Loading...
iokit/Kernel/IOUserClient.cpp xnu-3248.50.21 xnu-1504.7.4
--- xnu/xnu-3248.50.21/iokit/Kernel/IOUserClient.cpp
+++ xnu/xnu-1504.7.4/iokit/Kernel/IOUserClient.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2014 Apple Inc. All rights reserved.
+ * Copyright (c) 1998-2008 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -37,24 +37,8 @@
 #include <IOKit/IOMemoryDescriptor.h>
 #include <IOKit/IOBufferMemoryDescriptor.h>
 #include <IOKit/IOLib.h>
-#include <IOKit/IOStatisticsPrivate.h>
-#include <IOKit/IOTimeStamp.h>
-#include <IOKit/system.h>
 #include <libkern/OSDebug.h>
 #include <sys/proc.h>
-#include <sys/kauth.h>
-#include <sys/codesign.h>
-
-#if CONFIG_MACF
-
-extern "C" {
-#include <security/mac_framework.h>
-};
-#include <sys/kauth.h>
-
-#define IOMACF_LOG 0
-
-#endif /* CONFIG_MACF */
 
 #include <IOKit/assert.h>
 
@@ -63,7 +47,7 @@
 
 #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x))
 #define SCALAR32(x) ((uint32_t )x)
-#define ARG32(x)    ((void *)(uintptr_t)SCALAR32(x))
+#define ARG32(x)    ((void *)SCALAR32(x))
 #define REF64(x)    ((io_user_reference_t)((UInt64)(x)))
 #define REF32(x)    ((int)(x))
 
@@ -72,32 +56,6 @@
     kIOUCAsync0Flags = 3ULL,
     kIOUCAsync64Flag = 1ULL
 };
-
-#if IOKITSTATS
-
-#define IOStatisticsRegisterCounter() \
-do { \
-	reserved->counter = IOStatistics::registerUserClient(this); \
-} while (0)
-
-#define IOStatisticsUnregisterCounter() \
-do { \
-	if (reserved) \
-		IOStatistics::unregisterUserClient(reserved->counter); \
-} while (0)
-
-#define IOStatisticsClientCall() \
-do { \
-	IOStatistics::countUserClientCall(client); \
-} while (0)
-
-#else
-
-#define IOStatisticsRegisterCounter()
-#define IOStatisticsUnregisterCounter()
-#define IOStatisticsClientCall()
-
-#endif /* IOKITSTATS */
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
@@ -166,7 +124,7 @@
     static mach_port_name_t makeSendRightForTask( task_t task,
 				io_object_t obj, ipc_kobject_type_t type );
 
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
 };
 
 #define super OSObject
@@ -354,119 +312,26 @@
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-class IOUserIterator : public OSIterator
-{
-    OSDeclareDefaultStructors(IOUserIterator)
+class IOUserNotification : public OSIterator
+{
+    OSDeclareDefaultStructors(IOUserNotification)
+
+    IONotifier 	* 	holdNotify;
+    IOLock 	*	lock;
+
 public:
-    OSObject 	* 	userIteratorObject;
-    IOLock 	*	lock;
-
-    static IOUserIterator * withIterator(OSIterator * iter);
-    virtual bool init( void ) APPLE_KEXT_OVERRIDE;
-    virtual void free() APPLE_KEXT_OVERRIDE;
-
-    virtual void reset() APPLE_KEXT_OVERRIDE;
-    virtual bool isValid() APPLE_KEXT_OVERRIDE;
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+
+    virtual bool init( void );
+    virtual void free();
+
+    virtual void setNotification( IONotifier * obj );
+
+    virtual void reset();
+    virtual bool isValid();
 };
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-class IOUserNotification : public IOUserIterator
-{
-    OSDeclareDefaultStructors(IOUserNotification)
-
-#define holdNotify	userIteratorObject
-
-public:
-
-    virtual void free() APPLE_KEXT_OVERRIDE;
-
-    virtual void setNotification( IONotifier * obj );
-
-    virtual void reset() APPLE_KEXT_OVERRIDE;
-    virtual bool isValid() APPLE_KEXT_OVERRIDE;
-};
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-OSDefineMetaClassAndStructors( IOUserIterator, OSIterator )
-
-IOUserIterator *
-IOUserIterator::withIterator(OSIterator * iter)
-{
-    IOUserIterator * me;
-
-    if (!iter) return (0);
-
-    me = new IOUserIterator;
-    if (me && !me->init())
-    {
-	me->release();
-	me = 0;
-    }
-    if (!me) return me;
-    me->userIteratorObject = iter;
-
-    return (me);
-}
-
-bool
-IOUserIterator::init( void )
-{
-    if (!OSObject::init()) return (false);
-
-    lock = IOLockAlloc();
-    if( !lock)
-        return( false );
-
-    return (true);
-}
-
-void
-IOUserIterator::free()
-{
-    if (userIteratorObject) userIteratorObject->release();
-    if (lock) IOLockFree(lock);
-    OSObject::free();
-}
-
-void
-IOUserIterator::reset()
-{
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ((OSIterator *)userIteratorObject)->reset();
-    IOLockUnlock(lock);
-}
-
-bool
-IOUserIterator::isValid()
-{
-    bool ret;
-
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ret = ((OSIterator *)userIteratorObject)->isValid();
-    IOLockUnlock(lock);
-
-    return (ret);
-}
-
-OSObject *
-IOUserIterator::getNextObject()
-{
-    OSObject * ret;
-
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ret = ((OSIterator *)userIteratorObject)->getNextObject();
-    IOLockUnlock(lock);
-
-    return (ret);
-}
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 extern "C" {
 
 // functions called from osfmk/device/iokit_rpc.c
@@ -483,55 +348,6 @@
 {
     if( obj)
 	obj->release();
-}
-
-void
-iokit_add_connect_reference( io_object_t obj )
-{
-    IOUserClient * uc;
-
-    if (!obj) return;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj))) OSIncrementAtomic(&uc->__ipc);
-
-    obj->retain();
-}
-
-void
-iokit_remove_connect_reference( io_object_t obj )
-{
-    IOUserClient * uc;
-    bool           finalize = false;
-
-    if (!obj) return;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj)))
-    {
-	if (1 == OSDecrementAtomic(&uc->__ipc) && uc->isInactive())
-	{
-	    IOLockLock(gIOObjectPortLock);
-	    if ((finalize = uc->__ipcFinal)) uc->__ipcFinal = false;
-	    IOLockUnlock(gIOObjectPortLock);
-	}
-	if (finalize) uc->scheduleFinalize(true);
-    }
-
-    obj->release();
-}
-
-bool
-IOUserClient::finalizeUserReferences(OSObject * obj)
-{
-    IOUserClient * uc;
-    bool           ok = true;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj)))
-    {
-	IOLockLock(gIOObjectPortLock);
-	if ((uc->__ipcFinal = (0 != uc->__ipc))) ok = false;
-	IOLockUnlock(gIOObjectPortLock);
-    }
-    return (ok);
 }
 
 ipc_port_t
@@ -567,10 +383,8 @@
 
     if( IKOT_IOKIT_CONNECT == type)
     {
-	if( (client = OSDynamicCast( IOUserClient, obj ))) {
-		IOStatisticsClientCall();
+	if( (client = OSDynamicCast( IOUserClient, obj )))
 	    client->clientDied();
-    }
     }
     else if( IKOT_IOKIT_OBJECT == type)
     {
@@ -609,13 +423,13 @@
     virtual bool init( mach_port_t port, natural_t type,
                        void * reference, vm_size_t referenceSize,
 		       bool clientIs64 );
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
 
     static bool _handler( void * target,
                           void * ref, IOService * newService, IONotifier * notifier );
     virtual bool handler( void * ref, IOService * newService );
 
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+    virtual OSObject * getNextObject();
 };
 
 class IOServiceMessageUserNotification : public IOUserNotification
@@ -641,7 +455,7 @@
 		       vm_size_t extraSize,
 		       bool clientIs64 );
 
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
     
     static IOReturn _handler( void * target, void * ref,
                               UInt32 messageType, IOService * provider,
@@ -650,35 +464,46 @@
                               UInt32 messageType, IOService * provider,
                               void * messageArgument, vm_size_t argSize );
 
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+    virtual OSObject * getNextObject();
 };
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 #undef super
-#define super IOUserIterator
-OSDefineMetaClass( IOUserNotification, IOUserIterator )
-OSDefineAbstractStructors( IOUserNotification, IOUserIterator )
+#define super OSIterator
+OSDefineMetaClass( IOUserNotification, OSIterator )
+OSDefineAbstractStructors( IOUserNotification, OSIterator )
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
+bool IOUserNotification::init( void )
+{
+    if( !super::init())
+	return( false );
+
+    lock = IOLockAlloc();
+    if( !lock)
+        return( false );
+
+    return( true );
+}
+
 void IOUserNotification::free( void )
 {
-    if (holdNotify)
-    {
-	assert(OSDynamicCast(IONotifier, holdNotify));
-	((IONotifier *)holdNotify)->remove();
-	holdNotify = 0;
-    }
+    if( holdNotify)
+	holdNotify->remove();
     // can't be in handler now
 
+    if( lock)
+	IOLockFree( lock );
+
     super::free();
 }
 
 
 void IOUserNotification::setNotification( IONotifier * notify )
 {
-    OSObject * previousNotify;
+    IONotifier * previousNotify;
 
     IOLockLock( gIOObjectPortLock);
 
@@ -688,10 +513,7 @@
     IOLockUnlock( gIOObjectPortLock);
 
     if( previousNotify)
-    {
-	assert(OSDynamicCast(IONotifier, previousNotify));
-	((IONotifier *)previousNotify)->remove();
-    }
+	previousNotify->remove();
 }
 
 void IOUserNotification::reset()
@@ -716,9 +538,6 @@
 				       void * reference, vm_size_t referenceSize,
 				       bool clientIs64 )
 {
-    if( !super::init())
-        return( false );
-
     newSet = OSArray::withCapacity( 1 );
     if( !newSet)
         return( false );
@@ -744,7 +563,7 @@
     pingMsg->notifyHeader.type = type;
     bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
 
-    return( true );
+    return( super::init() );
 }
 
 void IOServiceUserNotification::free( void )
@@ -761,12 +580,8 @@
 
     super::free();
 
-    if( _pingMsg && _msgSize) {
-		if (_pingMsg->msgHdr.msgh_remote_port) {
-			iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
-		}
-        IOFree(_pingMsg, _msgSize);
-	}
+    if( _pingMsg && _msgSize)
+        IOFree( _pingMsg, _msgSize);
 
     if( _lastEntry)
         _lastEntry->release();
@@ -810,10 +625,8 @@
 	else
             pingMsg->msgHdr.msgh_local_port = NULL;
 
-        kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
-						     pingMsg->msgHdr.msgh_size,
-						     (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
-						     0);
+        kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+                                        pingMsg->msgHdr.msgh_size);
 	if( port)
 	    iokit_release_port( port );
 
@@ -860,8 +673,6 @@
 				void * reference, vm_size_t referenceSize, vm_size_t extraSize,
 				bool client64 )
 {
-    if( !super::init())
-        return( false );
 
     if (referenceSize > sizeof(OSAsyncReference64))
         return( false );
@@ -896,7 +707,7 @@
     pingMsg->notifyHeader.type 		= type;
     bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
 
-    return( true );
+    return( super::init() );
 }
 
 void IOServiceMessageUserNotification::free( void )
@@ -909,12 +720,8 @@
 
     super::free();
 
-    if( _pingMsg && _msgSize) {
-		if (_pingMsg->msgHdr.msgh_remote_port) {
-			iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
-		}
+    if( _pingMsg && _msgSize)
         IOFree( _pingMsg, _msgSize);
-	}
 }
 
 IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref,
@@ -937,8 +744,8 @@
 
     if (kIOMessageCopyClientID == messageType)
     {
-        *((void **) messageArgument) = OSNumber::withNumber(owningPID, 32);
-        return (kIOReturnSuccess);
+	*((void **) messageArgument) = IOCopyLogNameForPID(owningPID);
+	return (kIOReturnSuccess);
     }
 
     data->messageType = messageType;
@@ -960,15 +767,6 @@
             argSize = kIOUserNotifyMaxMessageSize;
         bcopy( messageArgument, data->messageArgument, argSize );
     }
-
-    // adjust message size for ipc restrictions
-    natural_t type;
-    type = pingMsg->notifyHeader.type;
-    type &= ~(kIOKitNoticationMsgSizeMask << kIOKitNoticationTypeSizeAdjShift);
-    type |= ((argSize & kIOKitNoticationMsgSizeMask) << kIOKitNoticationTypeSizeAdjShift);
-    pingMsg->notifyHeader.type = type;
-    argSize = (argSize + kIOKitNoticationMsgSizeMask) & ~kIOKitNoticationMsgSizeMask;
-
     pingMsg->msgHdr.msgh_size = msgSize - pingMsg->notifyHeader.size
         + sizeof( IOServiceInterestContent64 )
         - sizeof( data->messageArgument)
@@ -978,10 +776,8 @@
     pingMsg->ports[0].name = providerPort;
     thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
     pingMsg->msgHdr.msgh_local_port = thisPort;
-    kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
-						 pingMsg->msgHdr.msgh_size,
-						 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
-						 0);
+    kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+				    pingMsg->msgHdr.msgh_size);
     if( thisPort)
 	iokit_release_port( thisPort );
     if( providerPort)
@@ -1029,16 +825,6 @@
 					 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]);
     asyncRef[kIOAsyncCalloutFuncIndex]   = (io_user_reference_t) callback;
     asyncRef[kIOAsyncCalloutRefconIndex] = refcon;
-}
-
-void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef,
-					mach_port_t wakePort,
-					mach_vm_address_t callback, io_user_reference_t refcon, task_t task)
-{
-    setAsyncReference64(asyncRef, wakePort, callback, refcon);
-    if (vm_map_is_64bit(get_task_map(task))) {
-            asyncRef[kIOAsyncReservedIndex] |= kIOUCAsync64Flag;
-    }
 }
 
 static OSDictionary * CopyConsoleUser(UInt32 uid)
@@ -1065,50 +851,21 @@
     return user;
 }
 
-static OSDictionary * CopyUserOnConsole(void)
-{
-    OSArray * array;
-    OSDictionary * user = 0; 
-    
-    if ((array = OSDynamicCast(OSArray,
-	IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
-    {
-	for (unsigned int idx = 0;
-		(user = OSDynamicCast(OSDictionary, array->getObject(idx)));
-		idx++)
-	{
-	    if (kOSBooleanTrue == user->getObject(gIOConsoleSessionOnConsoleKey))
-	    {
-		user->retain();
-		break;
-	    }
-	}
-	array->release();
-    }
-    return (user);
-}
-
-IOReturn IOUserClient::clientHasAuthorization( task_t task,
-                                               IOService * service )
-{
-    proc_t p;
-    
-    p = (proc_t) get_bsdtask_info(task);
-    if (p)
-    {
-        uint64_t authorizationID;
-
-        authorizationID = proc_uniqueid(p);
-        if (authorizationID)
-        {
-            if (service->getAuthorizationID() == authorizationID)
-            {
-                return (kIOReturnSuccess);
-            }
-        }
-    }
-
-    return (kIOReturnNotPermitted);
+static bool IOUCIsBackgroundTask(task_t task, bool * isBg)
+{
+    kern_return_t               kr;
+    task_category_policy_data_t info;
+    mach_msg_type_number_t      count = TASK_CATEGORY_POLICY_COUNT;
+    boolean_t                   get_default = false;
+
+    kr = task_policy_get(current_task(),
+                         TASK_CATEGORY_POLICY,
+                         (task_policy_t) &info,
+                         &count,
+                         &get_default);
+
+    *isBg = ((KERN_SUCCESS == kr) && (info.role == TASK_THROTTLE_APPLICATION));
+    return (kr);
 }
 
 IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
@@ -1125,40 +882,12 @@
     if (!strncmp(privilegeName, kIOClientPrivilegeForeground, 
                 sizeof(kIOClientPrivilegeForeground)))
     {
-	if (task_is_gpu_denied(current_task()))
-		return (kIOReturnNotPrivileged);
-	else
-		return (kIOReturnSuccess);
-    }
-
-    if (!strncmp(privilegeName, kIOClientPrivilegeConsoleSession,
-                                sizeof(kIOClientPrivilegeConsoleSession)))
-    {
-	kauth_cred_t cred;
-	proc_t       p;
-
-        task = (task_t) securityToken;
-	if (!task)
-	    task = current_task();
-	p = (proc_t) get_bsdtask_info(task);
-	kr = kIOReturnNotPrivileged;
-
-	if (p && (cred = kauth_cred_proc_ref(p)))
-	{
-	    user = CopyUserOnConsole();
-	    if (user)
-	    {
-		OSNumber * num;
-		if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionAuditIDKey)))
-		  && (cred->cr_audit.as_aia_p->ai_asid == (au_asid_t) num->unsigned32BitValue()))
-		{
-		    kr = kIOReturnSuccess;
-		}
-		user->release();
-	    }
-	    kauth_cred_unref(&cred);
-	}
-	return (kr);
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+
+        if (KERN_SUCCESS != kr)
+            return (kr);
+        return (isBg ? kIOReturnNotPrivileged : kIOReturnSuccess);
     }
 
     if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess,
@@ -1166,7 +895,7 @@
         task = (task_t)((IOUCProcessToken *)securityToken)->token;
     else
         task = (task_t)securityToken;
-
+    
     count = TASK_SECURITY_TOKEN_COUNT;
     kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count );
 
@@ -1204,106 +933,30 @@
     return (kr);
 }
 
-OSObject * IOUserClient::copyClientEntitlement( task_t task,
-                                                const char * entitlement )
-{
-#define	MAX_ENTITLEMENTS_LEN	(128 * 1024)
-
-	proc_t p = NULL;
-	pid_t pid = 0;
-	char procname[MAXCOMLEN + 1] = "";
-	size_t len = 0;
-	void *entitlements_blob = NULL;
-	char *entitlements_data = NULL;
-	OSObject *entitlements_obj = NULL;
-	OSDictionary *entitlements = NULL;
-	OSString *errorString = NULL;
-	OSObject *value = NULL;
-
-	p = (proc_t)get_bsdtask_info(task);
-	if (p == NULL)
-		goto fail;
-	pid = proc_pid(p);
-	proc_name(pid, procname, (int)sizeof(procname));
-
-	if (cs_entitlements_blob_get(p, &entitlements_blob, &len) != 0)
-		goto fail;
-
-	if (len <= offsetof(CS_GenericBlob, data))
-		goto fail;
-
-	/*
-	 * Per <rdar://problem/11593877>, enforce a limit on the amount of XML
-	 * we'll try to parse in the kernel.
-	 */
-	len -= offsetof(CS_GenericBlob, data);
-	if (len > MAX_ENTITLEMENTS_LEN) {
-		IOLog("failed to parse entitlements for %s[%u]: %lu bytes of entitlements exceeds maximum of %u\n", procname, pid, len, MAX_ENTITLEMENTS_LEN);
-		goto fail;
-	}
-
-	/*
-	 * OSUnserializeXML() expects a nul-terminated string, but that isn't
-	 * what is stored in the entitlements blob.  Copy the string and
-	 * terminate it.
-	 */
-	entitlements_data = (char *)IOMalloc(len + 1);
-	if (entitlements_data == NULL)
-		goto fail;
-	memcpy(entitlements_data, ((CS_GenericBlob *)entitlements_blob)->data, len);
-	entitlements_data[len] = '\0';
-
-	entitlements_obj = OSUnserializeXML(entitlements_data, len + 1, &errorString);
-	if (errorString != NULL) {
-		IOLog("failed to parse entitlements for %s[%u]: %s\n", procname, pid, errorString->getCStringNoCopy());
-		goto fail;
-	}
-	if (entitlements_obj == NULL)
-		goto fail;
-
-	entitlements = OSDynamicCast(OSDictionary, entitlements_obj);
-	if (entitlements == NULL)
-		goto fail;
-
-	/* Fetch the entitlement value from the dictionary. */
-	value = entitlements->getObject(entitlement);
-	if (value != NULL)
-		value->retain();
-
-fail:
-	if (entitlements_data != NULL)
-		IOFree(entitlements_data, len + 1);
-	if (entitlements_obj != NULL)
-		entitlements_obj->release();
-	if (errorString != NULL)
-		errorString->release();
-	return value;
-}
-
 bool IOUserClient::init()
 {
-	if (getPropertyTable() || super::init())
-		return reserve();
-	
-	return false;
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init();
 }
 
 bool IOUserClient::init(OSDictionary * dictionary)
 {
-	if (getPropertyTable() || super::init(dictionary))
-		return reserve();
-	
-	return false;
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init(dictionary);
 }
 
 bool IOUserClient::initWithTask(task_t owningTask,
                                 void * securityID,
                                 UInt32 type )
-{	
-	if (getPropertyTable() || super::init())
-		return reserve();
-	
-	return false;
+{
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init();
 }
 
 bool IOUserClient::initWithTask(task_t owningTask,
@@ -1319,43 +972,17 @@
     return( ok );
 }
 
-bool IOUserClient::reserve()
-{		
-    if(!reserved) {
-	reserved = IONew(ExpansionData, 1);
-	if (!reserved) {
-	    return false;
-	}
-    }
-    setTerminateDefer(NULL, true);
-    IOStatisticsRegisterCounter();
-    
-    return true;
-}
-
 void IOUserClient::free()
 {
     if( mappings)
         mappings->release();
-		
-    IOStatisticsUnregisterCounter();
-
-    if (reserved)
-        IODelete(reserved, ExpansionData, 1);
-		
+
     super::free();
 }
 
 IOReturn IOUserClient::clientDied( void )
 {
-    IOReturn ret = kIOReturnNotReady;
-
-    if (sharedInstance || OSCompareAndSwap8(0, 1, &closed)) 
-    {
-	ret = clientClose();
-    }
-
-    return (ret);
+    return( clientClose());
 }
 
 IOReturn IOUserClient::clientClose( void )
@@ -1443,6 +1070,7 @@
     mach_port_name_t	name;
 
     name = IOMachPort::makeSendRightForTask( task, obj, IKOT_IOKIT_OBJECT );
+    assert( name );
 
     *(mach_port_name_t *)clientObj = name;
     return kIOReturnSuccess;
@@ -1536,20 +1164,8 @@
     return (sendAsyncResult64(reference64, result, args64, numArgs));
 }
 
-IOReturn IOUserClient::sendAsyncResult64WithOptions(OSAsyncReference64 reference,
-                                        IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
-{
-	return _sendAsyncResult64(reference, result, args, numArgs, options);
-}
-
 IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference,
                                         IOReturn result, io_user_reference_t args[], UInt32 numArgs)
-{
-        return _sendAsyncResult64(reference, result, args, numArgs, 0);
-}
-
-IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference,
-                                        IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
 {
     struct ReplyMsg
     {
@@ -1622,15 +1238,9 @@
 	    replyMsg.m.msg32.args[idx] = REF32(args[idx]);
     }
 
-	if ((options & kIOUserNotifyOptionCanDrop) != 0) { 
-		kr = mach_msg_send_from_kernel_with_options( &replyMsg.msgHdr,
-										 replyMsg.msgHdr.msgh_size, MACH_SEND_TIMEOUT, MACH_MSG_TIMEOUT_NONE);
-	} else {
-		/* Fail on full queue. */
-		kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
-										 replyMsg.msgHdr.msgh_size);
-	}
-    if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr))
+     kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
+            replyMsg.msgHdr.msgh_size);
+    if( KERN_SUCCESS != kr)
         IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
     return kr;
 }
@@ -1645,63 +1255,22 @@
 	if( !(out = OSDynamicCast( cls, obj)))	\
 	    return( kIOReturnBadArgument )
 
-#define CHECKLOCKED(cls,obj,out)					\
-	IOUserIterator * oIter;						\
-	cls * out;							\
-	if( !(oIter = OSDynamicCast(IOUserIterator, obj)))		\
-	    return (kIOReturnBadArgument);				\
-	if( !(out = OSDynamicCast(cls, oIter->userIteratorObject)))	\
-	    return (kIOReturnBadArgument)
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-// Create a vm_map_copy_t or kalloc'ed data for memory
-// to be copied out. ipc will free after the copyout.
-
-static kern_return_t copyoutkdata( const void * data, vm_size_t len,
-                                    io_buf_ptr_t * buf )
-{
-    kern_return_t	err;
-    vm_map_copy_t	copy;
-
-    err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
-                    false /* src_destroy */, &copy);
-
-    assert( err == KERN_SUCCESS );
-    if( err == KERN_SUCCESS )
-        *buf = (char *) copy;
-
-    return( err );
-}
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-/* Routine io_server_version */
-kern_return_t is_io_server_version(
-	mach_port_t master_port,
-	uint64_t *version)
-{
-    *version = IOKIT_SERVER_VERSION;
-    return (kIOReturnSuccess);
-}
-
 /* Routine io_object_get_class */
 kern_return_t is_io_object_get_class(
-    io_object_t object,
-    io_name_t className )
-{
-    const OSMetaClass* my_obj = NULL;
+	io_object_t object,
+	io_name_t className )
+{
+	const OSMetaClass* my_obj = NULL;
 	
-    if( !object)
-        return( kIOReturnBadArgument );
+	if( !object)
+		return( kIOReturnBadArgument );
 		
-    my_obj = object->getMetaClass();
-    if (!my_obj) {
-        return (kIOReturnNotFound);
-    }
-
+	my_obj = object->getMetaClass();
+	if (!my_obj) {
+		return (kIOReturnNotFound);
+	}
+	
     strlcpy( className, my_obj->getClassName(), sizeof(io_name_t));
-
     return( kIOReturnSuccess );
 }
 
@@ -1795,7 +1364,6 @@
         return( kIOReturnBadArgument );
 
     *conforms = (0 != object->metaCast( className ));
-
     return( kIOReturnSuccess );
 }
 
@@ -1816,7 +1384,6 @@
 	io_object_t iterator,
 	io_object_t *object )
 {
-    IOReturn    ret;
     OSObject *	obj;
 
     CHECK( OSIterator, iterator, iter );
@@ -1825,11 +1392,9 @@
     if( obj) {
 	obj->retain();
 	*object = obj;
-        ret = kIOReturnSuccess;
+        return( kIOReturnSuccess );
     } else
-        ret = kIOReturnNoDevice;
-
-    return (ret);
+        return( kIOReturnNoDevice );
 }
 
 /* Routine io_iterator_reset */
@@ -1855,12 +1420,11 @@
     return( kIOReturnSuccess );
 }
 
-
-static kern_return_t internal_io_service_match_property_table(
+/* Routine io_service_match_property_table */
+kern_return_t is_io_service_match_property_table(
 	io_service_t _service,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
-	boolean_t *matches)
+	io_string_t matching,
+	boolean_t *matches )
 {
     CHECK( IOService, _service, service );
 
@@ -1868,8 +1432,8 @@
     OSObject *		obj;
     OSDictionary *	dict;
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
+    obj = OSUnserializeXML( matching );
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *matches = service->passiveMatch( dict );
 	kr = kIOReturnSuccess;
@@ -1881,16 +1445,6 @@
 
     return( kr );
 }
-
-/* Routine io_service_match_property_table */
-kern_return_t is_io_service_match_property_table(
-	io_service_t service,
-	io_string_t matching,
-	boolean_t *matches )
-{
-    return (internal_io_service_match_property_table(service, matching, 0, matches));
-}
-
 
 /* Routine io_service_match_property_table_ool */
 kern_return_t is_io_service_match_property_table_ool(
@@ -1909,47 +1463,10 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-	*result = internal_io_service_match_property_table(service,
-		(const char *)data, matchingCnt, matches );
+	*result = is_io_service_match_property_table( service,
+		(char *) data, matches );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
-
-    return( kr );
-}
-
-/* Routine io_service_match_property_table_bin */
-kern_return_t is_io_service_match_property_table_bin(
-	io_object_t service,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	boolean_t *matches)
-{
-    return (internal_io_service_match_property_table(service, matching, matchingCnt, matches));
-}
-
-static kern_return_t internal_io_service_get_matching_services(
-	mach_port_t master_port,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
-	io_iterator_t *existing )
-{
-    kern_return_t	kr;
-    OSObject *		obj;
-    OSDictionary *	dict;
-
-    if( master_port != master_device_port)
-        return( kIOReturnNotPrivileged);
-
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
-    if( (dict = OSDynamicCast( OSDictionary, obj))) {
-        *existing = IOUserIterator::withIterator(IOService::getMatchingServices( dict ));
-	kr = kIOReturnSuccess;
-    } else
-	kr = kIOReturnBadArgument;
-
-    if( obj)
-        obj->release();
 
     return( kr );
 }
@@ -1960,7 +1477,25 @@
 	io_string_t matching,
 	io_iterator_t *existing )
 {
-    return (internal_io_service_get_matching_services(master_port, matching, 0, existing));
+    kern_return_t	kr;
+    OSObject *		obj;
+    OSDictionary *	dict;
+
+    if( master_port != master_device_port)
+        return( kIOReturnNotPrivileged);
+
+    obj = OSUnserializeXML( matching );
+
+    if( (dict = OSDynamicCast( OSDictionary, obj))) {
+        *existing = IOService::getMatchingServices( dict );
+	kr = kIOReturnSuccess;
+    } else
+	kr = kIOReturnBadArgument;
+
+    if( obj)
+        obj->release();
+
+    return( kr );
 }
 
 /* Routine io_service_get_matching_services_ool */
@@ -1980,105 +1515,18 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *existing = 0;
-	*result = internal_io_service_get_matching_services(master_port,
-			(const char *) data, matchingCnt, existing);
+	*result = is_io_service_get_matching_services( master_port,
+			(char *) data, existing );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
 
     return( kr );
-}
-
-/* Routine io_service_get_matching_services_bin */
-kern_return_t is_io_service_get_matching_services_bin(
-	mach_port_t master_port,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	io_object_t *existing)
-{
-    return (internal_io_service_get_matching_services(master_port, matching, matchingCnt, existing));
-}
-
-
-static kern_return_t internal_io_service_get_matching_service(
-	mach_port_t master_port,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
-	io_service_t *service )
-{
-    kern_return_t	kr;
-    OSObject *		obj;
-    OSDictionary *	dict;
-
-    if( master_port != master_device_port)
-        return( kIOReturnNotPrivileged);
-
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
-    if( (dict = OSDynamicCast( OSDictionary, obj))) {
-        *service = IOService::copyMatchingService( dict );
-	kr = *service ? kIOReturnSuccess : kIOReturnNotFound;
-    } else
-	kr = kIOReturnBadArgument;
-
-    if( obj)
-        obj->release();
-
-    return( kr );
-}
-
-/* Routine io_service_get_matching_service */
-kern_return_t is_io_service_get_matching_service(
-	mach_port_t master_port,
-	io_string_t matching,
-	io_service_t *service )
-{
-    return (internal_io_service_get_matching_service(master_port, matching, 0, service));
-}
-
-/* Routine io_service_get_matching_services_ool */
-kern_return_t is_io_service_get_matching_service_ool(
-	mach_port_t master_port,
-	io_buf_ptr_t matching,
-	mach_msg_type_number_t matchingCnt,
-	kern_return_t *result,
-	io_object_t *service )
-{
-    kern_return_t	kr;
-    vm_offset_t 	data;
-    vm_map_offset_t	map_data;
-
-    kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
-    data = CAST_DOWN(vm_offset_t, map_data);
-
-    if( KERN_SUCCESS == kr) {
-        // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *service = 0;
-	*result = internal_io_service_get_matching_service(master_port,
-			(const char *) data, matchingCnt, service );
-	vm_deallocate( kernel_map, data, matchingCnt );
-    }
-
-    return( kr );
-}
-
-/* Routine io_service_get_matching_service_bin */
-kern_return_t is_io_service_get_matching_service_bin(
-	mach_port_t master_port,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	io_object_t *service)
-{
-    return (internal_io_service_get_matching_service(master_port, matching, matchingCnt, service));
 }
 
 static kern_return_t internal_io_service_add_notification(
 	mach_port_t master_port,
 	io_name_t notification_type,
-	const char * matching,
-	size_t matching_size,
+	io_string_t matching,
 	mach_port_t port,
 	void * reference,
 	vm_size_t referenceSize,
@@ -2092,6 +1540,7 @@
     IOReturn			err;
     unsigned long int		userMsgType;
 
+
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
@@ -2101,16 +1550,8 @@
         if( !(sym = OSSymbol::withCString( notification_type )))
 	    err = kIOReturnNoResources;
 
-	if (matching_size)
-	{
-            dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size));
-	}
-	else
-	{
-	    dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching));
-	}
-
-        if (!dict) {
+        if( !(dict = OSDynamicCast( OSDictionary,
+                    OSUnserializeXML( matching )))) {
             err = kIOReturnBadArgument;
 	    continue;
 	}
@@ -2130,7 +1571,6 @@
 
         if( userNotify && !userNotify->init( port, userMsgType,
                                              reference, referenceSize, client64)) {
-			iokit_release_port_send(port);
             userNotify->release();
             userNotify = 0;
         }
@@ -2168,7 +1608,7 @@
 	io_object_t * notification )
 {
     return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, 0, port, &reference[0], sizeof(io_async_ref_t),
+		matching, port, &reference[0], sizeof(io_async_ref_t),
 		false, notification));
 }
 
@@ -2183,43 +1623,10 @@
 	io_object_t *notification )
 {
     return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, 0, wake_port, &reference[0], sizeof(io_async_ref64_t),
+		matching, wake_port, &reference[0], sizeof(io_async_ref64_t),
 		true, notification));
 }
 
-/* Routine io_service_add_notification_bin */
-kern_return_t is_io_service_add_notification_bin
-(
-	mach_port_t master_port,
-	io_name_t notification_type,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	mach_port_t wake_port,
-	io_async_ref_t reference,
-	mach_msg_type_number_t referenceCnt,
-	io_object_t *notification)
-{
-    return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t),
-		false, notification));
-}
-
-/* Routine io_service_add_notification_bin_64 */
-kern_return_t is_io_service_add_notification_bin_64
-(
-	mach_port_t master_port,
-	io_name_t notification_type,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	mach_port_t wake_port,
-	io_async_ref64_t reference,
-	mach_msg_type_number_t referenceCnt,
-	io_object_t *notification)
-{
-    return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t),
-		true, notification));
-}
 
 static kern_return_t internal_io_service_add_notification_ool(
 	mach_port_t master_port,
@@ -2242,10 +1649,8 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *notification = 0;
 	*result = internal_io_service_add_notification( master_port, notification_type,
-			(char *) data, matchingCnt, wake_port, reference, referenceSize, client64, notification );
+			(char *) data, wake_port, reference, referenceSize, client64, notification );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
 
@@ -2327,7 +1732,6 @@
                                              reference, referenceSize,
 					     kIOUserNotifyMaxMessageSize,
 					     client64 )) {
-			iokit_release_port_send(port);
             userNotify->release();
             userNotify = 0;
         }
@@ -2385,7 +1789,7 @@
 {
     CHECK( IOService, _service, service );
 
-    return( service->acknowledgeNotification( (IONotificationRef)(uintptr_t) notify_ref,
+    return( service->acknowledgeNotification( (IONotificationRef) notify_ref,
                                               (IOOptionBits) response ));
     
 }
@@ -2398,7 +1802,6 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->getNotificationSemaphore( (UInt32) notification_type,
                                               semaphore ));
 }
@@ -2431,9 +1834,8 @@
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
-    *iterator = IOUserIterator::withIterator(
-	IORegistryIterator::iterateOver(
-		IORegistryEntry::getPlane( plane ), options ));
+    *iterator = IORegistryIterator::iterateOver(
+	IORegistryEntry::getPlane( plane ), options );
 
     return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
 }
@@ -2447,9 +1849,8 @@
 {
     CHECK( IORegistryEntry, registry_entry, entry );
 
-    *iterator = IOUserIterator::withIterator(
-	IORegistryIterator::iterateOver( entry,
-		IORegistryEntry::getPlane( plane ), options ));
+    *iterator = IORegistryIterator::iterateOver( entry,
+	IORegistryEntry::getPlane( plane ), options );
 
     return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
 }
@@ -2458,11 +1859,9 @@
 kern_return_t is_io_registry_iterator_enter_entry(
 	io_object_t iterator )
 {
-    CHECKLOCKED( IORegistryIterator, iterator, iter );
-
-    IOLockLock(oIter->lock);
+    CHECK( IORegistryIterator, iterator, iter );
+
     iter->enterEntry();
-    IOLockUnlock(oIter->lock);
 
     return( kIOReturnSuccess );
 }
@@ -2473,11 +1872,9 @@
 {
     bool	didIt;
 
-    CHECKLOCKED( IORegistryIterator, iterator, iter );
-
-    IOLockLock(oIter->lock);
+    CHECK( IORegistryIterator, iterator, iter );
+
     didIt = iter->exitEntry();
-    IOLockUnlock(oIter->lock);
 
     return( didIt ? kIOReturnSuccess : kIOReturnNoDevice );
 }
@@ -2500,58 +1897,6 @@
     return( kIOReturnSuccess );
 }
 
-
-/* Routine io_registry_entry_from_path */
-kern_return_t is_io_registry_entry_from_path_ool(
-	mach_port_t master_port,
-	io_string_inband_t path,
-	io_buf_ptr_t path_ool,
-	mach_msg_type_number_t path_oolCnt,
-	kern_return_t *result,
-	io_object_t *registry_entry)
-{
-    IORegistryEntry *	entry;
-    vm_map_offset_t	map_data;
-    const char * 	cpath;
-    IOReturn            res;
-    kern_return_t       err;
-
-    if (master_port != master_device_port) return(kIOReturnNotPrivileged);
-
-    map_data = 0;
-    entry    = 0;
-    res = err = KERN_SUCCESS;
-    if (path[0]) cpath = path;
-    else
-    {
-	if (!path_oolCnt)                                      return(kIOReturnBadArgument);
-	if (path_oolCnt > (sizeof(io_struct_inband_t) * 1024)) return(kIOReturnMessageTooLarge);
-
-	err = vm_map_copyout(kernel_map, &map_data, (vm_map_copy_t) path_ool);
-	if (KERN_SUCCESS == err)
-	{
-	    // must return success to mig after vm_map_copyout() succeeds, so result is actual
-	    cpath = CAST_DOWN(const char *, map_data);
-	    if (cpath[path_oolCnt - 1]) res = kIOReturnBadArgument;
-	}
-    }
-
-    if ((KERN_SUCCESS == err) && (KERN_SUCCESS == res))
-    {
-	entry = IORegistryEntry::fromPath(cpath);
-	res = entry ? kIOReturnSuccess : kIOReturnNotFound;
-    }
-
-    if (map_data) vm_deallocate(kernel_map, map_data, path_oolCnt);
-
-    if (KERN_SUCCESS != err) res = err;
-    *registry_entry = entry;
-    *result = res;
-
-    return (err);
-}
-
-
 /* Routine io_registry_entry_in_plane */
 kern_return_t is_io_registry_entry_in_plane(
 	io_object_t registry_entry,
@@ -2582,42 +1927,6 @@
 	return( kIOReturnBadArgument );
 }
 
-/* Routine io_registry_entry_get_path */
-kern_return_t is_io_registry_entry_get_path_ool(
-	io_object_t registry_entry,
-	io_name_t plane,
-	io_string_inband_t path,
-	io_buf_ptr_t *path_ool,
-	mach_msg_type_number_t *path_oolCnt)
-{
-    enum   { kMaxPath = 16384 };
-    IOReturn err;
-    int      length;
-    char   * buf;
-
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-    *path_ool    = NULL;
-    *path_oolCnt = 0;
-    length = sizeof(io_string_inband_t);
-    if (entry->getPath(path, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnSuccess;
-    else
-    {
-	length = kMaxPath;
-	buf = IONew(char, length);
-	if (!buf) err = kIOReturnNoMemory;
-	else if (!entry->getPath(buf, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnError;
-	else
-	{
-	    *path_oolCnt = length;
-	    err = copyoutkdata(buf, length, path_ool);
-	}
-	if (buf) IODelete(buf, char, kMaxPath);
-    }
-
-    return (err);
-}
-
 
 /* Routine io_registry_entry_get_name */
 kern_return_t is_io_registry_entry_get_name(
@@ -2683,6 +1992,25 @@
     *entry_id = entry->getRegistryEntryID();
 
     return (kIOReturnSuccess);
+}
+
+// Create a vm_map_copy_t or kalloc'ed data for memory
+// to be copied out. ipc will free after the copyout.
+
+static kern_return_t copyoutkdata( void * data, vm_size_t len,
+                                    io_buf_ptr_t * buf )
+{
+    kern_return_t	err;
+    vm_map_copy_t	copy;
+
+    err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
+                    false /* src_destroy */, &copy);
+
+    assert( err == KERN_SUCCESS );
+    if( err == KERN_SUCCESS )
+        *buf = (char *) copy;
+
+    return( err );
 }
 
 /* Routine io_registry_entry_get_property */
@@ -2704,11 +2032,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty(property_name);
     if( !obj)
         return( kIOReturnNoResources );
@@ -2766,11 +2089,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty(property_name);
     if( !obj)
         return( kIOReturnNotFound );
@@ -2780,6 +2098,7 @@
         obj->release();
 	return( kIOReturnNoMemory );
     }
+    s->clearText();
 
     if( obj->serialize( s )) {
         len = s->getLength();
@@ -2810,11 +2129,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty( property_name,
                                IORegistryEntry::getPlane( plane ), options);
     if( !obj)
@@ -2826,6 +2140,8 @@
 	return( kIOReturnNoMemory );
     }
 
+    s->clearText();
+
     if( obj->serialize( s )) {
         len = s->getLength();
         *propertiesCnt = len;
@@ -2839,43 +2155,6 @@
 
     return( err );
 }
-
-#if CONFIG_MACF
-
-static kern_return_t
-filteredProperties(IORegistryEntry *entry, OSDictionary *properties, OSDictionary **filteredp)
-{
-    kern_return_t	err = 0;
-    OSDictionary	*filtered = NULL;
-    OSCollectionIterator *iter = NULL;
-    OSSymbol		*key;
-    OSObject		*p;
-    kauth_cred_t	cred = kauth_cred_get();
-
-    if (properties == NULL)
-	return kIOReturnUnsupported;
-
-    if ((iter = OSCollectionIterator::withCollection(properties)) == NULL ||
-        (filtered = OSDictionary::withCapacity(properties->getCapacity())) == NULL) {
-	err = kIOReturnNoMemory;
-	goto out;
-    }
-
-    while ((p = iter->getNextObject()) != NULL) {
-	if ((key = OSDynamicCast(OSSymbol, p)) == NULL ||
-	    mac_iokit_check_get_property(cred, entry, key->getCStringNoCopy()) != 0)
-	    continue;
-	filtered->setObject(key, properties->getObject(key));
-    }
-
-out:
-    if (iter != NULL)
-	iter->release();
-    *filteredp = filtered;
-    return err;
-}
-
-#endif
 
 /* Routine io_registry_entry_get_properties */
 kern_return_t is_io_registry_entry_get_properties(
@@ -2883,7 +2162,7 @@
 	io_buf_ptr_t *properties,
 	mach_msg_type_number_t *propertiesCnt )
 {
-    kern_return_t	err = 0;
+    kern_return_t	err;
     vm_size_t 		len;
 
     CHECK( IORegistryEntry, registry_entry, entry );
@@ -2892,170 +2171,20 @@
     if( !s)
 	return( kIOReturnNoMemory );
 
-    if (!entry->serializeProperties(s))
-	err = kIOReturnUnsupported;
-
-#if CONFIG_MACF
-    if (!err && mac_iokit_check_filter_properties(kauth_cred_get(), entry)) {
-	OSObject *propobj = OSUnserializeXML(s->text(), s->getLength());
-	OSDictionary *filteredprops = NULL;
-	err = filteredProperties(entry, OSDynamicCast(OSDictionary, propobj), &filteredprops);
-	if (propobj) propobj->release();
-
-	if (!err) {
-	    s->clearText();
-	    if (!filteredprops->serialize(s))
-		err = kIOReturnUnsupported;
-	}
-	if (filteredprops != NULL)
-	    filteredprops->release();
-    }
-#endif /* CONFIG_MACF */
-
-    if (!err) {
-	len = s->getLength();
-	*propertiesCnt = len;
-	err = copyoutkdata( s->text(), len, properties );
-    }
-
-    s->release();
-    return( err );
-}
-
-#if CONFIG_MACF
-
-struct GetPropertiesEditorRef
-{
-    kauth_cred_t      cred;
-    IORegistryEntry * entry;
-    OSCollection    * root;
-};
-
-static const OSMetaClassBase *
-GetPropertiesEditor(void                  * reference,
-					OSSerialize           * s, 
-					OSCollection          * container, 
-					const OSSymbol        * name,
-					const OSMetaClassBase * value)
-{
-    GetPropertiesEditorRef * ref = (typeof(ref)) reference;
-
-    if (!ref->root) ref->root = container;
-    if (ref->root == container)
-	{
-		if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy())) 
-		{
-			value = 0;
-		}
-	}
-	if (value) value->retain();
-    return (value);
-}
-
-#endif /* CONFIG_MACF */
-
-/* Routine io_registry_entry_get_properties */
-kern_return_t is_io_registry_entry_get_properties_bin(
-	io_object_t registry_entry,
-	io_buf_ptr_t *properties,
-	mach_msg_type_number_t *propertiesCnt)
-{
-    kern_return_t	       err = kIOReturnSuccess;
-    vm_size_t 		       len;
-    OSSerialize          * s;
-    OSSerialize::Editor    editor = 0;
-    void                 * editRef = 0;
-
-    CHECK(IORegistryEntry, registry_entry, entry);
-
-#if CONFIG_MACF
-    GetPropertiesEditorRef ref;
-    if (mac_iokit_check_filter_properties(kauth_cred_get(), entry))
-    {
-    	editor    = &GetPropertiesEditor;
-    	editRef   = &ref;
-    	ref.cred  = kauth_cred_get();
-    	ref.entry = entry;
-    	ref.root  = 0;
-    }
-#endif
-
-    s = OSSerialize::binaryWithCapacity(4096, editor, editRef);
-    if (!s) return (kIOReturnNoMemory);
-
-    if (!entry->serializeProperties(s)) err = kIOReturnUnsupported;
-
-    if (kIOReturnSuccess == err)
-    {
-		len = s->getLength();
-		*propertiesCnt = len;
-		err = copyoutkdata(s->text(), len, properties);
-    }
-    s->release();
-
-    return (err);
-}
-
-/* Routine io_registry_entry_get_property_bin */
-kern_return_t is_io_registry_entry_get_property_bin(
-	io_object_t registry_entry,
-	io_name_t plane,
-	io_name_t property_name,
-	uint32_t options,
-	io_buf_ptr_t *properties,
-	mach_msg_type_number_t *propertiesCnt )
-{
-    kern_return_t	err;
-    vm_size_t 		len;
-    OSObject *		obj;
-    const OSSymbol *    sym;
-
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
-    if ((kIORegistryIterateRecursively & options) && plane[0])
-    {
-	obj = entry->copyProperty(property_name,
-				  IORegistryEntry::getPlane(plane), options);
-    }
-    else
-    {
-	obj = entry->copyProperty(property_name);
-    }
-
-    if( !obj)
-        return( kIOReturnNotFound );
-
-    sym = OSSymbol::withCString(property_name);
-    if (sym)
-    {
-        if (gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym);
-        sym->release();
-    }
-
-    OSSerialize * s = OSSerialize::binaryWithCapacity(4096);
-    if( !s) {
-        obj->release();
-	return( kIOReturnNoMemory );
-    }
-
-    if( obj->serialize( s )) {
+    s->clearText();
+
+    if( entry->serializeProperties( s )) {
         len = s->getLength();
         *propertiesCnt = len;
         err = copyoutkdata( s->text(), len, properties );
 
-    } else err = kIOReturnUnsupported; 
+    } else
+        err = kIOReturnUnsupported;
 
     s->release();
-    obj->release();
 
     return( err );
 }
-
 
 /* Routine io_registry_entry_set_properties */
 kern_return_t is_io_registry_entry_set_properties
@@ -3073,34 +2202,20 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-    if( propertiesCnt > sizeof(io_struct_inband_t) * 1024)
-        return( kIOReturnMessageTooLarge);
-
     err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
     data = CAST_DOWN(vm_offset_t, map_data);
 
     if( KERN_SUCCESS == err) {
 
         // must return success after vm_map_copyout() succeeds
-        obj = OSUnserializeXML( (const char *) data, propertiesCnt );
+        obj = OSUnserializeXML( (const char *) data );
 	vm_deallocate( kernel_map, data, propertiesCnt );
 
-	if (!obj)
-	    res = kIOReturnBadArgument;
-#if CONFIG_MACF
-	else if (0 != mac_iokit_check_set_properties(kauth_cred_get(),
-	    registry_entry, obj))
-	{
-	    res = kIOReturnNotPermitted;
-	}
-#endif
-	else
-	{
-	    res = entry->setProperties( obj );
-	}
-
-	if (obj)
-	    obj->release();
+        if( obj) {
+            res = entry->setProperties( obj );
+            obj->release();
+        } else
+            res = kIOReturnBadArgument;
     } else
         res = err;
 
@@ -3190,33 +2305,28 @@
     return( service->requestProbe( options ));
 }
 
-/* Routine io_service_get_authorization_id */
-kern_return_t is_io_service_get_authorization_id(
+
+/* Routine io_service_open */
+kern_return_t is_io_service_open(
 	io_object_t _service,
-	uint64_t *authorization_id )
-{
-    kern_return_t	   kr;
+	task_t owningTask,
+	uint32_t connect_type,
+	io_object_t *connection )
+{
+    IOUserClient	*	client;
+    IOReturn 			err;
 
     CHECK( IOService, _service, service );
 
-    kr = IOUserClient::clientHasPrivilege( (void *) current_task(),
-                                            kIOClientPrivilegeAdministrator );
-    if( kIOReturnSuccess != kr)
-        return( kr );
-
-    *authorization_id = service->getAuthorizationID();
-
-    return( kr );
-}
-
-/* Routine io_service_set_authorization_id */
-kern_return_t is_io_service_set_authorization_id(
-	io_object_t _service,
-	uint64_t authorization_id )
-{
-    CHECK( IOService, _service, service );
-
-    return( service->setAuthorizationID( authorization_id ) );
+    err = service->newUserClient( owningTask, (void *) owningTask,
+		connect_type, 0, &client );
+
+    if( err == kIOReturnSuccess) {
+	assert( OSDynamicCast(IOUserClient, client) );
+	*connection = client;
+    }
+
+    return( err);
 }
 
 /* Routine io_service_open_ndr */
@@ -3239,8 +2349,6 @@
 
     CHECK( IOService, _service, service );
 
-    if (!owningTask) return (kIOReturnBadArgument);
-
     do
     {
 	if (properties)
@@ -3249,16 +2357,13 @@
 	    vm_offset_t     data;
 	    vm_map_offset_t map_data;
 
-	    if( propertiesCnt > sizeof(io_struct_inband_t))
-		return( kIOReturnMessageTooLarge);
-
 	    err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
 	    res = err;
 	    data = CAST_DOWN(vm_offset_t, map_data);
 	    if (KERN_SUCCESS == err)
 	    {
 		// must return success after vm_map_copyout() succeeds
-		obj = OSUnserializeXML( (const char *) data, propertiesCnt );
+		obj = OSUnserializeXML( (const char *) data );
 		vm_deallocate( kernel_map, data, propertiesCnt );
 		propertiesDict = OSDynamicCast(OSDictionary, obj);
 		if (!propertiesDict)
@@ -3299,28 +2404,22 @@
 	    disallowAccess = (crossEndian
 		&& (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey))
 		&& (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey)));
-            if (disallowAccess) res = kIOReturnUnsupported;
-#if CONFIG_MACF
-	    else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type))
-		res = kIOReturnNotPermitted;
-#endif
-	    if (kIOReturnSuccess != res)
+
+	    if (disallowAccess)
 	    {
-		IOStatisticsClientCall();
 		client->clientClose();
 		client->release();
 		client = 0;
+		res = kIOReturnUnsupported;
 		break;
 	    }
 	    client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
-	    client->closed = false;
 	    OSString * creatorName = IOCopyLogNameForPID(proc_selfpid());
 	    if (creatorName)
 	    {
 		client->setProperty(kIOUserClientCreatorKey, creatorName);
 		creatorName->release();
 	    }
-	    client->setTerminateDefer(service, false);
 	}
     }
     while (false);
@@ -3341,17 +2440,7 @@
 
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
-
-    if (client->sharedInstance || OSCompareAndSwap8(0, 1, &client->closed)) 
-    {
-	client->clientClose();
-    }
-    else
-    {
-	IOLog("ignored is_io_service_close(0x%qx,%s)\n", 
-		client->getRegistryEntryID(), client->getName());
-    }
+    client->clientClose();
 
     return( kIOReturnSuccess );
 }
@@ -3383,7 +2472,6 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->registerNotificationPort( port, notification_type,
 						(io_user_reference_t) reference ));
 }
@@ -3397,7 +2485,6 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->registerNotificationPort( port, notification_type,
 						reference ));
 }
@@ -3418,9 +2505,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    if (!into_task) return (kIOReturnBadArgument);
-
-    IOStatisticsClientCall();
     map = client->mapClientMemory64( memory_type, into_task, flags, *address );
 
     if( map) {
@@ -3435,6 +2519,7 @@
 	    mach_port_name_t name __unused =
 		IOMachPort::makeSendRightForTask(
                                     into_task, map, IKOT_IOKIT_OBJECT );
+            assert( name );
 
         } else {
             // keep it with the user client
@@ -3459,8 +2544,8 @@
 	io_object_t     connect,
 	uint32_t	type,
 	task_t		task,
-	uint32_t  *	mapAddr,
-	uint32_t  *	mapSize,
+	vm_address_t *	mapAddr,
+	vm_size_t    *	mapSize,
 	uint32_t	flags )
 {
     IOReturn	      err;
@@ -3477,8 +2562,6 @@
 
     return (err);
 }
-
-} /* extern "C" */
 
 IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem)
 {
@@ -3507,8 +2590,6 @@
     return (map);
 }
 
-extern "C" {
-
 /* Routine io_connect_unmap_memory_from_task */
 kern_return_t is_io_connect_unmap_memory_from_task
 (
@@ -3524,9 +2605,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    if (!from_task) return (kIOReturnBadArgument);
-
-    IOStatisticsClientCall();
     err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory );
 
     if( memory && (kIOReturnSuccess == err)) {
@@ -3568,7 +2646,7 @@
 	io_object_t     connect,
 	uint32_t	type,
 	task_t		task,
-	uint32_t 	mapAddr )
+	vm_address_t 	mapAddr )
 {
     IOReturn		err;
     mach_vm_address_t   address;
@@ -3589,7 +2667,6 @@
     CHECK( IOUserClient, connection, client );
     CHECK( IOUserClient, connect_to, to );
 
-    IOStatisticsClientCall();
     return( client->connectClient( to ) );
 }
 
@@ -3604,98 +2681,6 @@
     return( is_io_registry_entry_set_properties( connection, properties, propertiesCnt, result ));
 }
 
-/* Routine io_user_client_method */
-kern_return_t is_io_connect_method_var_output
-(
-	io_connect_t connection,
-	uint32_t selector,
-	io_scalar_inband64_t scalar_input,
-	mach_msg_type_number_t scalar_inputCnt,
-	io_struct_inband_t inband_input,
-	mach_msg_type_number_t inband_inputCnt,
-	mach_vm_address_t ool_input,
-	mach_vm_size_t ool_input_size,
-	io_struct_inband_t inband_output,
-	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
-	io_buf_ptr_t *var_output,
-	mach_msg_type_number_t *var_outputCnt
-)
-{
-    CHECK( IOUserClient, connection, client );
-
-    IOExternalMethodArguments args;
-    IOReturn ret;
-    IOMemoryDescriptor * inputMD  = 0;
-    OSObject *           structureVariableOutputData = 0;
-
-    bzero(&args.__reserved[0], sizeof(args.__reserved));
-    args.version = kIOExternalMethodArgumentsCurrentVersion;
-
-    args.selector = selector;
-
-    args.asyncWakePort               = MACH_PORT_NULL;
-    args.asyncReference              = 0;
-    args.asyncReferenceCount         = 0;
-    args.structureVariableOutputData = &structureVariableOutputData;
-
-    args.scalarInput = scalar_input;
-    args.scalarInputCount = scalar_inputCnt;
-    args.structureInput = inband_input;
-    args.structureInputSize = inband_inputCnt;
-
-    if (ool_input)
-	inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 
-						    kIODirectionOut, current_task());
-
-    args.structureInputDescriptor = inputMD;
-
-    args.scalarOutput = scalar_output;
-    args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
-    args.structureOutput = inband_output;
-    args.structureOutputSize = *inband_outputCnt;
-    args.structureOutputDescriptor = NULL;
-    args.structureOutputDescriptorSize = 0;
-
-    IOStatisticsClientCall();
-    ret = client->externalMethod( selector, &args );
-
-    *scalar_outputCnt = args.scalarOutputCount;
-    *inband_outputCnt = args.structureOutputSize;
-
-    if (var_outputCnt && var_output && (kIOReturnSuccess == ret))
-    {
-    	OSSerialize * serialize;
-    	OSData      * data;
-	vm_size_t     len;
-
-	if ((serialize = OSDynamicCast(OSSerialize, structureVariableOutputData)))
-	{
-	    len = serialize->getLength();
-	    *var_outputCnt = len;
-	    ret = copyoutkdata(serialize->text(), len, var_output);
-	}
-	else if ((data = OSDynamicCast(OSData, structureVariableOutputData)))
-	{
-	    len = data->getLength();
-	    *var_outputCnt = len;
-	    ret = copyoutkdata(data->getBytesNoCopy(), len, var_output);
-	}
-	else
-	{
-	    ret = kIOReturnUnderrun;
-	}
-    }
-
-    if (inputMD)
-	inputMD->release();
-    if (structureVariableOutputData)
-    	structureVariableOutputData->release();
-
-    return (ret);
-}
 
 /* Routine io_user_client_method */
 kern_return_t is_io_connect_method
@@ -3708,12 +2693,12 @@
 	mach_msg_type_number_t inband_inputCnt,
 	mach_vm_address_t ool_input,
 	mach_vm_size_t ool_input_size,
+	io_scalar_inband64_t scalar_output,
+	mach_msg_type_number_t *scalar_outputCnt,
 	io_struct_inband_t inband_output,
 	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
 	mach_vm_address_t ool_output,
-	mach_vm_size_t *ool_output_size
+	mach_vm_size_t * ool_output_size
 )
 {
     CHECK( IOUserClient, connection, client );
@@ -3728,10 +2713,9 @@
 
     args.selector = selector;
 
-    args.asyncWakePort               = MACH_PORT_NULL;
-    args.asyncReference              = 0;
-    args.asyncReferenceCount         = 0;
-    args.structureVariableOutputData = 0;
+    args.asyncWakePort       = MACH_PORT_NULL;
+    args.asyncReference      = 0;
+    args.asyncReferenceCount = 0;
 
     args.scalarInput = scalar_input;
     args.scalarInputCount = scalar_inputCnt;
@@ -3746,20 +2730,18 @@
 
     args.scalarOutput = scalar_output;
     args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
 
-    if (ool_output && ool_output_size)
+    if (ool_output)
     {
 	outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size, 
 						    kIODirectionIn, current_task());
     }
 
     args.structureOutputDescriptor = outputMD;
-    args.structureOutputDescriptorSize = ool_output_size ? *ool_output_size : 0;
-
-    IOStatisticsClientCall();
+    args.structureOutputDescriptorSize = *ool_output_size;
+
     ret = client->externalMethod( selector, &args );
 
     *scalar_outputCnt = args.scalarOutputCount;
@@ -3788,10 +2770,10 @@
 	mach_msg_type_number_t inband_inputCnt,
 	mach_vm_address_t ool_input,
 	mach_vm_size_t ool_input_size,
+	io_scalar_inband64_t scalar_output,
+	mach_msg_type_number_t *scalar_outputCnt,
 	io_struct_inband_t inband_output,
 	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
 	mach_vm_address_t ool_output,
 	mach_vm_size_t * ool_output_size
 )
@@ -3829,7 +2811,6 @@
 
     args.scalarOutput = scalar_output;
     args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
 
@@ -3842,7 +2823,6 @@
     args.structureOutputDescriptor = outputMD;
     args.structureOutputDescriptorSize = *ool_output_size;
 
-    IOStatisticsClientCall();
     ret = client->externalMethod( selector, &args );
 
     *inband_outputCnt = args.structureOutputSize;
@@ -3873,7 +2853,6 @@
     mach_msg_type_number_t struct_outputCnt = 0;
     mach_vm_size_t ool_output_size = 0;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < inputCount; i++)
 	_input[i] = SCALAR64(input[i]);
 	
@@ -3881,8 +2860,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    _output, outputCount,
 		    NULL, &struct_outputCnt,
-		    _output, outputCount,
 		    0, &ool_output_size);
 
     for (i = 0; i < *outputCount; i++)
@@ -3904,7 +2883,6 @@
     IOReturn 		err;
     err = kIOReturnBadArgument;
 
-    bzero(&_output[0], sizeof(_output));
     do {
 
 	if( inputCount != method->count0)
@@ -3986,7 +2964,6 @@
     io_scalar_inband64_t _output;
     io_async_ref64_t _reference;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < referenceCnt; i++)
 	_reference[i] = REF64(reference[i]);
 
@@ -4002,8 +2979,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    _output, outputCount,
 		    NULL, &struct_outputCnt,
-		    _output, outputCount,
 		    0, &ool_output_size);
 
     for (i = 0; i < *outputCount; i++)
@@ -4042,8 +3019,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4079,8 +3056,8 @@
 		    _input, inputCount, 
 		    inputStruct, inputStructCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    NULL, &inband_outputCnt,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4110,8 +3087,8 @@
 		    NULL, 0, 
 		    input, inputCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4133,7 +3110,6 @@
     IOReturn 		err;
     io_async_ref_t	reference;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < asyncReferenceCount; i++)
 	reference[i] = REF32(asyncReference[i]);
 
@@ -4231,8 +3207,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4404,8 +3380,8 @@
 		    _input, inputCount, 
 		    inputStruct, inputStructCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    NULL, &inband_outputCnt,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4422,7 +3398,8 @@
 
     do
     {
-	if (inputCount != method->count0)
+	if( (kIOUCVariableStructureSize != method->count0)
+		&& (inputCount != method->count0))
 	{
 	    IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
 	    continue;
@@ -4446,25 +3423,25 @@
 	    case 4:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]), (void *)  input[2],
 					ARG32(input[3]),
-					inputStruct, (void *)(uintptr_t)inputStructCount );
+					inputStruct, (void *)inputStructCount );
 		break;
 	    case 3:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0 );
 		break;
 	    case 2:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0, 0 );
 		break;
 	    case 1:
 		err = (object->*func)( ARG32(input[0]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0, 0, 0 );
 		break;
 	    case 0:
-		err = (object->*func)( inputStruct, (void *)(uintptr_t)inputStructCount,
+		err = (object->*func)( inputStruct, (void *)inputStructCount,
 					0, 0, 0, 0 );
 		break;
 
@@ -4498,7 +3475,8 @@
 
     do
     {
-	if (inputCount != method->count0)
+	if( (kIOUCVariableStructureSize != method->count0)
+		&& (inputCount != method->count0))
 	{
 	    IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
 	    continue;
@@ -4524,29 +3502,29 @@
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
                                         ARG32(input[3]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount );
+                                        inputStruct, (void *)inputStructCount );
                 break;
             case 3:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0 );
                 break;
             case 2:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0 );
                 break;
             case 1:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0, 0 );
                 break;
             case 0:
                 err = (object->*func)(	reference,
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0, 0, 0 );
                 break;
 
@@ -4575,8 +3553,8 @@
 		    NULL, 0, 
 		    input, inputCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -4611,12 +3589,12 @@
 	if( method->count1) {
 	    if( method->count0) {
 		err = (object->*func)( input, output,
-					(void *)(uintptr_t)inputCount, outputCount, 0, 0 );
+					(void *)inputCount, outputCount, 0, 0 );
 	    } else {
 		err = (object->*func)( output, outputCount, 0, 0, 0, 0 );
 	    }
 	} else {
-		err = (object->*func)( input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
+		err = (object->*func)( input, (void *)inputCount, 0, 0, 0, 0 );
 	}
     }
     while( false);
@@ -4666,17 +3644,83 @@
             if( method->count0) {
                 err = (object->*func)( reference,
                                        input, output,
-                                        (void *)(uintptr_t)inputCount, outputCount, 0, 0 );
+                                        (void *)inputCount, outputCount, 0, 0 );
             } else {
                 err = (object->*func)( reference,
                                        output, outputCount, 0, 0, 0, 0 );
             }
         } else {
                 err = (object->*func)( reference,
-                                       input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
+                                       input, (void *)inputCount, 0, 0, 0, 0 );
         }
     }
     while( false);
+
+    return( err);
+}
+
+/* Routine io_make_matching */
+kern_return_t is_io_make_matching(
+	mach_port_t	    master_port,
+	uint32_t	    type,
+	uint32_t		options,
+        io_struct_inband_t	input,
+        mach_msg_type_number_t	inputCount,
+	io_string_t	matching )
+{
+    OSSerialize * 	s;
+    IOReturn		err = kIOReturnSuccess;
+    OSDictionary *	dict;
+
+    if( master_port != master_device_port)
+        return( kIOReturnNotPrivileged);
+
+    switch( type) {
+
+	case kIOServiceMatching:
+            dict = IOService::serviceMatching( gIOServiceKey );
+	    break;
+
+	case kIOBSDNameMatching:
+	    dict = IOBSDNameMatching( (const char *) input );
+	    break;
+
+	case kIOOFPathMatching:
+	    dict = IOOFPathMatching( (const char *) input,
+                                    matching, sizeof( io_string_t));
+	    break;
+
+	default:
+	    dict = 0;
+    }
+
+    if( !dict)
+	return( kIOReturnUnsupported);
+
+    do {
+        s = OSSerialize::withCapacity(4096);
+        if( !s) {
+            err = kIOReturnNoMemory;
+	    continue;
+	}
+        s->clearText();
+        if( !dict->serialize( s )) {
+            err = kIOReturnUnsupported;
+	    continue;
+        }
+
+        if( s->getLength() > sizeof( io_string_t)) {
+            err = kIOReturnNoMemory;
+	    continue;
+        } else
+            strlcpy(matching, s->text(), sizeof(io_string_t));
+    }
+    while( false);
+
+    if( s)
+	s->release();
+    if( dict)
+	dict->release();
 
     return( err);
 }
@@ -4709,9 +3753,6 @@
     if (inData) {
         vm_map_offset_t map_data;
 
-        if( inDataCount > sizeof(io_struct_inband_t) * 1024)
-            return( kIOReturnMessageTooLarge);
-
         kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData);
 		data = CAST_DOWN(vm_offset_t, map_data);
 
@@ -4721,7 +3762,7 @@
         // must return success after vm_map_copyout() succeeds
 
         if( inDataCount ) {
-            obj = (OSObject *)OSUnserializeXML((const char *)data, inDataCount);
+            obj = (OSObject *)OSUnserializeXML((const char *)data);
             vm_deallocate( kernel_map, data, inDataCount );
             if( !obj) {
                 *result = kIOReturnNoMemory;
@@ -4731,23 +3772,6 @@
     }
 
     switch ( flag ) {
-        case kIOCatalogResetDrivers:
-        case kIOCatalogResetDriversNoMatch: {
-                OSArray * array;
-
-                array = OSDynamicCast(OSArray, obj);
-                if (array) {
-                   if ( !gIOCatalogue->resetAndAddDrivers(array,
-                        flag == kIOCatalogResetDrivers) ) {
-
-                        kr = kIOReturnError;
-                    }
-                } else {
-                    kr = kIOReturnBadArgument;
-                }
-            }
-            break;
-
         case kIOCatalogAddDrivers: 
         case kIOCatalogAddDriversNoMatch: {
                 OSArray * array;
@@ -4803,7 +3827,6 @@
 
         case kIOCatalogKextdActive:
 #if !NO_KEXTD
-            IOServiceTrace(IOSERVICE_KEXTD_ALIVE, 0, 0, 0, 0);
             OSKext::setKextdActive();
 
            /* Dump all nonloaded startup extensions; kextd will now send them
@@ -4821,7 +3844,6 @@
                 if (!clearedBusy) {
                     IOService * serviceRoot = IOService::getServiceRoot();
                     if (serviceRoot) {
-                        IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0);
                         serviceRoot->adjustBusy(-1);
                         clearedBusy = true;
                     }
@@ -4859,7 +3881,6 @@
         return( kr );
 
     switch ( flag ) {
-#if !defined(SECURE_KERNEL)
         case kIOCatalogServiceTerminate:
             OSIterator *	iter;
             IOService *		service;
@@ -4889,7 +3910,6 @@
             kr = gIOCatalogue->terminateDriversForModule(name,
                                         flag == kIOCatalogModuleUnload);
             break;
-#endif
 
         default:
             kr = kIOReturnBadArgument;
@@ -4917,6 +3937,8 @@
     s = OSSerialize::withCapacity(4096);
     if ( !s )
         return kIOReturnNoMemory;
+
+    s->clearText();
 
     kr = gIOCatalogue->serializeData(flag, s);
 
@@ -5020,13 +4042,11 @@
             }
         }
 
-	iokit_remove_connect_reference(userClient);
+        userClient->release();
     }
 
     return result;
 }
-
-} /* extern "C" */
 
 IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArguments * args,
 					IOExternalMethodDispatch * dispatch, OSObject * target, void * reference )
@@ -5087,13 +4107,16 @@
     if (args->asyncWakePort)
     {
 	IOExternalAsyncMethod *	method;
-	object = 0;
-	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) || !object )
+
+	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
     if (kIOUCForegroundOnly & method->flags)
     {
-	if (task_is_gpu_denied(current_task()))
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+    
+        if ((KERN_SUCCESS == kr) && isBg)
             return (kIOReturnNotPermitted);
     }
 
@@ -5136,13 +4159,16 @@
     else
     {
 	IOExternalMethod *	method;
-	object = 0;
-	if( !(method = getTargetAndMethodForIndex(&object, selector)) || !object )
+
+	if( !(method = getTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
     if (kIOUCForegroundOnly & method->flags)
     {
-	if (task_is_gpu_denied(current_task()))
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+    
+        if ((KERN_SUCCESS == kr) && isBg)
             return (kIOReturnNotPermitted);
     }
 
@@ -5183,6 +4209,9 @@
 
     return (err);
 }
+
+
+};	/* extern "C" */
 
 #if __LP64__
 OSMetaClassDefineReservedUnused(IOUserClient, 0);