makes the memory pageable. The function returns `KERN_SUCCESS' if the call succeeded, `KERN_INVALID_HOST' if HOST_PRIV was not the privileged host port, `KERN_INVALID_TASK' if TASK was not a valid task, `KERN_INVALID_VALUE' if ACCESS specified an invalid access mode, `KERN_FAILURE' if some memory in the specified range is not present or has an inappropriate protection value, and `KERN_INVALID_ARGUMENT' if unwiring (ACCESS is `VM_PROT_NONE') and the memory is not already wired. The `vm_wire' call is actually an RPC to HOST_PRIV, normally a send right for a privileged host port, but potentially any send right. In addition to the normal diagnostic return codes from the call's server (normally the kernel), the call may return `mach_msg' return codes. - Function: kern_return_t vm_machine_attribute (mach_port_t TASK, vm_address_t ADDRESS, vm_size_t SIZE, vm_prot_t ACCESS, vm_machine_attribute_t ATTRIBUTE, vm_machine_attribute_val_t VALUE) The function `vm_machine_attribute' specifies machine-specific attributes for a VM mapping, such as cachability, migrability, replicability. This is used on machines that allow the user control over the cache (this is the case for MIPS architectures) or placement of memory pages as in NUMA architectures (Non-Uniform Memory Access time) such as the IBM ACE multiprocessor. Machine-specific attributes can be consider additions to the machine-independent ones such as protection and inheritance, but they are not guaranteed to be supported by any given machine. Moreover, implementations of Mach on new architectures might find the need for new attribute types and or values besides the ones defined in the initial implementation. The types currently defined are `MATTR_CACHE' Controls caching of memory pages `MATTR_MIGRATE' Controls migrability of memory pages `MATTR_REPLICATE' Controls replication of memory pages Corresponding values, and meaning of a specific call to `vm_machine_attribute' `MATTR_VAL_ON' Enables the attribute. Being enabled is the default value for any applicable attribute. `MATTR_VAL_OFF' Disables the attribute, making memory non-cached, or non-migratable, or non-replicatable. `MATTR_VAL_GET' Returns the current value of the attribute for the memory segment. If the attribute does not apply uniformly to the given range the value returned applies to the initial portion of the segment only. `MATTR_VAL_CACHE_FLUSH' Flush the memory pages from the Cache. The size value in this case might be meaningful even if not a multiple of the page size, depending on the implementation. `MATTR_VAL_ICACHE_FLUSH' Same as above, applied to the Instruction Cache alone. `MATTR_VAL_DCACHE_FLUSH' Same as above, applied to the Data Cache alone. The function returns `KERN_SUCCESS' if call succeeded, and `KERN_INVALID_ARGUMENT' if TASK is not a task, or ADDRESS and SIZE do not define a valid address range in task, or ATTRIBUTE is not a valid attribute type, or it is not implemented, or VALUE is not a permissible value for attribute. Mapping Memory Objects ====================== - Function: kern_return_t vm_map (mach_port_t TARGET_TASK, vm_address_t *ADDRESS, vm_size_t SIZE, vm_address_t MASK, boolean_t ANYWHERE, mach_port_t MEMORY_OBJECT, vm_offset_t OFFSET, boolean_t COPY, vm_prot_t CUR_PROTECTION, vm_prot_t MAX_PROTECTION, vm_inherit_t INHERITANCE) The function `vm_map' maps a region of virtual memory at the specified address, for which data is to be supplied by the given memory object, starting at the given offset within that object. In addition to the arguments used in `vm_allocate', the `vm_map' call allows the specification of an address alignment parameter, and of the initial protection and inheritance values. If the memory object in question is not currently in use, the kernel will perform a `memory_object_init' call at this time. If the copy parameter is asserted, the specified region of the memory object will be copied to this address space; changes made to this object by other tasks will not be visible in this mapping, and changes made in this mapping will not be visible to others (or returned to the memory object). The `vm_map' call returns once the mapping is established. Completion of the call does not require any action on the part of the memory manager. Warning: Only memory objects that are provided by bona fide memory managers should be used in the `vm_map' call. A memory manager must implement the memory object interface described elsewhere in this manual. If other ports are used, a thread that accesses the mapped virtual memory may become permanently hung or may receive a memory exception. TARGET_TASK is the task to be affected. The starting address is ADDRESS. If the ANYWHERE option is used, this address is ignored. The address actually allocated will be returned in ADDRESS. SIZE is the number of bytes to allocate (rounded by the system in a machine dependent way). The alignment restriction is specified by MASK. Bits asserted in this mask must not be asserted in the address returned. If ANYWHERE is set, the kernel should find and allocate any region of the specified size, and return the address of the resulting region in ADDRESS. MEMORY_OBJECT is the port that represents the memory object: used by user tasks in `vm_map'; used by the make requests for data or other management actions. If this port is `MEMORY_OBJECT_NULL', then zero-filled memory is allocated instead. Within a memory object, OFFSET specifes an offset in bytes. This must be page aligned. If COPY is set, the range of the memory object should be copied to the target task, rather than mapped read-write. The function returns `KERN_SUCCESS' if the object is mapped, `KERN_NO_SPACE' if no unused region of the task's virtual address space that meets the address, size, and alignment criteria could be found, and `KERN_INVALID_ARGUMENT' if an illegal argument was provided. Memory Statistics ================= - Data type: vm_statistics_data_t This structure is returned in VM_STATS by the `vm_statistics' function and provides virtual memory statistics for the system. It has the following members: `long pagesize' The page size in bytes. `long free_count' The number of free pages. `long active_count' The umber of active pages. `long inactive_count' The number of inactive pages. `long wire_count' The number of pages wired down. `long zero_fill_count' The number of zero filled pages. `long reactivations' The number of reactivated pages. `long pageins' The number of pageins. `long pageouts' The number of pageouts. `long faults' The number of faults. `long cow_faults' The number of copy-on-writes. `long lookups' The number of object cache lookups. `long hits' The number of object cache hits. - Function: kern_return_t vm_statistics (mach_port_t TARGET_TASK, vm_statistics_data_t *VM_STATS) The function `vm_statistics' returns the statistics about the kernel's use of virtual memory since the kernel was booted. `pagesize' can also be found as a global variable `vm_page_size' which is set at task initialization and remains constant for the life of the task. External Memory Management ************************** Memory Object Server ==================== - Function: boolean_t memory_object_server (msg_header_t *IN_MSG, msg_header_t *OUT_MSG) - Function: boolean_t memory_object_default_server (msg_header_t *IN_MSG, msg_header_t *OUT_MSG) - Function: boolean_t seqnos_memory_object_server (msg_header_t *IN_MSG, msg_header_t *OUT_MSG) - Function: boolean_t seqnos_memory_object_default_server (msg_header_t *IN_MSG, msg_header_t *OUT_MSG) A memory manager is a server task that responds to specific messages from the kernel in order to handle memory management functions for the kernel. In order to isolate the memory manager from the specifics of message formatting, the remote procedure call generator produces a procedure, `memory_object_server', to handle a received message. This function does all necessary argument handling, and actually calls one of the following functions: `memory_object_init', `memory_object_data_return', `memory_object_data_request', `memory_object_data_unlock', `memory_object_lock_completed', `memory_object_copy', `memory_object_terminate'. The *default memory manager* may get two additional requests from the kernel: `memory_object_create' and `memory_object_data_initialize'. The remote procedure call generator produces a procedure `memory_object_default_server' to handle those functions specific to the default memory manager. The `seqnos_memory_object_server' and `seqnos_memory_object_default_server' differ from `memory_object_server' and `memory_object_default_server' in that they supply message sequence numbers to the server interfaces. They call the `seqnos_memory_object_*' functions, which complement the `memory_object_*' set of functions. The return value from the `memory_object_server' function indicates that the message was appropriate to the memory management interface (returning `TRUE'), or that it could not handle this message (returning `FALSE'). The IN_MSG argument is the message that has been received from the kernel. The OUT_MSG is a reply message, but this is not used for this server. The function returns `TRUE' to indicate that the message in question was applicable to this interface, and that the appropriate routine was called to interpret the message. It returns `FALSE' to indicate that the message did not apply to this interface, and that no other action was taken. Memory Object Creation ====================== - Function: kern_return_t memory_object_init (mach_port_t MEMORY_OBJECT, mach_port_t MEMORY_CONTROL, mach_port_t MEMORY_OBJECT_NAME, vm_size_t MEMORY_OBJECT_PAGE_SIZE) - Function: kern_return_t seqnos_memory_object_init (mach_port_t MEMORY_OBJECT, mach_port_seqno_t SEQNO, mach_port_t MEMORY_CONTROL, mach_port_t MEMORY_OBJECT_NAME, vm_size_t MEMORY_OBJECT_PAGE_SIZE) The function `memory_object_init' serves as a notification that the kernel has been asked to map the given memory object into a task's virtual address space. Additionally, it provides a port on which the memory manager may issue cache management requests, and a port which the kernel will use to name this data region. In the event that different each will perform a `memory_object_init' call with new request and name ports. The virtual page size that is used by the calling kernel is included for planning purposes. When the memory manager is prepared to accept requests for data for this object, it must call `memory_object_ready' with the attribute. Otherwise the kernel will not process requests on this object. To reject all mappings of this object, the memory manager may use `memory_object_destroy'. The argument MEMORY_OBJECT is the port that represents the memory object data, as supplied to the kernel in a `vm_map' call. MEMORY_CONTROL is the request port to which a response is requested. (In the event that a memory object has been supplied to more than one the kernel that has made the request.) MEMORY_OBJECT_NAME is a port used by the kernel to refer to the memory object data in reponse to `vm_region' calls. `memory_object_page_size' is the page size to be used by this kernel. All data sizes in calls involving this kernel must be an integral multiple of the page size. Note that different kernels, indicated by different `memory_control's, may have different page sizes. The function should return `KERN_SUCCESS', but since this routine is called by the kernel, which does not wait for a reply message, this value is ignored. - Function: kern_return_t memory_object_ready (mach_port_t MEMORY_CONTROL, boolean_t MAY_CACHE_OBJECT, memory_object_copy_strategy_t COPY_STRATEGY) The function `memory_object_ready' informs the kernel that the memory manager is ready to receive data or unlock requests on behalf of the clients. The argument MEMORY_CONTROL is the port, provided by the kernel in a `memory_object_init' call, to which cache management requests may be issued. If MAY_CACHE_OBJECT is set, the kernel may keep data associated with this memory object, even after virtual memory references to it are gone. COPY_STRATEGY tells how the kernel should copy regions of the associated memory object. There are three possible caching strategies: `MEMORY_OBJECT_COPY_NONE' which specifies that nothing special should be done when data in the object is copied; `MEMORY_OBJECT_COPY_CALL' which specifies that the memory manager should be notified via a `memory_object_copy' call before any part of the object is copied; and `MEMORY_OBJECT_COPY_DELAY' which guarantees that the memory manager does not externally modify the data so that the kernel can use its normal copy-on-write algorithms. `MEMORY_OBJECT_COPY_DELAY' is the strategy most commonly used. This routine does not receive a reply message (and consequently has no return value), so only message transmission errors apply. Memory Object Termination ========================= - Function: kern_return_t memory_object_terminate (mach_port_t MEMORY_OBJECT, mach_port_t MEMORY_CONTROL, mach_port_t MEMORY_OBJECT_NAME) - Function: kern_return_t seqnos_memory_object_terminate (mach_port_t MEMORY_OBJECT, mach_port_seqno_t SEQNO, mach_port_t MEMORY_CONTROL, mach_port_t MEMORY_OBJECT_NAME) The function `memory_object_terminate' indicates that the kernel has completed its use of the given memory object. All rights to the memory object control and name ports are included, so that the memory manager can destroy them (using `mach_port_deallocate') after doing appropriate bookkeeping. The kernel will terminate a memory object only after all address space mappings of that memory object have been deallocated, or upon explicit request by the memory manager. The argument MEMORY_OBJECT is the port that represents the memory object data, as supplied to the kernel in a `vm_map' call. MEMORY_CONTROL is the request port to which a response is requested. (In the event that a memory object has been supplied to more than one the kernel that has made the request.) MEMORY_OBJECT_NAME is a port used by the kernel to refer to the memory object data in reponse to `vm_region' calls. The function should return `KERN_SUCCESS', but since this routine is called by the kernel, which does not wait for a reply message, this value is ignored. - Function: kern_return_t memory_object_destroy (mach_port_t MEMORY_CONTROL, kern_return_t REASON) The function `memory_object_destroy' tells the kernel to shut down the memory object. As a result of this call the kernel will no longer support paging activity or any `memory_object' calls on this object, and all rights to the memory object port, the memory control port and the memory name port will be returned to the memory manager in a memory_object_terminate call. If the memory manager is concerned that any modified cached data be returned to it before the object is terminated, it should call `memory_object_lock_request' with SHOULD_FLUSH set and a lock value of `VM_PROT_WRITE' before making this call. The argument MEMORY_CONTROL is the port, provided by the kernel in a `memory_object_init' call, to which cache management requests may be issued. REASON is an error code indicating why the object must be destroyed. This routine does not receive a reply message (and consequently has no return value), so only message transmission errors apply. Memory Objects and Data ======================= - Function: kern_return_t memory_object_data_return (mach_port_t MEMORY_OBJECT, mach_port_t MEMORY_CONTROL, vm_offset_t OFFSET, vm_offset_t DATA, vm_size_t DATA_COUNT, boolean_t DIRTY, boolean_t KERNEL_COPY) - Function: kern_return_t seqnos_memory_object_data_return (mach_port_t MEMORY_OBJECT, mach_port_seqno_t SEQNO, mach_port_t MEMORY_CONTROL, vm_offset_t OFFSET, vm_offset_t DATA, vm_size_t DATA_COUNT, boolean_t DIRTY, boolean_t KERNEL_COPY) The function `memory_object_data_return' provides the memory manager with data that has been modified while cached in physical memory. Once the memory manager no longer needs this data (e.g., it has been written to another storage medium), it should be deallocated using `vm_deallocate'. The argument MEMORY_OBJECT is the port that represents the memory object data, as supplied to the kernel in a `vm_map' call. MEMORY_CONTROL is the request port to which a response is requested. (In the event that a memory object has been supplied to more than one the kernel that has made the request.) OFFSET is the offset within a memory object to which this call refers. This will be page aligned. DATA is the data which has been modified while cached in physical memory. DATA_COUNT is the amount of data to be written, in bytes. This will be an integral number of memory object pages. The kernel will also use this call to return precious pages. If an unmodified precious age is returned, DIRTY is set to `FALSE', otherwise it is `TRUE'. If KERNEL_COPY is `TRUE', the kernel kept a copy of the page. Precious data remains precious if the kernel keeps a copy. The indication that the kernel kept a copy is only a hint if the data is not precious; the cleaned copy may be discarded without further notifying the manager. The function should return `KERN_SUCCESS', but since this routine is called by the kernel, which does not wait for a reply message, this value is ignored. - Function: kern_return_t memory_object_data_request (mach_port_t MEMORY_OBJECT, mach_port_t MEMORY_CONTROL, vm_offset_t OFFSET, vm_offset_t LENGTH, vm_prot_t DESIRED_ACCESS) - Function: kern_return_t seqnos_memory_object_data_request (mach_port_t MEMORY_OBJECT, mach_port_seqno_t SEQNO, mach_port_t MEMORY_CONTROL, vm_offset_t OFFSET, vm_offset_t LENGTH, vm_prot_t DESIRED_ACCESS) The function `memory_object_data_request' is a request for data from the specified memory object, for at least the access specified. The memory manager is expected to return at least the specified data, with as much access as it can allow, using `memory_object_data_supply'. If the memory manager is unable to provide the data (for example, because of a hardware error), it may use the `memory_object_data_error' call. The `memory_object_data_unavailable' call may be used to tell the kernel to supply zero-filled memory for this region. The argument MEMORY_OBJECT is the port that represents the memory object data, as supplied to the kernel in a `vm_map' call. MEMORY_CONTROL is the request port to which a response is requested. (In the event that a memory obje