Loading...
iokit/Kernel/IOUserClient.cpp xnu-517.3.7 xnu-201
--- xnu/xnu-517.3.7/iokit/Kernel/IOUserClient.cpp
+++ xnu/xnu-201/iokit/Kernel/IOUserClient.cpp
@@ -3,30 +3,33 @@
  *
  * @APPLE_LICENSE_HEADER_START@
  * 
- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
+ * The contents of this file constitute Original Code as defined in and
+ * are subject to the Apple Public Source License Version 1.1 (the
+ * "License").  You may not use this file except in compliance with the
+ * License.  Please obtain a copy of the License at
+ * http://www.apple.com/publicsource and read it before using this file.
  * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * This Original Code and all software distributed under the License are
+ * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
+ * License for the specific language governing rights and limitations
+ * under the License.
  * 
  * @APPLE_LICENSE_HEADER_END@
  */
-
+/*
+ * Copyright (c) 1998 Apple Computer, Inc.  All rights reserved. 
+ *
+ * HISTORY
+ *
+ * 14 Aug 98 sdouglas created.
+ * 08 Dec 98 sdouglas cpp.
+ */
 
 #include <IOKit/IOKitServer.h>
 #include <IOKit/IOUserClient.h>
-#include <IOKit/IOService.h>
 #include <IOKit/IOService.h>
 #include <IOKit/IORegistryEntry.h>
 #include <IOKit/IOCatalogue.h>
@@ -35,8 +38,6 @@
 
 #include <IOKit/assert.h>
 
-#include "IOServicePrivate.h"
-
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 // definitions we should get from osfmk
@@ -63,11 +64,6 @@
 extern io_object_t iokit_lookup_connect_ref_current_task(io_object_t clientRef);
 
 extern ipc_port_t master_device_port;
-
-extern void iokit_retain_port( ipc_port_t port );
-extern void iokit_release_port( ipc_port_t port );
-
-extern kern_return_t iokit_switch_object_port( ipc_port_t port, io_object_t obj, ipc_kobject_type_t type );
 
 #include <vm/vm_map.h>
 
@@ -84,17 +80,11 @@
 public:
     OSObject *	object;
     ipc_port_t	port;
-    UInt32      mscount;
-    UInt8	holdDestroy;
 
     static IOMachPort * portForObject( OSObject * obj,
 				ipc_kobject_type_t type );
-    static bool noMoreSendersForObject( OSObject * obj,
-				ipc_kobject_type_t type, mach_port_mscount_t * mscount );
     static void releasePortForObject( OSObject * obj,
 				ipc_kobject_type_t type );
-    static void setHoldDestroy( OSObject * obj, ipc_kobject_type_t type );
-
     static OSDictionary * dictForType( ipc_kobject_type_t type );
 
     static mach_port_name_t makeSendRightForTask( task_t task,
@@ -146,11 +136,8 @@
 	    continue;
 
         if( (inst = (IOMachPort *)
-                dict->getObject( (const OSSymbol *) obj ))) {
-	    inst->mscount++;
-	    inst->retain();
+                dict->getObject( (const OSSymbol *) obj )))
             continue;
-	}
 
         inst = new IOMachPort;
         if( inst && !inst->init()) {
@@ -162,7 +149,7 @@
         if( inst->port) {
 	    // retains obj
             dict->setObject( (const OSSymbol *) obj, inst );
-	    inst->mscount++;
+            inst->release();	// one more to free port => release obj
 
         } else {
             inst->release();
@@ -176,101 +163,26 @@
     return( inst );
 }
 
-bool IOMachPort::noMoreSendersForObject( OSObject * obj,
-				ipc_kobject_type_t type, mach_port_mscount_t * mscount )
+void IOMachPort::releasePortForObject( OSObject * obj,
+				ipc_kobject_type_t type )
 {
     OSDictionary *	dict;
-    IOMachPort *	machPort;
-    bool		destroyed = true;
 
     IOTakeLock( gIOObjectPortLock);
 
     if( (dict = dictForType( type ))) {
         obj->retain();
-
-	machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
-	if( machPort) {
-	    destroyed = (machPort->mscount == *mscount);
-	    if( destroyed)
-		dict->removeObject( (const OSSymbol *) obj );
-	    else
-		*mscount = machPort->mscount;
-	} 
-	obj->release();
-    }
-
-    IOUnlock( gIOObjectPortLock);
-
-    return( destroyed );
-}
-
-void IOMachPort::releasePortForObject( OSObject * obj,
-				ipc_kobject_type_t type )
-{
-    OSDictionary *	dict;
-    IOMachPort *	machPort;
-
-    IOTakeLock( gIOObjectPortLock);
-
-    if( (dict = dictForType( type ))) {
-        obj->retain();
-	machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
-	if( machPort && !machPort->holdDestroy)
-            dict->removeObject( (const OSSymbol *) obj );
+        dict->removeObject( (const OSSymbol *) obj );
         obj->release();
     }
 
     IOUnlock( gIOObjectPortLock);
 }
 
-void IOMachPort::setHoldDestroy( OSObject * obj, ipc_kobject_type_t type )
-{
-    OSDictionary *	dict;
-    IOMachPort * 	machPort;
-
-    IOLockLock( gIOObjectPortLock );
-
-    if( (dict = dictForType( type ))) {
-        machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
-        if( machPort)
-            machPort->holdDestroy = true;
-    }
-
-    IOLockUnlock( gIOObjectPortLock );
-}
-
 void IOUserClient::destroyUserReferences( OSObject * obj )
 {
     IOMachPort::releasePortForObject( obj, IKOT_IOKIT_OBJECT );
-
-    // panther, 3160200
-    // IOMachPort::releasePortForObject( obj, IKOT_IOKIT_CONNECT );
-
-    OSDictionary * dict;
-
-    IOTakeLock( gIOObjectPortLock);
-    obj->retain();
-
-    if( (dict = IOMachPort::dictForType( IKOT_IOKIT_CONNECT )))
-    {
-	IOMachPort * port;
-	port = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
-	if (port)
-	{
-	    IOUserClient * uc;
-	    if ((uc = OSDynamicCast(IOUserClient, obj)) && uc->mappings)
-	    {
-		dict->setObject((const OSSymbol *) uc->mappings, port);
-		iokit_switch_object_port(port->port, uc->mappings, IKOT_IOKIT_CONNECT);
-
-		uc->mappings->release();
-		uc->mappings = 0;
-	    }
-	    dict->removeObject( (const OSSymbol *) obj );
-	}
-    }
-    obj->release();
-    IOUnlock( gIOObjectPortLock);
+    IOMachPort::releasePortForObject( obj, IKOT_IOKIT_CONNECT );
 }
 
 mach_port_name_t IOMachPort::makeSendRightForTask( task_t task,
@@ -288,16 +200,77 @@
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
+extern "C" {
+
+// functions called from osfmk/device/iokit_rpc.c
+
+void
+iokit_add_reference( io_object_t obj )
+{
+    if( obj)
+	obj->retain();
+}
+
+void
+iokit_remove_reference( io_object_t obj )
+{
+    if( obj)
+	obj->release();
+}
+
+ipc_port_t
+iokit_port_for_object( io_object_t obj, ipc_kobject_type_t type )
+{
+    IOMachPort * machPort;
+
+    if( (machPort = IOMachPort::portForObject( obj, type )))
+	return( machPort->port );
+    else
+	return( 0 );
+}
+
+kern_return_t
+iokit_client_died( io_object_t obj, ipc_port_t /* port */,
+			ipc_kobject_type_t type )
+{
+    IOUserClient *	client;
+    IOMemoryMap *	map;
+
+    if( (IKOT_IOKIT_CONNECT == type)
+     && (client = OSDynamicCast( IOUserClient, obj )))
+	client->clientDied();
+    else if( (IKOT_IOKIT_OBJECT == type)
+     && (map = OSDynamicCast( IOMemoryMap, obj )))
+	map->taskDied();
+
+    IOMachPort::releasePortForObject( obj, type );
+
+    return( kIOReturnSuccess);
+}
+
+};	/* extern "C" */
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
 class IOUserNotification : public OSIterator
 {
     OSDeclareDefaultStructors(IOUserNotification)
 
+    struct PingMsg {
+        mach_msg_header_t	msgHdr;
+        OSNotificationHeader	notifyHeader;
+    };
+
+    PingMsg 	*	pingMsg;
+    vm_size_t		msgSize;
     IONotifier 	* 	holdNotify;
     IOLock 	*	lock;
 
 public:
 
-    virtual bool init( void );
+    virtual bool init( mach_port_t port, natural_t type,
+                       OSAsyncReference reference,
+                       vm_size_t messageSize );
     virtual void free();
 
     virtual void setNotification( IONotifier * obj );
@@ -306,90 +279,12 @@
     virtual bool isValid();
 };
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-extern "C" {
-
-// functions called from osfmk/device/iokit_rpc.c
-
-void
-iokit_add_reference( io_object_t obj )
-{
-    if( obj)
-	obj->retain();
-}
-
-void
-iokit_remove_reference( io_object_t obj )
-{
-    if( obj)
-	obj->release();
-}
-
-ipc_port_t
-iokit_port_for_object( io_object_t obj, ipc_kobject_type_t type )
-{
-    IOMachPort * machPort;
-    ipc_port_t	 port;
-
-    if( (machPort = IOMachPort::portForObject( obj, type ))) {
-
-	port = machPort->port;
-	if( port)
-	    iokit_retain_port( port );
-
-	machPort->release();
-
-    } else
-	port = NULL;
-
-    return( port );
-}
-
-kern_return_t
-iokit_client_died( io_object_t obj, ipc_port_t /* port */,
-			ipc_kobject_type_t type, mach_port_mscount_t * mscount )
-{
-    IOUserClient *	client;
-    IOMemoryMap *	map;
-    IOUserNotification * notify;
-
-    if( !IOMachPort::noMoreSendersForObject( obj, type, mscount ))
-	return( kIOReturnNotReady );
-
-    if( IKOT_IOKIT_CONNECT == type)
-    {
-	if( (client = OSDynamicCast( IOUserClient, obj )))
-	    client->clientDied();
-    }
-    else if( IKOT_IOKIT_OBJECT == type)
-    {
-	if( (map = OSDynamicCast( IOMemoryMap, obj )))
-	    map->taskDied();
-	else if( (notify = OSDynamicCast( IOUserNotification, obj )))
-	    notify->setNotification( 0 );
-    }
-
-    return( kIOReturnSuccess );
-}
-
-};	/* extern "C" */
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
 class IOServiceUserNotification : public IOUserNotification
 {
     OSDeclareDefaultStructors(IOServiceUserNotification)
 
-    struct PingMsg {
-        mach_msg_header_t		msgHdr;
-        OSNotificationHeader		notifyHeader;
-    };
-
     enum { kMaxOutstanding = 256 };
 
-    PingMsg *		pingMsg;
-    vm_size_t		msgSize;
     OSArray 	*	newSet;
     OSObject	*	lastEntry;
     bool		armed;
@@ -410,16 +305,6 @@
 class IOServiceMessageUserNotification : public IOUserNotification
 {
     OSDeclareDefaultStructors(IOServiceMessageUserNotification)
-
-    struct PingMsg {
-        mach_msg_header_t		msgHdr;
-	mach_msg_body_t			msgBody;
-	mach_msg_port_descriptor_t	ports[1];
-        OSNotificationHeader		notifyHeader;
-    };
-
-    PingMsg *		pingMsg;
-    vm_size_t		msgSize;
 
 public:
 
@@ -446,7 +331,8 @@
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-bool IOUserNotification::init( void )
+bool IOUserNotification::init( mach_port_t port, natural_t type,
+                               OSAsyncReference reference, vm_size_t extraSize )
 {
     if( !super::init())
 	return( false );
@@ -455,6 +341,24 @@
     if( !lock)
         return( false );
 
+    msgSize = sizeof( PingMsg) + extraSize;
+    pingMsg = (PingMsg *) IOMalloc( msgSize);
+    if( !pingMsg)
+        return( false );
+
+    bzero( pingMsg, msgSize);
+
+    pingMsg->msgHdr.msgh_remote_port	= port;
+    pingMsg->msgHdr.msgh_bits 		= MACH_MSGH_BITS(
+                                            MACH_MSG_TYPE_COPY_SEND,
+                                            MACH_MSG_TYPE_COPY_SEND );
+    pingMsg->msgHdr.msgh_size 		= msgSize;
+    pingMsg->msgHdr.msgh_id		= kOSNotificationMessageID;
+
+    pingMsg->notifyHeader.size = extraSize;
+    pingMsg->notifyHeader.type = type;
+    bcopy( reference, pingMsg->notifyHeader.reference, sizeof(OSAsyncReference) );
+
     return( true );
 }
 
@@ -464,6 +368,9 @@
 	holdNotify->remove();
     // can't be in handler now
 
+    if( pingMsg)
+        IOFree( pingMsg, msgSize);
+
     if( lock)
 	IOLockFree( lock );
 
@@ -473,17 +380,10 @@
 
 void IOUserNotification::setNotification( IONotifier * notify )
 {
-    IONotifier * previousNotify;
-
-    IOLockLock( gIOObjectPortLock);
-
-    previousNotify = holdNotify;
+    if( holdNotify)
+	holdNotify->remove();
+
     holdNotify = notify;
-
-    IOLockUnlock( gIOObjectPortLock);
-
-    if( previousNotify)
-	previousNotify->remove();
 }
 
 void IOUserNotification::reset()
@@ -511,49 +411,18 @@
     if( !newSet)
         return( false );
 
-    msgSize = sizeof( PingMsg) + 0;
-    pingMsg = (PingMsg *) IOMalloc( msgSize);
-    if( !pingMsg)
-        return( false );
-
-    bzero( pingMsg, msgSize);
-
-    pingMsg->msgHdr.msgh_remote_port	= port;
-    pingMsg->msgHdr.msgh_bits 		= MACH_MSGH_BITS(
-                                            MACH_MSG_TYPE_COPY_SEND /*remote*/,
-                                            MACH_MSG_TYPE_MAKE_SEND /*local*/);
-    pingMsg->msgHdr.msgh_size 		= msgSize;
-    pingMsg->msgHdr.msgh_id		= kOSNotificationMessageID;
-
-    pingMsg->notifyHeader.size = 0;
-    pingMsg->notifyHeader.type = type;
-    bcopy( reference, pingMsg->notifyHeader.reference, sizeof(OSAsyncReference) );
-
-    return( super::init() );
+    return( super::init( port, type, reference, 0) );
 }
 
 void IOServiceUserNotification::free( void )
 {
-    PingMsg   *	_pingMsg;
-    vm_size_t	_msgSize;
-    OSArray   *	_newSet;
-    OSObject  *	_lastEntry;
-
-    _pingMsg   = pingMsg;
-    _msgSize   = msgSize;
-    _lastEntry = lastEntry;
-    _newSet    = newSet;
+    if( lastEntry)
+        lastEntry->release();
+
+    if( newSet)
+        newSet->release();
 
     super::free();
-
-    if( _pingMsg && _msgSize)
-        IOFree( _pingMsg, _msgSize);
-
-    if( _lastEntry)
-        _lastEntry->release();
-
-    if( _newSet)
-        _newSet->release();
 }
 
 bool IOServiceUserNotification::_handler( void * target,
@@ -562,12 +431,12 @@
     return( ((IOServiceUserNotification *) target)->handler( ref, newService ));
 }
 
-bool IOServiceUserNotification::handler( void * ref,
+bool IOServiceUserNotification::handler( void * /* ref */,
                                 IOService * newService )
 {
     unsigned int	count;
     kern_return_t	kr;
-    ipc_port_t		port = NULL;
+    IOMachPort *	machPort;
     bool		sendPing = false;
 
     IOTakeLock( lock );
@@ -582,20 +451,13 @@
 
     IOUnlock( lock );
 
-    if( kIOServiceTerminatedNotificationType == pingMsg->notifyHeader.type)
-        IOMachPort::setHoldDestroy( newService, IKOT_IOKIT_OBJECT );
-
     if( sendPing) {
-	if( (port = iokit_port_for_object( this, IKOT_IOKIT_OBJECT ) ))
-            pingMsg->msgHdr.msgh_local_port = port;
-	else
-            pingMsg->msgHdr.msgh_local_port = NULL;
+        if( (0 == pingMsg->msgHdr.msgh_local_port)
+         && (machPort = IOMachPort::portForObject( this, IKOT_IOKIT_OBJECT ) ))
+            pingMsg->msgHdr.msgh_local_port = machPort->port;
 
         kr = mach_msg_send_from_kernel( &pingMsg->msgHdr,
                                         pingMsg->msgHdr.msgh_size);
-	if( port)
-	    iokit_release_port( port );
-
         if( KERN_SUCCESS != kr)
             IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr );
     }
@@ -638,48 +500,13 @@
 bool IOServiceMessageUserNotification::init( mach_port_t port, natural_t type,
                        OSAsyncReference reference, vm_size_t extraSize )
 {
-
-    extraSize += sizeof(IOServiceInterestContent);
-    msgSize = sizeof( PingMsg) + extraSize;
-    pingMsg = (PingMsg *) IOMalloc( msgSize);
-    if( !pingMsg)
-        return( false );
-
-    bzero( pingMsg, msgSize);
-
-    pingMsg->msgHdr.msgh_remote_port	= port;
-    pingMsg->msgHdr.msgh_bits 		= MACH_MSGH_BITS_COMPLEX
-					|  MACH_MSGH_BITS(
-                                            MACH_MSG_TYPE_COPY_SEND /*remote*/,
-                                            MACH_MSG_TYPE_MAKE_SEND /*local*/);
-    pingMsg->msgHdr.msgh_size 		= msgSize;
-    pingMsg->msgHdr.msgh_id		= kOSNotificationMessageID;
-
-    pingMsg->msgBody.msgh_descriptor_count = 1;
-
-    pingMsg->ports[0].name 		= 0;
-    pingMsg->ports[0].disposition 	= MACH_MSG_TYPE_MAKE_SEND;
-    pingMsg->ports[0].type 		= MACH_MSG_PORT_DESCRIPTOR;
-
-    pingMsg->notifyHeader.size 		= extraSize;
-    pingMsg->notifyHeader.type 		= type;
-    bcopy( reference, pingMsg->notifyHeader.reference, sizeof(OSAsyncReference) );
-
-    return( super::init() );
+    return( super::init( port, type, reference,
+                       sizeof(IOServiceInterestContent) + extraSize) );
 }
 
 void IOServiceMessageUserNotification::free( void )
 {
-    PingMsg *	_pingMsg;
-    vm_size_t	_msgSize;
-
-    _pingMsg   = pingMsg;
-    _msgSize   = msgSize;
-
     super::free();
-
-    if( _pingMsg && _msgSize)
-        IOFree( _pingMsg, _msgSize);
 }
 
 IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref,
@@ -695,7 +522,7 @@
                                     void * messageArgument, vm_size_t argSize )
 {
     kern_return_t		kr;
-    ipc_port_t 			thisPort, providerPort;
+    IOMachPort *		machPort;
     IOServiceInterestContent * 	data = (IOServiceInterestContent *)
                                        pingMsg->notifyHeader.content;
 
@@ -713,17 +540,13 @@
         - sizeof( data->messageArgument)
         + argSize;
 
-    providerPort = iokit_port_for_object( provider, IKOT_IOKIT_OBJECT );
-    pingMsg->ports[0].name = providerPort;
-    thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
-    pingMsg->msgHdr.msgh_local_port = thisPort;
+    if( (machPort = IOMachPort::portForObject( provider, IKOT_IOKIT_OBJECT ) ))
+        pingMsg->msgHdr.msgh_local_port = machPort->port;
+    else
+        pingMsg->msgHdr.msgh_local_port = MACH_PORT_NULL;
+    
     kr = mach_msg_send_from_kernel( &pingMsg->msgHdr,
-				    pingMsg->msgHdr.msgh_size);
-    if( thisPort)
-	iokit_release_port( thisPort );
-    if( providerPort)
-	iokit_release_port( providerPort );
-
+                                    pingMsg->msgHdr.msgh_size);
     if( KERN_SUCCESS != kr)
         IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr );
 
@@ -764,43 +587,17 @@
     security_token_t	   token;
     mach_msg_type_number_t count;
 
+    if( 0 != strcmp( privilegeName, kIOClientPrivilegeAdministrator))
+        return( kIOReturnUnsupported );
+
     count = TASK_SECURITY_TOKEN_COUNT;
     kr = task_info( (task_t) securityToken, TASK_SECURITY_TOKEN,
-		    (task_info_t) &token, &count );
-
-    if (KERN_SUCCESS != kr)
-    {}
-    else if (!strcmp(privilegeName, kIOClientPrivilegeAdministrator))
-    {
-	if (0 != token.val[0])
-	    kr = kIOReturnNotPrivileged;
-    }
-    else if (!strcmp(privilegeName, kIOClientPrivilegeLocalUser))
-    {
-	OSArray *      array;
-	OSDictionary * user = 0;
-
-	if ((array = OSDynamicCast(OSArray,
-	    IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
-	{
-	    for (unsigned int idx = 0;
-		    (user = OSDynamicCast(OSDictionary, array->getObject(idx)));
-		    idx++)
-	    {
-		OSNumber * num;
-		if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionUIDKey)))
-		  && (token.val[0] == num->unsigned32BitValue()))
-		    break;
-	    }
-	    array->release();
-	}
-	if (!user)
-	    kr = kIOReturnNotPrivileged;
-    }
-    else
-	kr = kIOReturnUnsupported;
-
-    return (kr);
+                    (task_info_t) &token, &count );
+    if( (kr == kIOReturnSuccess)
+      && (0 != token.val[0]))
+        kr = kIOReturnNotPrivileged;
+
+    return( kr );
 }
 
 bool IOUserClient::initWithTask(task_t owningTask,
@@ -878,8 +675,8 @@
 IOMemoryMap * IOUserClient::mapClientMemory( 
 	IOOptionBits		type,
 	task_t			task,
-	IOOptionBits		mapFlags,
-	IOVirtualAddress	atAddress )
+	IOOptionBits		mapFlags = kIOMapAnywhere,
+	IOVirtualAddress	atAddress = 0 )
 {
     IOReturn		err;
     IOOptionBits	options = 0;
@@ -981,8 +778,7 @@
     
     if(numArgs > kMaxAsyncArgs)
         return kIOReturnMessageTooLarge;
-    replyMsg.msgHdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND /*remote*/,
-                                                0 /*local*/);
+    replyMsg.msgHdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND,0);
     replyMsg.msgHdr.msgh_size =
         sizeof(replyMsg) - (kMaxAsyncArgs-numArgs)*sizeof(void *);
     replyMsg.msgHdr.msgh_remote_port = replyPort;
@@ -1117,29 +913,6 @@
     return( kr );
 }
 
-/* Routine io_service_match_property_table_ool */
-kern_return_t is_io_service_match_property_table_ool(
-	io_object_t service,
-	io_buf_ptr_t matching,
-	mach_msg_type_number_t matchingCnt,
-	natural_t *result,
-	boolean_t *matches )
-{
-    kern_return_t	kr;
-    vm_offset_t 	data;
-
-    kr = vm_map_copyout( kernel_map, &data, (vm_map_copy_t) matching );
-
-    if( KERN_SUCCESS == kr) {
-        // must return success after vm_map_copyout() succeeds
-	*result = is_io_service_match_property_table( service,
-		(char *) data, matches );
-	vm_deallocate( kernel_map, data, matchingCnt );
-    }
-
-    return( kr );
-}
-
 /* Routine io_service_get_matching_services */
 kern_return_t is_io_service_get_matching_services(
 	mach_port_t master_port,
@@ -1163,29 +936,6 @@
 
     if( obj)
         obj->release();
-
-    return( kr );
-}
-
-/* Routine io_service_get_matching_services_ool */
-kern_return_t is_io_service_get_matching_services_ool(
-	mach_port_t master_port,
-	io_buf_ptr_t matching,
-	mach_msg_type_number_t matchingCnt,
-	natural_t *result,
-	io_object_t *existing )
-{
-    kern_return_t	kr;
-    vm_offset_t 	data;
-
-    kr = vm_map_copyout( kernel_map, &data, (vm_map_copy_t) matching );
-
-    if( KERN_SUCCESS == kr) {
-        // must return success after vm_map_copyout() succeeds
-	*result = is_io_service_get_matching_services( master_port,
-			(char *) data, existing );
-	vm_deallocate( kernel_map, data, matchingCnt );
-    }
 
     return( kr );
 }
@@ -1200,6 +950,7 @@
 	mach_msg_type_number_t referenceCnt,
 	io_object_t * notification )
 {
+
     IOServiceUserNotification *	userNotify = 0;
     IONotifier *		notify = 0;
     const OSSymbol *		sym;
@@ -1264,34 +1015,6 @@
     return( err );
 }
 
-/* Routine io_service_add_notification_ool */
-kern_return_t is_io_service_add_notification_ool(
-	mach_port_t master_port,
-	io_name_t notification_type,
-	io_buf_ptr_t matching,
-	mach_msg_type_number_t matchingCnt,
-	mach_port_t wake_port,
-	io_async_ref_t reference,
-	mach_msg_type_number_t referenceCnt,
-	natural_t *result,
-	io_object_t *notification )
-{
-    kern_return_t	kr;
-    vm_offset_t 	data;
-
-    kr = vm_map_copyout( kernel_map, &data, (vm_map_copy_t) matching );
-
-    if( KERN_SUCCESS == kr) {
-        // must return success after vm_map_copyout() succeeds
-	*result = is_io_service_add_notification( master_port, notification_type,
-			(char *) data, wake_port, reference, referenceCnt, notification );
-	vm_deallocate( kernel_map, data, matchingCnt );
-    }
-
-    return( kr );
-}
-
-
 /* Routine io_service_add_notification_old */
 kern_return_t is_io_service_add_notification_old(
 	mach_port_t master_port,
@@ -1343,8 +1066,6 @@
             err = kIOReturnSuccess;
         } else
             err = kIOReturnUnsupported;
-
-	sym->release();
 
     } while( false );
 
@@ -1590,7 +1311,14 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
+#if 0
+    // need virtual
     obj = entry->copyProperty(property_name);
+#else
+    obj = entry->getProperty(property_name);
+    if( obj)
+        obj->retain();
+#endif
     if( !obj)
         return( kIOReturnNoResources );
 
@@ -1612,7 +1340,7 @@
 	offsetBytes = off->unsigned64BitValue();
 	len = off->numberOfBytes();
 	bytes = &offsetBytes;
-#ifdef __BIG_ENDIAN__
+#if __BIG_ENDIAN__
 	bytes = (const void *)
 		(((UInt32) bytes) + (sizeof( UInt64) - len));
 #endif
@@ -1646,7 +1374,14 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
+#if 0
+    // need virtual
     obj = entry->copyProperty(property_name);
+#else
+    obj = entry->getProperty(property_name);
+    if( obj)
+        obj->retain();
+#endif
     if( !obj)
         return( kIOReturnNotFound );
 
@@ -1686,8 +1421,15 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
+#if 0
     obj = entry->copyProperty( property_name,
                                IORegistryEntry::getPlane( plane ), options);
+#else
+    obj = entry->getProperty( property_name,
+                               IORegistryEntry::getPlane( plane ), options);
+    if( obj)
+        obj->retain();
+#endif
     if( !obj)
         return( kIOReturnNotFound );
 
@@ -1818,18 +1560,6 @@
     return( kIOReturnSuccess );
 }
 
-/* Routine io_service_get_state */
-kern_return_t is_io_service_get_state(
-	io_object_t _service,
-	uint64_t *state )
-{
-    CHECK( IOService, _service, service );
-
-    *state = service->getState();
-
-    return( kIOReturnSuccess );
-}
-
 /* Routine io_service_wait_quiet */
 kern_return_t is_io_service_wait_quiet(
 	io_object_t _service,
@@ -1878,10 +1608,6 @@
 kern_return_t is_io_service_close(
 	io_object_t connection )
 {
-    OSSet * mappings;
-    if ((mappings = OSDynamicCast(OSSet, connection)))
-	return( kIOReturnSuccess );
-
     CHECK( IOUserClient, connection, client );
 
     client->clientClose();
@@ -1943,10 +1669,7 @@
         if( task != current_task()) {
             // push a name out to the task owning the map,
             // so we can clean up maps
-#if IOASSERT
-	    mach_port_name_t name =
-#endif
-	    IOMachPort::makeSendRightForTask(
+            mach_port_name_t name = IOMachPort::makeSendRightForTask(
                                     task, map, IKOT_IOKIT_OBJECT );
             assert( name );
 
@@ -2744,8 +2467,6 @@
         case kIOCatalogRemoveKernelLinker: {
                 if (gIOCatalogue->removeKernelLinker() != KERN_SUCCESS) {
                     kr = kIOReturnError;
-                } else {
-                    kr = kIOReturnSuccess;
                 }
             }
             break;
@@ -2836,8 +2557,17 @@
         return kIOReturnNoMemory;
 
     s->clearText();
-
-    kr = gIOCatalogue->serializeData(flag, s);
+    switch ( flag ) {
+        case kIOCatalogGetContents:
+            if ( !gIOCatalogue->serialize(s) ) {
+                kr = kIOReturnNoMemory;
+            }
+            break;
+
+        default:
+            kr = kIOReturnBadArgument;
+            break;
+    }
 
     if ( kr == kIOReturnSuccess ) {
         vm_offset_t data;