This is xnu-11215.1.10. See this file in: xnu-8792.81.2 (MacOS 18, Darwin 22) xnu-8019 (MacOS 17.0, Darwin 21) xnu-6153.11.26 (MacOS 15.0, Darwin 19) xnu-4903.221.2 (MacOS 14.0, Darwin 18) xnu-4570.41.2 (MacOS 13.3, Darwin 17) xnu-3789.70.16 (MacOS 12.6, Darwin 16) xnu-3248.20.55 (MacOS 11.2, Darwin 15) xnu-2782.40.9 (MacOS 10.10.5, Darwin 14) xnu-2422.115.4 (MacOS 10.9.5, Darwin 13) xnu-2050.24.15 (MacOS 10.8.4, Darwin 12) xnu-1699.32.7 (MacOS 10.7.5, Darwin 11) xnu-1504.15.3 (MacOS 10.6.8, Darwin 10) xnu-1228.15.4 (MacOS 10.5.8, Darwin 9)

#include "TestIODeviceMemoryRosetta.h"
#include <IOKit/IOService.h>
#include <IOKit/IOUserClient.h>
#include <IOKit/IOKitServer.h>
#include <kern/ipc_kobject.h>

#if (DEVELOPMENT || DEBUG) && XNU_TARGET_OS_OSX

OSDefineMetaClassAndStructors(TestIODeviceMemoryRosetta, IOService);

OSDefineMetaClassAndStructors(TestIODeviceMemoryRosettaUserClient, IOUserClient2022);

bool
TestIODeviceMemoryRosetta::start(IOService * provider)
{
	OSString * str = OSString::withCStringNoCopy("TestIODeviceMemoryRosettaUserClient");
	bool ret = IOService::start(provider);
	if (ret && str != NULL) {
		setProperty(gIOUserClientClassKey, str);
		registerService();
	}
	OSSafeReleaseNULL(str);
	return ret;
}

bool
TestIODeviceMemoryRosettaUserClient::start(IOService * provider)
{
	if (!IOUserClient2022::start(provider)) {
		return false;
	}
	setProperty(kIOUserClientDefaultLockingKey, kOSBooleanTrue);
	setProperty(kIOUserClientDefaultLockingSetPropertiesKey, kOSBooleanTrue);
	setProperty(kIOUserClientDefaultLockingSingleThreadExternalMethodKey, kOSBooleanTrue);

	setProperty(kIOUserClientEntitlementsKey, kOSBooleanFalse);

	return true;
}

IOReturn
TestIODeviceMemoryRosettaUserClient::clientClose()
{
	if (!isInactive()) {
		terminate();
	}
	return kIOReturnSuccess;
}

struct TestIODeviceMemoryRosettaUserClientArgs {
	uint64_t size;
	uint64_t offset;
	uint64_t deviceMemoryOffset;
	uint64_t length;
	uint64_t xorkey;
};

struct TestIODeviceMemoryRosettaUserClientOutput {
	mach_vm_address_t address;
	mach_vm_size_t size;
};

IOReturn
TestIODeviceMemoryRosettaUserClient::externalMethodDispatched(IOExternalMethodArguments * args)
{
	IOReturn ret = kIOReturnError;
	IOMemoryMap * map = NULL;
	IODeviceMemory * deviceMemory = NULL;
	uint64_t * buf;

	TestIODeviceMemoryRosettaUserClientArgs * userClientArgs = (TestIODeviceMemoryRosettaUserClientArgs *)args->structureInput;
	TestIODeviceMemoryRosettaUserClientOutput * userClientOutput = (TestIODeviceMemoryRosettaUserClientOutput *)args->structureOutput;

	if (userClientArgs->size % sizeof(uint64_t) != 0) {
		return kIOReturnBadArgument;
	}

	if (userClientArgs->size + userClientArgs->deviceMemoryOffset > phys_carveout_size) {
		return kIOReturnBadArgument;
	}

	// Create memory descriptor using the physical carveout
	deviceMemory = IODeviceMemory::withRange(phys_carveout_pa + userClientArgs->deviceMemoryOffset, userClientArgs->size);
	if (!deviceMemory) {
		printf("Failed to allocate device memory\n");
		goto finish;
	}

	// Fill carveout memory with known values, xored with the key
	buf = (uint64_t *)phys_carveout;
	for (uint64_t idx = 0; idx < (userClientArgs->deviceMemoryOffset + userClientArgs->size) / sizeof(uint64_t); idx++) {
		buf[idx] = idx ^ userClientArgs->xorkey;
	}

	// Map the memory descriptor
	map = deviceMemory->createMappingInTask(current_task(), 0, kIOMapAnywhere, userClientArgs->offset, userClientArgs->length);

	if (map) {
		// Release map when task exits
		userClientOutput->address = map->getAddress();
		userClientOutput->size = map->getSize();
		mach_port_name_t name __unused = iokit_make_send_right(current_task(), map, IKOT_IOKIT_OBJECT);
		ret = kIOReturnSuccess;
	}

finish:
	OSSafeReleaseNULL(map);
	OSSafeReleaseNULL(deviceMemory);
	return ret;
}

static IOReturn
TestIODeviceMemoryRosettaMethodDispatched(OSObject * target, void * reference, IOExternalMethodArguments * arguments)
{
	TestIODeviceMemoryRosettaUserClient *
	    me = OSRequiredCast(TestIODeviceMemoryRosettaUserClient, target);
	return me->externalMethodDispatched(arguments);
}

IOReturn
TestIODeviceMemoryRosettaUserClient::externalMethod(uint32_t selector, IOExternalMethodArgumentsOpaque * args)
{
	static const IOExternalMethodDispatch2022 dispatchArray[] = {
		[0] {
			.function                 = &TestIODeviceMemoryRosettaMethodDispatched,
			.checkScalarInputCount    = 0,
			.checkStructureInputSize  = sizeof(TestIODeviceMemoryRosettaUserClientArgs),
			.checkScalarOutputCount   = 0,
			.checkStructureOutputSize = sizeof(TestIODeviceMemoryRosettaUserClientOutput),
			.allowAsync               = false,
			.checkEntitlement         = "com.apple.iokit.test-check-entitlement",
		},
	};

	return dispatchExternalMethod(selector, args, dispatchArray, sizeof(dispatchArray) / sizeof(dispatchArray[0]), this, NULL);
}

#endif /* (DEVELOPMENT || DEBUG) && XNU_TARGET_OS_OSX */