1 | /* |
2 | * Copyright (c) 2015 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | |
30 | /* |
31 | * |
32 | * THE KCDATA MANIFESTO |
33 | * |
34 | * Kcdata is a self-describing data serialization format. It is meant to get |
35 | * nested data structures out of xnu with minimum fuss, but also for that data |
36 | * to be easy to parse. It is also meant to allow us to add new fields and |
37 | * evolve the data format without breaking old parsers. |
38 | * |
39 | * Kcdata is a permanent data format suitable for long-term storage including |
40 | * in files. It is very important that we continue to be able to parse old |
41 | * versions of kcdata-based formats. To this end, there are several |
42 | * invariants you MUST MAINTAIN if you alter this file. |
43 | * |
44 | * * None of the magic numbers should ever be a byteswap of themselves or |
45 | * of any of the other magic numbers. |
46 | * |
47 | * * Never remove any type. |
48 | * |
49 | * * All kcdata structs must be packed, and must exclusively use fixed-size |
50 | * types. |
51 | * |
52 | * * Never change the definition of any type, except to add new fields to |
53 | * the end. |
54 | * |
55 | * * If you do add new fields to the end of a type, do not actually change |
56 | * the definition of the old structure. Instead, define a new structure |
57 | * with the new fields. See thread_snapshot_v3 as an example. This |
58 | * provides source compatibility for old readers, and also documents where |
59 | * the potential size cutoffs are. |
60 | * |
61 | * * If you change libkdd, or kcdata.py run the unit tests under libkdd. |
62 | * |
63 | * * If you add a type or extend an existing one, add a sample test to |
64 | * libkdd/tests so future changes to libkdd will always parse your struct |
65 | * correctly. |
66 | * |
67 | * For example to add a field to this: |
68 | * |
69 | * struct foobar { |
70 | * uint32_t baz; |
71 | * uint32_t quux; |
72 | * } __attribute__ ((packed)); |
73 | * |
74 | * Make it look like this: |
75 | * |
76 | * struct foobar { |
77 | * uint32_t baz; |
78 | * uint32_t quux; |
79 | * ///////// end version 1 of foobar. sizeof(struct foobar) was 8 //////// |
80 | * uint32_t frozzle; |
81 | * } __attribute__ ((packed)); |
82 | * |
83 | * If you are parsing kcdata formats, you MUST |
84 | * |
85 | * * Check the length field of each struct, including array elements. If the |
86 | * struct is longer than you expect, you must ignore the extra data. |
87 | * |
88 | * * Ignore any data types you do not understand. |
89 | * |
90 | * Additionally, we want to be as forward compatible as we can. Meaning old |
91 | * tools should still be able to use new data whenever possible. To this end, |
92 | * you should: |
93 | * |
94 | * * Try not to add new versions of types that supplant old ones. Instead |
95 | * extend the length of existing types or add supplemental types. |
96 | * |
97 | * * Try not to remove information from existing kcdata formats, unless |
98 | * removal was explicitly asked for. For example it is fine to add a |
99 | * stackshot flag to remove unwanted information, but you should not |
100 | * remove it from the default stackshot if the new flag is absent. |
101 | * |
102 | * * (TBD) If you do break old readers by removing information or |
103 | * supplanting old structs, then increase the major version number. |
104 | * |
105 | * |
106 | * |
107 | * The following is a description of the kcdata format. |
108 | * |
109 | * |
110 | * The format for data is setup in a generic format as follows |
111 | * |
112 | * Layout of data structure: |
113 | * |
114 | * | 8 - bytes | |
115 | * | type = MAGIC | LENGTH | |
116 | * | 0 | |
117 | * | type | size | |
118 | * | flags | |
119 | * | data | |
120 | * |___________data____________| |
121 | * | type | size | |
122 | * | flags | |
123 | * |___________data____________| |
124 | * | type = END | size=0 | |
125 | * | 0 | |
126 | * |
127 | * |
128 | * The type field describes what kind of data is passed. For example type = TASK_CRASHINFO_UUID means the following data is a uuid. |
129 | * These types need to be defined in task_corpses.h for easy consumption by userspace inspection tools. |
130 | * |
131 | * Some range of types is reserved for special types like ints, longs etc. A cool new functionality made possible with this |
132 | * extensible data format is that kernel can decide to put more information as required without requiring user space tools to |
133 | * re-compile to be compatible. The case of rusage struct versions could be introduced without breaking existing tools. |
134 | * |
135 | * Feature description: Generic data with description |
136 | * ------------------- |
137 | * Further more generic data with description is very much possible now. For example |
138 | * |
139 | * - kcdata_add_uint64_with_description(cdatainfo, 0x700, "NUM MACH PORTS"); |
140 | * - and more functions that allow adding description. |
141 | * The userspace tools can then look at the description and print the data even if they are not compiled with knowledge of the field apriori. |
142 | * |
143 | * Example data: |
144 | * 0000 57 f1 ad de 00 00 00 00 00 00 00 00 00 00 00 00 W............... |
145 | * 0010 01 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 ........0....... |
146 | * 0020 50 49 44 00 00 00 00 00 00 00 00 00 00 00 00 00 PID............. |
147 | * 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
148 | * 0040 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
149 | * 0050 01 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 ........0....... |
150 | * 0060 50 41 52 45 4e 54 20 50 49 44 00 00 00 00 00 00 PARENT PID...... |
151 | * 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
152 | * 0080 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
153 | * 0090 ed 58 91 f1 |
154 | * |
155 | * Feature description: Container markers for compound data |
156 | * ------------------ |
157 | * If a given kernel data type is complex and requires adding multiple optional fields inside a container |
158 | * object for a consumer to understand arbitrary data, we package it using container markers. |
159 | * |
160 | * For example, the stackshot code gathers information and describes the state of a given task with respect |
161 | * to many subsystems. It includes data such as io stats, vm counters, process names/flags and syscall counts. |
162 | * |
163 | * kcdata_add_container_marker(kcdata_p, KCDATA_TYPE_CONTAINER_BEGIN, STACKSHOT_KCCONTAINER_TASK, task_uniqueid); |
164 | * // add multiple data, or add_<type>_with_description()s here |
165 | * |
166 | * kcdata_add_container_marker(kcdata_p, KCDATA_TYPE_CONTAINER_END, STACKSHOT_KCCONTAINER_TASK, task_uniqueid); |
167 | * |
168 | * Feature description: Custom Data formats on demand |
169 | * -------------------- |
170 | * With the self describing nature of format, the kernel provider can describe a data type (uniquely identified by a number) and use |
171 | * it in the buffer for sending data. The consumer can parse the type information and have knowledge of describing incoming data. |
172 | * Following is an example of how we can describe a kernel specific struct sample_disk_io_stats in buffer. |
173 | * |
174 | * struct sample_disk_io_stats { |
175 | * uint64_t disk_reads_count; |
176 | * uint64_t disk_reads_size; |
177 | * uint64_t io_priority_count[4]; |
178 | * uint64_t io_priority_size; |
179 | * } __attribute__ ((packed)); |
180 | * |
181 | * |
182 | * struct kcdata_subtype_descriptor disk_io_stats_def[] = { |
183 | * {KCS_SUBTYPE_FLAGS_NONE, KC_ST_UINT64, 0 * sizeof(uint64_t), sizeof(uint64_t), "disk_reads_count"}, |
184 | * {KCS_SUBTYPE_FLAGS_NONE, KC_ST_UINT64, 1 * sizeof(uint64_t), sizeof(uint64_t), "disk_reads_size"}, |
185 | * {KCS_SUBTYPE_FLAGS_ARRAY, KC_ST_UINT64, 2 * sizeof(uint64_t), KCS_SUBTYPE_PACK_SIZE(4, sizeof(uint64_t)), "io_priority_count"}, |
186 | * {KCS_SUBTYPE_FLAGS_ARRAY, KC_ST_UINT64, (2 + 4) * sizeof(uint64_t), sizeof(uint64_t), "io_priority_size"}, |
187 | * }; |
188 | * |
189 | * Now you can add this custom type definition into the buffer as |
190 | * kcdata_add_type_definition(kcdata_p, KCTYPE_SAMPLE_DISK_IO_STATS, "sample_disk_io_stats", |
191 | * &disk_io_stats_def[0], sizeof(disk_io_stats_def)/sizeof(struct kcdata_subtype_descriptor)); |
192 | * |
193 | */ |
194 | |
195 | |
196 | #ifndef _KCDATA_H_ |
197 | #define _KCDATA_H_ |
198 | |
199 | #include <stdint.h> |
200 | #include <string.h> |
201 | #include <uuid/uuid.h> |
202 | |
203 | #define KCDATA_DESC_MAXLEN 32 /* including NULL byte at end */ |
204 | |
205 | #define KCDATA_FLAGS_STRUCT_PADDING_MASK 0xf |
206 | #define KCDATA_FLAGS_STRUCT_HAS_PADDING 0x80 |
207 | |
208 | /* |
209 | * kcdata aligns elements to 16 byte boundaries. |
210 | */ |
211 | #define KCDATA_ALIGNMENT_SIZE 0x10 |
212 | |
213 | struct kcdata_item { |
214 | uint32_t type; |
215 | uint32_t size; /* len(data) */ |
216 | /* flags. |
217 | * |
218 | * For structures: |
219 | * padding = flags & 0xf |
220 | * has_padding = (flags & 0x80) >> 7 |
221 | * |
222 | * has_padding is needed to disambiguate cases such as |
223 | * thread_snapshot_v2 and thread_snapshot_v3. Their |
224 | * respective sizes are 0x68 and 0x70, and thread_snapshot_v2 |
225 | * was emmitted by old kernels *before* we started recording |
226 | * padding. Since legacy thread_snapsht_v2 and modern |
227 | * thread_snapshot_v3 will both record 0 for the padding |
228 | * flags, we need some other bit which will be nonzero in the |
229 | * flags to disambiguate. |
230 | * |
231 | * This is why we hardcode a special case for |
232 | * STACKSHOT_KCTYPE_THREAD_SNAPSHOT into the iterator |
233 | * functions below. There is only a finite number of such |
234 | * hardcodings which will ever be needed. They can occur |
235 | * when: |
236 | * |
237 | * * We have a legacy structure that predates padding flags |
238 | * |
239 | * * which we want to extend without changing the kcdata type |
240 | * |
241 | * * by only so many bytes as would fit in the space that |
242 | * was previously unused padding. |
243 | * |
244 | * For containers: |
245 | * container_id = flags |
246 | * |
247 | * For arrays: |
248 | * element_count = flags & UINT32_MAX |
249 | * element_type = (flags >> 32) & UINT32_MAX |
250 | */ |
251 | uint64_t flags; |
252 | char data[]; /* must be at the end */ |
253 | }; |
254 | |
255 | typedef struct kcdata_item * kcdata_item_t; |
256 | |
257 | enum KCDATA_SUBTYPE_TYPES { KC_ST_CHAR = 1, KC_ST_INT8, KC_ST_UINT8, KC_ST_INT16, KC_ST_UINT16, KC_ST_INT32, KC_ST_UINT32, KC_ST_INT64, KC_ST_UINT64 }; |
258 | typedef enum KCDATA_SUBTYPE_TYPES kctype_subtype_t; |
259 | |
260 | /* |
261 | * A subtype description structure that defines |
262 | * how a compound data is laid out in memory. This |
263 | * provides on the fly definition of types and consumption |
264 | * by the parser. |
265 | */ |
266 | struct kcdata_subtype_descriptor { |
267 | uint8_t kcs_flags; |
268 | #define KCS_SUBTYPE_FLAGS_NONE 0x0 |
269 | #define KCS_SUBTYPE_FLAGS_ARRAY 0x1 |
270 | /* Force struct type even if only one element. |
271 | * |
272 | * Normally a kcdata_type_definition is treated as a structure if it has |
273 | * more than one subtype descriptor. Otherwise it is treated as a simple |
274 | * type. For example libkdd will represent a simple integer 42 as simply |
275 | * 42, but it will represent a structure containing an integer 42 as |
276 | * {"field_name": 42}.. |
277 | * |
278 | * If a kcdata_type_definition has only single subtype, then it will be |
279 | * treated as a structure iff KCS_SUBTYPE_FLAGS_STRUCT is set. If it has |
280 | * multiple subtypes, it will always be treated as a structure. |
281 | * |
282 | * KCS_SUBTYPE_FLAGS_MERGE has the opposite effect. If this flag is used then |
283 | * even if there are multiple elements, they will all be treated as individual |
284 | * properties of the parent dictionary. |
285 | */ |
286 | #define KCS_SUBTYPE_FLAGS_STRUCT 0x2 /* force struct type even if only one element */ |
287 | #define KCS_SUBTYPE_FLAGS_MERGE 0x4 /* treat as multiple elements of parents instead of struct */ |
288 | uint8_t kcs_elem_type; /* restricted to kctype_subtype_t */ |
289 | uint16_t kcs_elem_offset; /* offset in struct where data is found */ |
290 | uint32_t kcs_elem_size; /* size of element (or) packed state for array type */ |
291 | char kcs_name[KCDATA_DESC_MAXLEN]; /* max 31 bytes for name of field */ |
292 | }; |
293 | |
294 | typedef struct kcdata_subtype_descriptor * kcdata_subtype_descriptor_t; |
295 | |
296 | /* |
297 | * In case of array of basic c types in kctype_subtype_t, |
298 | * size is packed in lower 16 bits and |
299 | * count is packed in upper 16 bits of kcs_elem_size field. |
300 | */ |
301 | #define KCS_SUBTYPE_PACK_SIZE(e_count, e_size) (((e_count)&0xffffu) << 16 | ((e_size)&0xffffu)) |
302 | |
303 | static inline uint32_t |
304 | kcs_get_elem_size(kcdata_subtype_descriptor_t d) |
305 | { |
306 | if (d->kcs_flags & KCS_SUBTYPE_FLAGS_ARRAY) { |
307 | /* size is composed as ((count &0xffff)<<16 | (elem_size & 0xffff)) */ |
308 | return (uint32_t)((d->kcs_elem_size & 0xffff) * ((d->kcs_elem_size & 0xffff0000)>>16)); |
309 | } |
310 | return d->kcs_elem_size; |
311 | } |
312 | |
313 | static inline uint32_t |
314 | kcs_get_elem_count(kcdata_subtype_descriptor_t d) |
315 | { |
316 | if (d->kcs_flags & KCS_SUBTYPE_FLAGS_ARRAY) |
317 | return (d->kcs_elem_size >> 16) & 0xffff; |
318 | return 1; |
319 | } |
320 | |
321 | static inline int |
322 | kcs_set_elem_size(kcdata_subtype_descriptor_t d, uint32_t size, uint32_t count) |
323 | { |
324 | if (count > 1) { |
325 | /* means we are setting up an array */ |
326 | if (size > 0xffff || count > 0xffff) |
327 | return -1; //invalid argument |
328 | d->kcs_elem_size = ((count & 0xffff) << 16 | (size & 0xffff)); |
329 | } |
330 | else |
331 | { |
332 | d->kcs_elem_size = size; |
333 | } |
334 | return 0; |
335 | } |
336 | |
337 | struct kcdata_type_definition { |
338 | uint32_t kct_type_identifier; |
339 | uint32_t kct_num_elements; |
340 | char kct_name[KCDATA_DESC_MAXLEN]; |
341 | struct kcdata_subtype_descriptor kct_elements[]; |
342 | }; |
343 | |
344 | |
345 | /* chunk type definitions. 0 - 0x7ff are reserved and defined here |
346 | * NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes |
347 | * in STACKSHOT_KCTYPE_* types. |
348 | */ |
349 | |
350 | /* |
351 | * Types with description value. |
352 | * these will have KCDATA_DESC_MAXLEN-1 length string description |
353 | * and rest of kcdata_iter_size() - KCDATA_DESC_MAXLEN bytes as data |
354 | */ |
355 | #define KCDATA_TYPE_INVALID 0x0u |
356 | #define KCDATA_TYPE_STRING_DESC 0x1u |
357 | #define KCDATA_TYPE_UINT32_DESC 0x2u |
358 | #define KCDATA_TYPE_UINT64_DESC 0x3u |
359 | #define KCDATA_TYPE_INT32_DESC 0x4u |
360 | #define KCDATA_TYPE_INT64_DESC 0x5u |
361 | #define KCDATA_TYPE_BINDATA_DESC 0x6u |
362 | |
363 | /* |
364 | * Compound type definitions |
365 | */ |
366 | #define KCDATA_TYPE_ARRAY 0x11u /* Array of data OBSOLETE DONT USE THIS*/ |
367 | #define KCDATA_TYPE_TYPEDEFINTION 0x12u /* Meta type that describes a type on the fly. */ |
368 | #define KCDATA_TYPE_CONTAINER_BEGIN \ |
369 | 0x13u /* Container type which has corresponding CONTAINER_END header. \ |
370 | * KCDATA_TYPE_CONTAINER_BEGIN has type in the data segment. \ |
371 | * Both headers have (uint64_t) ID for matching up nested data. \ |
372 | */ |
373 | #define KCDATA_TYPE_CONTAINER_END 0x14u |
374 | |
375 | #define KCDATA_TYPE_ARRAY_PAD0 0x20u /* Array of data with 0 byte of padding*/ |
376 | #define KCDATA_TYPE_ARRAY_PAD1 0x21u /* Array of data with 1 byte of padding*/ |
377 | #define KCDATA_TYPE_ARRAY_PAD2 0x22u /* Array of data with 2 byte of padding*/ |
378 | #define KCDATA_TYPE_ARRAY_PAD3 0x23u /* Array of data with 3 byte of padding*/ |
379 | #define KCDATA_TYPE_ARRAY_PAD4 0x24u /* Array of data with 4 byte of padding*/ |
380 | #define KCDATA_TYPE_ARRAY_PAD5 0x25u /* Array of data with 5 byte of padding*/ |
381 | #define KCDATA_TYPE_ARRAY_PAD6 0x26u /* Array of data with 6 byte of padding*/ |
382 | #define KCDATA_TYPE_ARRAY_PAD7 0x27u /* Array of data with 7 byte of padding*/ |
383 | #define KCDATA_TYPE_ARRAY_PAD8 0x28u /* Array of data with 8 byte of padding*/ |
384 | #define KCDATA_TYPE_ARRAY_PAD9 0x29u /* Array of data with 9 byte of padding*/ |
385 | #define KCDATA_TYPE_ARRAY_PADa 0x2au /* Array of data with a byte of padding*/ |
386 | #define KCDATA_TYPE_ARRAY_PADb 0x2bu /* Array of data with b byte of padding*/ |
387 | #define KCDATA_TYPE_ARRAY_PADc 0x2cu /* Array of data with c byte of padding*/ |
388 | #define KCDATA_TYPE_ARRAY_PADd 0x2du /* Array of data with d byte of padding*/ |
389 | #define KCDATA_TYPE_ARRAY_PADe 0x2eu /* Array of data with e byte of padding*/ |
390 | #define KCDATA_TYPE_ARRAY_PADf 0x2fu /* Array of data with f byte of padding*/ |
391 | |
392 | /* |
393 | * Generic data types that are most commonly used |
394 | */ |
395 | #define KCDATA_TYPE_LIBRARY_LOADINFO 0x30u /* struct dyld_uuid_info_32 */ |
396 | #define KCDATA_TYPE_LIBRARY_LOADINFO64 0x31u /* struct dyld_uuid_info_64 */ |
397 | #define KCDATA_TYPE_TIMEBASE 0x32u /* struct mach_timebase_info */ |
398 | #define KCDATA_TYPE_MACH_ABSOLUTE_TIME 0x33u /* uint64_t */ |
399 | #define KCDATA_TYPE_TIMEVAL 0x34u /* struct timeval64 */ |
400 | #define KCDATA_TYPE_USECS_SINCE_EPOCH 0x35u /* time in usecs uint64_t */ |
401 | #define KCDATA_TYPE_PID 0x36u /* int32_t */ |
402 | #define KCDATA_TYPE_PROCNAME 0x37u /* char * */ |
403 | #define KCDATA_TYPE_NESTED_KCDATA 0x38u /* nested kcdata buffer */ |
404 | |
405 | #define KCDATA_TYPE_BUFFER_END 0xF19158EDu |
406 | |
407 | /* MAGIC numbers defined for each class of chunked data |
408 | * |
409 | * To future-proof against big-endian arches, make sure none of these magic |
410 | * numbers are byteswaps of each other |
411 | */ |
412 | |
413 | #define KCDATA_BUFFER_BEGIN_CRASHINFO 0xDEADF157u /* owner: corpses/task_corpse.h */ |
414 | /* type-range: 0x800 - 0x8ff */ |
415 | #define KCDATA_BUFFER_BEGIN_STACKSHOT 0x59a25807u /* owner: sys/stackshot.h */ |
416 | /* type-range: 0x900 - 0x93f */ |
417 | #define KCDATA_BUFFER_BEGIN_DELTA_STACKSHOT 0xDE17A59Au /* owner: sys/stackshot.h */ |
418 | /* type-range: 0x940 - 0x9ff */ |
419 | #define KCDATA_BUFFER_BEGIN_OS_REASON 0x53A20900u /* owner: sys/reason.h */ |
420 | /* type-range: 0x1000-0x103f */ |
421 | #define KCDATA_BUFFER_BEGIN_XNUPOST_CONFIG 0x1e21c09fu /* owner: osfmk/tests/kernel_tests.c */ |
422 | /* type-range: 0x1040-0x105f */ |
423 | |
424 | /* next type range number available 0x1060 */ |
425 | /**************** definitions for XNUPOST *********************/ |
426 | #define XNUPOST_KCTYPE_TESTCONFIG 0x1040 |
427 | |
428 | /**************** definitions for stackshot *********************/ |
429 | |
430 | /* This value must always match IO_NUM_PRIORITIES defined in thread_info.h */ |
431 | #define STACKSHOT_IO_NUM_PRIORITIES 4 |
432 | /* This value must always match MAXTHREADNAMESIZE used in bsd */ |
433 | #define STACKSHOT_MAX_THREAD_NAME_SIZE 64 |
434 | |
435 | /* |
436 | * NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes |
437 | * in STACKSHOT_KCTYPE_* types. |
438 | */ |
439 | #define STACKSHOT_KCTYPE_IOSTATS 0x901u /* io_stats_snapshot */ |
440 | #define STACKSHOT_KCTYPE_GLOBAL_MEM_STATS 0x902u /* struct mem_and_io_snapshot */ |
441 | #define STACKSHOT_KCCONTAINER_TASK 0x903u |
442 | #define STACKSHOT_KCCONTAINER_THREAD 0x904u |
443 | #define STACKSHOT_KCTYPE_TASK_SNAPSHOT 0x905u /* task_snapshot_v2 */ |
444 | #define STACKSHOT_KCTYPE_THREAD_SNAPSHOT 0x906u /* thread_snapshot_v2, thread_snapshot_v3 */ |
445 | #define STACKSHOT_KCTYPE_DONATING_PIDS 0x907u /* int[] */ |
446 | #define STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO 0x908u /* same as KCDATA_TYPE_LIBRARY_LOADINFO64 */ |
447 | #define STACKSHOT_KCTYPE_THREAD_NAME 0x909u /* char[] */ |
448 | #define STACKSHOT_KCTYPE_KERN_STACKFRAME 0x90Au /* struct stack_snapshot_frame32 */ |
449 | #define STACKSHOT_KCTYPE_KERN_STACKFRAME64 0x90Bu /* struct stack_snapshot_frame64 */ |
450 | #define STACKSHOT_KCTYPE_USER_STACKFRAME 0x90Cu /* struct stack_snapshot_frame32 */ |
451 | #define STACKSHOT_KCTYPE_USER_STACKFRAME64 0x90Du /* struct stack_snapshot_frame64 */ |
452 | #define STACKSHOT_KCTYPE_BOOTARGS 0x90Eu /* boot args string */ |
453 | #define STACKSHOT_KCTYPE_OSVERSION 0x90Fu /* os version string */ |
454 | #define STACKSHOT_KCTYPE_KERN_PAGE_SIZE 0x910u /* kernel page size in uint32_t */ |
455 | #define STACKSHOT_KCTYPE_JETSAM_LEVEL 0x911u /* jetsam level in uint32_t */ |
456 | #define STACKSHOT_KCTYPE_DELTA_SINCE_TIMESTAMP 0x912u /* timestamp used for the delta stackshot */ |
457 | #define STACKSHOT_KCTYPE_KERN_STACKLR 0x913u /* uint32_t */ |
458 | #define STACKSHOT_KCTYPE_KERN_STACKLR64 0x914u /* uint64_t */ |
459 | #define STACKSHOT_KCTYPE_USER_STACKLR 0x915u /* uint32_t */ |
460 | #define STACKSHOT_KCTYPE_USER_STACKLR64 0x916u /* uint64_t */ |
461 | #define STACKSHOT_KCTYPE_NONRUNNABLE_TIDS 0x917u /* uint64_t */ |
462 | #define STACKSHOT_KCTYPE_NONRUNNABLE_TASKS 0x918u /* uint64_t */ |
463 | #define STACKSHOT_KCTYPE_CPU_TIMES 0x919u /* struct stackshot_cpu_times or stackshot_cpu_times_v2 */ |
464 | #define STACKSHOT_KCTYPE_STACKSHOT_DURATION 0x91au /* struct stackshot_duration */ |
465 | #define STACKSHOT_KCTYPE_STACKSHOT_FAULT_STATS 0x91bu /* struct stackshot_fault_stats */ |
466 | #define STACKSHOT_KCTYPE_KERNELCACHE_LOADINFO 0x91cu /* kernelcache UUID -- same as KCDATA_TYPE_LIBRARY_LOADINFO64 */ |
467 | #define STACKSHOT_KCTYPE_THREAD_WAITINFO 0x91du /* struct stackshot_thread_waitinfo */ |
468 | #define STACKSHOT_KCTYPE_THREAD_GROUP_SNAPSHOT 0x91eu /* struct thread_group_snapshot or thread_group_snapshot_v2 */ |
469 | #define STACKSHOT_KCTYPE_THREAD_GROUP 0x91fu /* uint64_t */ |
470 | #define STACKSHOT_KCTYPE_JETSAM_COALITION_SNAPSHOT 0x920u /* struct jetsam_coalition_snapshot */ |
471 | #define STACKSHOT_KCTYPE_JETSAM_COALITION 0x921u /* uint64_t */ |
472 | #define STACKSHOT_KCTYPE_THREAD_POLICY_VERSION 0x922u /* THREAD_POLICY_INTERNAL_STRUCT_VERSION in uint32 */ |
473 | #define STACKSHOT_KCTYPE_INSTRS_CYCLES 0x923u /* struct instrs_cycles_snapshot */ |
474 | #define STACKSHOT_KCTYPE_USER_STACKTOP 0x924u /* struct stack_snapshot_stacktop */ |
475 | #define STACKSHOT_KCTYPE_ASID 0x925u /* uint32_t */ |
476 | #define STACKSHOT_KCTYPE_PAGE_TABLES 0x926u /* uint64_t */ |
477 | #define STACKSHOT_KCTYPE_SYS_SHAREDCACHE_LAYOUT 0x927u /* same as KCDATA_TYPE_LIBRARY_LOADINFO64 */ |
478 | |
479 | #define STACKSHOT_KCTYPE_TASK_DELTA_SNAPSHOT 0x940u /* task_delta_snapshot_v2 */ |
480 | #define STACKSHOT_KCTYPE_THREAD_DELTA_SNAPSHOT 0x941u /* thread_delta_snapshot_v* */ |
481 | |
482 | struct stack_snapshot_frame32 { |
483 | uint32_t lr; |
484 | uint32_t sp; |
485 | }; |
486 | |
487 | struct stack_snapshot_frame64 { |
488 | uint64_t lr; |
489 | uint64_t sp; |
490 | }; |
491 | |
492 | struct dyld_uuid_info_32 { |
493 | uint32_t imageLoadAddress; /* base address image is mapped at */ |
494 | uuid_t imageUUID; |
495 | }; |
496 | |
497 | struct dyld_uuid_info_64 { |
498 | uint64_t imageLoadAddress; /* XXX image slide */ |
499 | uuid_t imageUUID; |
500 | }; |
501 | |
502 | struct dyld_uuid_info_64_v2 { |
503 | uint64_t imageLoadAddress; /* XXX image slide */ |
504 | uuid_t imageUUID; |
505 | /* end of version 1 of dyld_uuid_info_64. sizeof v1 was 24 */ |
506 | uint64_t imageSlidBaseAddress; /* slid base address of image */ |
507 | }; |
508 | |
509 | struct user32_dyld_uuid_info { |
510 | uint32_t imageLoadAddress; /* base address image is mapped into */ |
511 | uuid_t imageUUID; /* UUID of image */ |
512 | }; |
513 | |
514 | struct user64_dyld_uuid_info { |
515 | uint64_t imageLoadAddress; /* base address image is mapped into */ |
516 | uuid_t imageUUID; /* UUID of image */ |
517 | }; |
518 | |
519 | enum task_snapshot_flags { |
520 | kTaskRsrcFlagged = 0x4, // In the EXC_RESOURCE danger zone? |
521 | kTerminatedSnapshot = 0x8, |
522 | kPidSuspended = 0x10, // true for suspended task |
523 | kFrozen = 0x20, // true for hibernated task (along with pidsuspended) |
524 | kTaskDarwinBG = 0x40, |
525 | kTaskExtDarwinBG = 0x80, |
526 | kTaskVisVisible = 0x100, |
527 | kTaskVisNonvisible = 0x200, |
528 | kTaskIsForeground = 0x400, |
529 | kTaskIsBoosted = 0x800, |
530 | kTaskIsSuppressed = 0x1000, |
531 | kTaskIsTimerThrottled = 0x2000, /* deprecated */ |
532 | kTaskIsImpDonor = 0x4000, |
533 | kTaskIsLiveImpDonor = 0x8000, |
534 | kTaskIsDirty = 0x10000, |
535 | kTaskWqExceededConstrainedThreadLimit = 0x20000, |
536 | kTaskWqExceededTotalThreadLimit = 0x40000, |
537 | kTaskWqFlagsAvailable = 0x80000, |
538 | kTaskUUIDInfoFaultedIn = 0x100000, /* successfully faulted in some UUID info */ |
539 | kTaskUUIDInfoMissing = 0x200000, /* some UUID info was paged out */ |
540 | kTaskUUIDInfoTriedFault = 0x400000, /* tried to fault in UUID info */ |
541 | kTaskSharedRegionInfoUnavailable = 0x800000, /* shared region info unavailable */ |
542 | kTaskTALEngaged = 0x1000000, |
543 | /* 0x2000000 unused */ |
544 | kTaskIsDirtyTracked = 0x4000000, |
545 | kTaskAllowIdleExit = 0x8000000, |
546 | }; |
547 | |
548 | enum thread_snapshot_flags { |
549 | kHasDispatchSerial = 0x4, |
550 | kStacksPCOnly = 0x8, /* Stack traces have no frame pointers. */ |
551 | kThreadDarwinBG = 0x10, /* Thread is darwinbg */ |
552 | kThreadIOPassive = 0x20, /* Thread uses passive IO */ |
553 | kThreadSuspended = 0x40, /* Thread is suspended */ |
554 | kThreadTruncatedBT = 0x80, /* Unmapped pages caused truncated backtrace */ |
555 | kGlobalForcedIdle = 0x100, /* Thread performs global forced idle */ |
556 | kThreadFaultedBT = 0x200, /* Some thread stack pages were faulted in as part of BT */ |
557 | kThreadTriedFaultBT = 0x400, /* We tried to fault in thread stack pages as part of BT */ |
558 | kThreadOnCore = 0x800, /* Thread was on-core when we entered debugger context */ |
559 | kThreadIdleWorker = 0x1000, /* Thread is an idle libpthread worker thread */ |
560 | kThreadMain = 0x2000, /* Thread is the main thread */ |
561 | }; |
562 | |
563 | struct mem_and_io_snapshot { |
564 | uint32_t snapshot_magic; |
565 | uint32_t free_pages; |
566 | uint32_t active_pages; |
567 | uint32_t inactive_pages; |
568 | uint32_t purgeable_pages; |
569 | uint32_t wired_pages; |
570 | uint32_t speculative_pages; |
571 | uint32_t throttled_pages; |
572 | uint32_t filebacked_pages; |
573 | uint32_t compressions; |
574 | uint32_t decompressions; |
575 | uint32_t compressor_size; |
576 | int32_t busy_buffer_count; |
577 | uint32_t pages_wanted; |
578 | uint32_t pages_reclaimed; |
579 | uint8_t pages_wanted_reclaimed_valid; // did mach_vm_pressure_monitor succeed? |
580 | } __attribute__((packed)); |
581 | |
582 | /* SS_TH_* macros are for ths_state */ |
583 | #define SS_TH_WAIT 0x01 /* queued for waiting */ |
584 | #define SS_TH_SUSP 0x02 /* stopped or requested to stop */ |
585 | #define SS_TH_RUN 0x04 /* running or on runq */ |
586 | #define SS_TH_UNINT 0x08 /* waiting uninteruptibly */ |
587 | #define SS_TH_TERMINATE 0x10 /* halted at termination */ |
588 | #define SS_TH_TERMINATE2 0x20 /* added to termination queue */ |
589 | #define SS_TH_IDLE 0x80 /* idling processor */ |
590 | |
591 | struct thread_snapshot_v2 { |
592 | uint64_t ths_thread_id; |
593 | uint64_t ths_wait_event; |
594 | uint64_t ths_continuation; |
595 | uint64_t ths_total_syscalls; |
596 | uint64_t ths_voucher_identifier; |
597 | uint64_t ths_dqserialnum; |
598 | uint64_t ths_user_time; |
599 | uint64_t ths_sys_time; |
600 | uint64_t ths_ss_flags; |
601 | uint64_t ths_last_run_time; |
602 | uint64_t ths_last_made_runnable_time; |
603 | uint32_t ths_state; |
604 | uint32_t ths_sched_flags; |
605 | int16_t ths_base_priority; |
606 | int16_t ths_sched_priority; |
607 | uint8_t ths_eqos; |
608 | uint8_t ths_rqos; |
609 | uint8_t ths_rqos_override; |
610 | uint8_t ths_io_tier; |
611 | } __attribute__((packed)); |
612 | |
613 | struct thread_snapshot_v3 { |
614 | uint64_t ths_thread_id; |
615 | uint64_t ths_wait_event; |
616 | uint64_t ths_continuation; |
617 | uint64_t ths_total_syscalls; |
618 | uint64_t ths_voucher_identifier; |
619 | uint64_t ths_dqserialnum; |
620 | uint64_t ths_user_time; |
621 | uint64_t ths_sys_time; |
622 | uint64_t ths_ss_flags; |
623 | uint64_t ths_last_run_time; |
624 | uint64_t ths_last_made_runnable_time; |
625 | uint32_t ths_state; |
626 | uint32_t ths_sched_flags; |
627 | int16_t ths_base_priority; |
628 | int16_t ths_sched_priority; |
629 | uint8_t ths_eqos; |
630 | uint8_t ths_rqos; |
631 | uint8_t ths_rqos_override; |
632 | uint8_t ths_io_tier; |
633 | uint64_t ths_thread_t; |
634 | } __attribute__((packed)); |
635 | |
636 | |
637 | struct thread_snapshot_v4 { |
638 | uint64_t ths_thread_id; |
639 | uint64_t ths_wait_event; |
640 | uint64_t ths_continuation; |
641 | uint64_t ths_total_syscalls; |
642 | uint64_t ths_voucher_identifier; |
643 | uint64_t ths_dqserialnum; |
644 | uint64_t ths_user_time; |
645 | uint64_t ths_sys_time; |
646 | uint64_t ths_ss_flags; |
647 | uint64_t ths_last_run_time; |
648 | uint64_t ths_last_made_runnable_time; |
649 | uint32_t ths_state; |
650 | uint32_t ths_sched_flags; |
651 | int16_t ths_base_priority; |
652 | int16_t ths_sched_priority; |
653 | uint8_t ths_eqos; |
654 | uint8_t ths_rqos; |
655 | uint8_t ths_rqos_override; |
656 | uint8_t ths_io_tier; |
657 | uint64_t ths_thread_t; |
658 | uint64_t ths_requested_policy; |
659 | uint64_t ths_effective_policy; |
660 | } __attribute__((packed)); |
661 | |
662 | |
663 | struct thread_group_snapshot { |
664 | uint64_t tgs_id; |
665 | char tgs_name[16]; |
666 | } __attribute__((packed)); |
667 | |
668 | enum thread_group_flags { |
669 | kThreadGroupEfficient = 0x1, |
670 | kThreadGroupUIApp = 0x2 |
671 | }; |
672 | |
673 | struct thread_group_snapshot_v2 { |
674 | uint64_t tgs_id; |
675 | char tgs_name[16]; |
676 | uint64_t tgs_flags; |
677 | } __attribute__((packed)); |
678 | |
679 | enum coalition_flags { |
680 | kCoalitionTermRequested = 0x1, |
681 | kCoalitionTerminated = 0x2, |
682 | kCoalitionReaped = 0x4, |
683 | kCoalitionPrivileged = 0x8, |
684 | }; |
685 | |
686 | struct jetsam_coalition_snapshot { |
687 | uint64_t jcs_id; |
688 | uint64_t jcs_flags; |
689 | uint64_t jcs_thread_group; |
690 | uint64_t jcs_leader_task_uniqueid; |
691 | } __attribute__((packed)); |
692 | |
693 | struct instrs_cycles_snapshot { |
694 | uint64_t ics_instructions; |
695 | uint64_t ics_cycles; |
696 | } __attribute__((packed)); |
697 | |
698 | struct thread_delta_snapshot_v2 { |
699 | uint64_t tds_thread_id; |
700 | uint64_t tds_voucher_identifier; |
701 | uint64_t tds_ss_flags; |
702 | uint64_t tds_last_made_runnable_time; |
703 | uint32_t tds_state; |
704 | uint32_t tds_sched_flags; |
705 | int16_t tds_base_priority; |
706 | int16_t tds_sched_priority; |
707 | uint8_t tds_eqos; |
708 | uint8_t tds_rqos; |
709 | uint8_t tds_rqos_override; |
710 | uint8_t tds_io_tier; |
711 | } __attribute__ ((packed)); |
712 | |
713 | struct thread_delta_snapshot_v3 { |
714 | uint64_t tds_thread_id; |
715 | uint64_t tds_voucher_identifier; |
716 | uint64_t tds_ss_flags; |
717 | uint64_t tds_last_made_runnable_time; |
718 | uint32_t tds_state; |
719 | uint32_t tds_sched_flags; |
720 | int16_t tds_base_priority; |
721 | int16_t tds_sched_priority; |
722 | uint8_t tds_eqos; |
723 | uint8_t tds_rqos; |
724 | uint8_t tds_rqos_override; |
725 | uint8_t tds_io_tier; |
726 | uint64_t tds_requested_policy; |
727 | uint64_t tds_effective_policy; |
728 | } __attribute__ ((packed)); |
729 | |
730 | struct io_stats_snapshot |
731 | { |
732 | /* |
733 | * I/O Statistics |
734 | * XXX: These fields must be together. |
735 | */ |
736 | uint64_t ss_disk_reads_count; |
737 | uint64_t ss_disk_reads_size; |
738 | uint64_t ss_disk_writes_count; |
739 | uint64_t ss_disk_writes_size; |
740 | uint64_t ss_io_priority_count[STACKSHOT_IO_NUM_PRIORITIES]; |
741 | uint64_t ss_io_priority_size[STACKSHOT_IO_NUM_PRIORITIES]; |
742 | uint64_t ss_paging_count; |
743 | uint64_t ss_paging_size; |
744 | uint64_t ss_non_paging_count; |
745 | uint64_t ss_non_paging_size; |
746 | uint64_t ss_data_count; |
747 | uint64_t ss_data_size; |
748 | uint64_t ss_metadata_count; |
749 | uint64_t ss_metadata_size; |
750 | /* XXX: I/O Statistics end */ |
751 | |
752 | } __attribute__ ((packed)); |
753 | |
754 | struct task_snapshot_v2 { |
755 | uint64_t ts_unique_pid; |
756 | uint64_t ts_ss_flags; |
757 | uint64_t ts_user_time_in_terminated_threads; |
758 | uint64_t ts_system_time_in_terminated_threads; |
759 | uint64_t ts_p_start_sec; |
760 | uint64_t ts_task_size; |
761 | uint64_t ts_max_resident_size; |
762 | uint32_t ts_suspend_count; |
763 | uint32_t ts_faults; |
764 | uint32_t ts_pageins; |
765 | uint32_t ts_cow_faults; |
766 | uint32_t ts_was_throttled; |
767 | uint32_t ts_did_throttle; |
768 | uint32_t ts_latency_qos; |
769 | int32_t ts_pid; |
770 | char ts_p_comm[32]; |
771 | } __attribute__ ((packed)); |
772 | |
773 | struct task_delta_snapshot_v2 { |
774 | uint64_t tds_unique_pid; |
775 | uint64_t tds_ss_flags; |
776 | uint64_t tds_user_time_in_terminated_threads; |
777 | uint64_t tds_system_time_in_terminated_threads; |
778 | uint64_t tds_task_size; |
779 | uint64_t tds_max_resident_size; |
780 | uint32_t tds_suspend_count; |
781 | uint32_t tds_faults; |
782 | uint32_t tds_pageins; |
783 | uint32_t tds_cow_faults; |
784 | uint32_t tds_was_throttled; |
785 | uint32_t tds_did_throttle; |
786 | uint32_t tds_latency_qos; |
787 | } __attribute__ ((packed)); |
788 | |
789 | struct stackshot_cpu_times { |
790 | uint64_t user_usec; |
791 | uint64_t system_usec; |
792 | } __attribute__((packed)); |
793 | |
794 | struct stackshot_cpu_times_v2 { |
795 | uint64_t user_usec; |
796 | uint64_t system_usec; |
797 | uint64_t runnable_usec; |
798 | } __attribute__((packed)); |
799 | |
800 | struct stackshot_duration { |
801 | uint64_t stackshot_duration; |
802 | uint64_t stackshot_duration_outer; |
803 | } __attribute__((packed)); |
804 | |
805 | struct stackshot_fault_stats { |
806 | uint32_t sfs_pages_faulted_in; /* number of pages faulted in using KDP fault path */ |
807 | uint64_t sfs_time_spent_faulting; /* MATUs spent faulting */ |
808 | uint64_t sfs_system_max_fault_time; /* MATUs fault time limit per stackshot */ |
809 | uint8_t sfs_stopped_faulting; /* we stopped decompressing because we hit the limit */ |
810 | } __attribute__((packed)); |
811 | |
812 | typedef struct stackshot_thread_waitinfo { |
813 | uint64_t owner; /* The thread that owns the object */ |
814 | uint64_t waiter; /* The thread that's waiting on the object */ |
815 | uint64_t context; /* A context uniquely identifying the object */ |
816 | uint8_t wait_type; /* The type of object that the thread is waiting on */ |
817 | } __attribute__((packed)) thread_waitinfo_t; |
818 | |
819 | #define STACKSHOT_WAITOWNER_KERNEL (UINT64_MAX - 1) |
820 | #define STACKSHOT_WAITOWNER_PORT_LOCKED (UINT64_MAX - 2) |
821 | #define STACKSHOT_WAITOWNER_PSET_LOCKED (UINT64_MAX - 3) |
822 | #define STACKSHOT_WAITOWNER_INTRANSIT (UINT64_MAX - 4) |
823 | #define STACKSHOT_WAITOWNER_MTXSPIN (UINT64_MAX - 5) |
824 | #define STACKSHOT_WAITOWNER_THREQUESTED (UINT64_MAX - 6) /* workloop waiting for a new worker thread */ |
825 | #define STACKSHOT_WAITOWNER_SUSPENDED (UINT64_MAX - 7) /* workloop is suspended */ |
826 | |
827 | |
828 | struct stack_snapshot_stacktop { |
829 | uint64_t sp; |
830 | uint8_t stack_contents[8]; |
831 | }; |
832 | |
833 | |
834 | /**************** definitions for crashinfo *********************/ |
835 | |
836 | /* |
837 | * NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes |
838 | * in TASK_CRASHINFO_* types. |
839 | */ |
840 | |
841 | /* FIXME some of these types aren't clean (fixed width, packed, and defined *here*) */ |
842 | |
843 | struct crashinfo_proc_uniqidentifierinfo { |
844 | uint8_t p_uuid[16]; /* UUID of the main executable */ |
845 | uint64_t p_uniqueid; /* 64 bit unique identifier for process */ |
846 | uint64_t p_puniqueid; /* unique identifier for process's parent */ |
847 | uint64_t p_reserve2; /* reserved for future use */ |
848 | uint64_t p_reserve3; /* reserved for future use */ |
849 | uint64_t p_reserve4; /* reserved for future use */ |
850 | } __attribute__((packed)); |
851 | |
852 | #define TASK_CRASHINFO_BEGIN KCDATA_BUFFER_BEGIN_CRASHINFO |
853 | #define TASK_CRASHINFO_STRING_DESC KCDATA_TYPE_STRING_DESC |
854 | #define TASK_CRASHINFO_UINT32_DESC KCDATA_TYPE_UINT32_DESC |
855 | #define TASK_CRASHINFO_UINT64_DESC KCDATA_TYPE_UINT64_DESC |
856 | |
857 | #define TASK_CRASHINFO_EXTMODINFO 0x801 |
858 | #define TASK_CRASHINFO_BSDINFOWITHUNIQID 0x802 /* struct crashinfo_proc_uniqidentifierinfo */ |
859 | #define TASK_CRASHINFO_TASKDYLD_INFO 0x803 |
860 | #define TASK_CRASHINFO_UUID 0x804 |
861 | #define TASK_CRASHINFO_PID 0x805 |
862 | #define TASK_CRASHINFO_PPID 0x806 |
863 | #define TASK_CRASHINFO_RUSAGE 0x807 /* struct rusage DEPRECATED do not use. |
864 | This struct has longs in it */ |
865 | #define TASK_CRASHINFO_RUSAGE_INFO 0x808 /* struct rusage_info_v3 from resource.h */ |
866 | #define TASK_CRASHINFO_PROC_NAME 0x809 /* char * */ |
867 | #define TASK_CRASHINFO_PROC_STARTTIME 0x80B /* struct timeval64 */ |
868 | #define TASK_CRASHINFO_USERSTACK 0x80C /* uint64_t */ |
869 | #define TASK_CRASHINFO_ARGSLEN 0x80D |
870 | #define TASK_CRASHINFO_EXCEPTION_CODES 0x80E /* mach_exception_data_t */ |
871 | #define TASK_CRASHINFO_PROC_PATH 0x80F /* string of len MAXPATHLEN */ |
872 | #define TASK_CRASHINFO_PROC_CSFLAGS 0x810 /* uint32_t */ |
873 | #define TASK_CRASHINFO_PROC_STATUS 0x811 /* char */ |
874 | #define TASK_CRASHINFO_UID 0x812 /* uid_t */ |
875 | #define TASK_CRASHINFO_GID 0x813 /* gid_t */ |
876 | #define TASK_CRASHINFO_PROC_ARGC 0x814 /* int */ |
877 | #define TASK_CRASHINFO_PROC_FLAGS 0x815 /* unsigned int */ |
878 | #define TASK_CRASHINFO_CPUTYPE 0x816 /* cpu_type_t */ |
879 | #define TASK_CRASHINFO_WORKQUEUEINFO 0x817 /* struct proc_workqueueinfo */ |
880 | #define TASK_CRASHINFO_RESPONSIBLE_PID 0x818 /* pid_t */ |
881 | #define TASK_CRASHINFO_DIRTY_FLAGS 0x819 /* int */ |
882 | #define TASK_CRASHINFO_CRASHED_THREADID 0x81A /* uint64_t */ |
883 | #define TASK_CRASHINFO_COALITION_ID 0x81B /* uint64_t */ |
884 | #define TASK_CRASHINFO_UDATA_PTRS 0x81C /* uint64_t */ |
885 | #define TASK_CRASHINFO_MEMORY_LIMIT 0x81D /* uint64_t */ |
886 | |
887 | #define TASK_CRASHINFO_LEDGER_INTERNAL 0x81E /* uint64_t */ |
888 | #define TASK_CRASHINFO_LEDGER_INTERNAL_COMPRESSED 0x81F /* uint64_t */ |
889 | #define TASK_CRASHINFO_LEDGER_IOKIT_MAPPED 0x820 /* uint64_t */ |
890 | #define TASK_CRASHINFO_LEDGER_ALTERNATE_ACCOUNTING 0x821 /* uint64_t */ |
891 | #define TASK_CRASHINFO_LEDGER_ALTERNATE_ACCOUNTING_COMPRESSED 0x822 /* uint64_t */ |
892 | #define TASK_CRASHINFO_LEDGER_PURGEABLE_NONVOLATILE 0x823 /* uint64_t */ |
893 | #define TASK_CRASHINFO_LEDGER_PURGEABLE_NONVOLATILE_COMPRESSED 0x824 /* uint64_t */ |
894 | #define TASK_CRASHINFO_LEDGER_PAGE_TABLE 0x825 /* uint64_t */ |
895 | #define 0x826 /* uint64_t */ |
896 | #define 0x827 /* uint64_t */ |
897 | #define TASK_CRASHINFO_LEDGER_NETWORK_NONVOLATILE 0x828 /* uint64_t */ |
898 | #define TASK_CRASHINFO_LEDGER_NETWORK_NONVOLATILE_COMPRESSED 0x829 /* uint64_t */ |
899 | #define TASK_CRASHINFO_LEDGER_WIRED_MEM 0x82A /* uint64_t */ |
900 | |
901 | |
902 | |
903 | #define TASK_CRASHINFO_END KCDATA_TYPE_BUFFER_END |
904 | |
905 | /**************** definitions for os reasons *********************/ |
906 | |
907 | #define EXIT_REASON_SNAPSHOT 0x1001 |
908 | #define EXIT_REASON_USER_DESC 0x1002 /* string description of reason */ |
909 | #define EXIT_REASON_USER_PAYLOAD 0x1003 /* user payload data */ |
910 | #define EXIT_REASON_CODESIGNING_INFO 0x1004 |
911 | #define EXIT_REASON_WORKLOOP_ID 0x1005 |
912 | #define EXIT_REASON_DISPATCH_QUEUE_NO 0x1006 |
913 | |
914 | struct exit_reason_snapshot { |
915 | uint32_t ers_namespace; |
916 | uint64_t ers_code; |
917 | /* end of version 1 of exit_reason_snapshot. sizeof v1 was 12 */ |
918 | uint64_t ers_flags; |
919 | } __attribute__((packed)); |
920 | |
921 | #define EXIT_REASON_CODESIG_PATH_MAX 1024 |
922 | |
923 | struct codesigning_exit_reason_info { |
924 | uint64_t ceri_virt_addr; |
925 | uint64_t ceri_file_offset; |
926 | char ceri_pathname[EXIT_REASON_CODESIG_PATH_MAX]; |
927 | char ceri_filename[EXIT_REASON_CODESIG_PATH_MAX]; |
928 | uint64_t ceri_codesig_modtime_secs; |
929 | uint64_t ceri_codesig_modtime_nsecs; |
930 | uint64_t ceri_page_modtime_secs; |
931 | uint64_t ceri_page_modtime_nsecs; |
932 | uint8_t ceri_path_truncated; |
933 | uint8_t ceri_object_codesigned; |
934 | uint8_t ceri_page_codesig_validated; |
935 | uint8_t ceri_page_codesig_tainted; |
936 | uint8_t ceri_page_codesig_nx; |
937 | uint8_t ceri_page_wpmapped; |
938 | uint8_t ceri_page_slid; |
939 | uint8_t ceri_page_dirty; |
940 | uint32_t ceri_page_shadow_depth; |
941 | } __attribute__((packed)); |
942 | |
943 | #define EXIT_REASON_USER_DESC_MAX_LEN 1024 |
944 | #define EXIT_REASON_PAYLOAD_MAX_LEN 2048 |
945 | /**************** safe iterators *********************/ |
946 | |
947 | typedef struct kcdata_iter { |
948 | kcdata_item_t item; |
949 | void *end; |
950 | } kcdata_iter_t; |
951 | |
952 | |
953 | static inline |
954 | kcdata_iter_t kcdata_iter(void *buffer, unsigned long size) { |
955 | kcdata_iter_t iter; |
956 | iter.item = (kcdata_item_t) buffer; |
957 | iter.end = (void*) (((uintptr_t)buffer) + size); |
958 | return iter; |
959 | } |
960 | |
961 | static inline |
962 | kcdata_iter_t kcdata_iter_unsafe(void *buffer) __attribute__((deprecated)); |
963 | |
964 | static inline |
965 | kcdata_iter_t kcdata_iter_unsafe(void *buffer) { |
966 | kcdata_iter_t iter; |
967 | iter.item = (kcdata_item_t) buffer; |
968 | iter.end = (void*) (uintptr_t) ~0; |
969 | return iter; |
970 | } |
971 | |
972 | static const kcdata_iter_t kcdata_invalid_iter = { .item = 0, .end = 0 }; |
973 | |
974 | static inline |
975 | int kcdata_iter_valid(kcdata_iter_t iter) { |
976 | return |
977 | ( (uintptr_t)iter.item + sizeof(struct kcdata_item) <= (uintptr_t)iter.end ) && |
978 | ( (uintptr_t)iter.item + sizeof(struct kcdata_item) + iter.item->size <= (uintptr_t)iter.end); |
979 | } |
980 | |
981 | |
982 | static inline |
983 | kcdata_iter_t kcdata_iter_next(kcdata_iter_t iter) { |
984 | iter.item = (kcdata_item_t) (((uintptr_t)iter.item) + sizeof(struct kcdata_item) + (iter.item->size)); |
985 | return iter; |
986 | } |
987 | |
988 | static inline uint32_t |
989 | kcdata_iter_type(kcdata_iter_t iter) |
990 | { |
991 | if ((iter.item->type & ~0xfu) == KCDATA_TYPE_ARRAY_PAD0) |
992 | return KCDATA_TYPE_ARRAY; |
993 | else |
994 | return iter.item->type; |
995 | } |
996 | |
997 | static inline uint32_t |
998 | kcdata_calc_padding(uint32_t size) |
999 | { |
1000 | /* calculate number of bytes to add to size to get something divisible by 16 */ |
1001 | return (-size) & 0xf; |
1002 | } |
1003 | |
1004 | static inline uint32_t |
1005 | kcdata_flags_get_padding(uint64_t flags) |
1006 | { |
1007 | return flags & KCDATA_FLAGS_STRUCT_PADDING_MASK; |
1008 | } |
1009 | |
1010 | /* see comment above about has_padding */ |
1011 | static inline int |
1012 | kcdata_iter_is_legacy_item(kcdata_iter_t iter, uint32_t legacy_size) |
1013 | { |
1014 | uint32_t legacy_size_padded = legacy_size + kcdata_calc_padding(legacy_size); |
1015 | return (iter.item->size == legacy_size_padded && |
1016 | (iter.item->flags & (KCDATA_FLAGS_STRUCT_PADDING_MASK | KCDATA_FLAGS_STRUCT_HAS_PADDING)) == 0); |
1017 | |
1018 | } |
1019 | |
1020 | static inline uint32_t |
1021 | kcdata_iter_size(kcdata_iter_t iter) |
1022 | { |
1023 | uint32_t legacy_size = 0; |
1024 | |
1025 | switch (kcdata_iter_type(iter)) { |
1026 | case KCDATA_TYPE_ARRAY: |
1027 | case KCDATA_TYPE_CONTAINER_BEGIN: |
1028 | return iter.item->size; |
1029 | case STACKSHOT_KCTYPE_THREAD_SNAPSHOT: { |
1030 | legacy_size = sizeof(struct thread_snapshot_v2); |
1031 | if (kcdata_iter_is_legacy_item(iter, legacy_size)) { |
1032 | return legacy_size; |
1033 | } |
1034 | |
1035 | goto not_legacy; |
1036 | } |
1037 | case STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO: { |
1038 | legacy_size = sizeof(struct dyld_uuid_info_64); |
1039 | if (kcdata_iter_is_legacy_item(iter, legacy_size)) { |
1040 | return legacy_size; |
1041 | } |
1042 | |
1043 | goto not_legacy; |
1044 | } |
1045 | not_legacy: |
1046 | default: |
1047 | if (iter.item->size < kcdata_flags_get_padding(iter.item->flags)) |
1048 | return 0; |
1049 | else |
1050 | return iter.item->size - kcdata_flags_get_padding(iter.item->flags); |
1051 | } |
1052 | } |
1053 | |
1054 | static inline uint64_t |
1055 | kcdata_iter_flags(kcdata_iter_t iter) |
1056 | { |
1057 | return iter.item->flags; |
1058 | } |
1059 | |
1060 | static inline |
1061 | void * kcdata_iter_payload(kcdata_iter_t iter) { |
1062 | return &iter.item->data; |
1063 | } |
1064 | |
1065 | |
1066 | static inline |
1067 | uint32_t kcdata_iter_array_elem_type(kcdata_iter_t iter) { |
1068 | return (iter.item->flags >> 32) & UINT32_MAX; |
1069 | } |
1070 | |
1071 | static inline |
1072 | uint32_t kcdata_iter_array_elem_count(kcdata_iter_t iter) { |
1073 | return (iter.item->flags) & UINT32_MAX; |
1074 | } |
1075 | |
1076 | /* KCDATA_TYPE_ARRAY is ambiguous about the size of the array elements. Size is |
1077 | * calculated as total_size / elements_count, but total size got padded out to a |
1078 | * 16 byte alignment. New kernels will generate KCDATA_TYPE_ARRAY_PAD* instead |
1079 | * to explicitly tell us how much padding was used. Here we have a fixed, never |
1080 | * to be altered list of the sizes of array elements that were used before I |
1081 | * discovered this issue. If you find a KCDATA_TYPE_ARRAY that is not one of |
1082 | * these types, treat it as invalid data. */ |
1083 | |
1084 | static inline |
1085 | uint32_t |
1086 | kcdata_iter_array_size_switch(kcdata_iter_t iter) { |
1087 | switch(kcdata_iter_array_elem_type(iter)) { |
1088 | case KCDATA_TYPE_LIBRARY_LOADINFO: |
1089 | return sizeof(struct dyld_uuid_info_32); |
1090 | case KCDATA_TYPE_LIBRARY_LOADINFO64: |
1091 | return sizeof(struct dyld_uuid_info_64); |
1092 | case STACKSHOT_KCTYPE_KERN_STACKFRAME: |
1093 | case STACKSHOT_KCTYPE_USER_STACKFRAME: |
1094 | return sizeof(struct stack_snapshot_frame32); |
1095 | case STACKSHOT_KCTYPE_KERN_STACKFRAME64: |
1096 | case STACKSHOT_KCTYPE_USER_STACKFRAME64: |
1097 | return sizeof(struct stack_snapshot_frame64); |
1098 | case STACKSHOT_KCTYPE_DONATING_PIDS: |
1099 | return sizeof(int32_t); |
1100 | case STACKSHOT_KCTYPE_THREAD_DELTA_SNAPSHOT: |
1101 | return sizeof(struct thread_delta_snapshot_v2); |
1102 | // This one is only here to make some unit tests work. It should be OK to |
1103 | // remove. |
1104 | case TASK_CRASHINFO_CRASHED_THREADID: |
1105 | return sizeof(uint64_t); |
1106 | default: |
1107 | return 0; |
1108 | } |
1109 | } |
1110 | |
1111 | static inline |
1112 | int kcdata_iter_array_valid(kcdata_iter_t iter) { |
1113 | if (!kcdata_iter_valid(iter)) |
1114 | return 0; |
1115 | if (kcdata_iter_type(iter) != KCDATA_TYPE_ARRAY) |
1116 | return 0; |
1117 | if (kcdata_iter_array_elem_count(iter) == 0) |
1118 | return iter.item->size == 0; |
1119 | if (iter.item->type == KCDATA_TYPE_ARRAY) { |
1120 | uint32_t elem_size = kcdata_iter_array_size_switch(iter); |
1121 | if (elem_size == 0) |
1122 | return 0; |
1123 | /* sizes get aligned to the nearest 16. */ |
1124 | return |
1125 | kcdata_iter_array_elem_count(iter) <= iter.item->size / elem_size && |
1126 | iter.item->size % kcdata_iter_array_elem_count(iter) < 16; |
1127 | } else { |
1128 | return |
1129 | (iter.item->type & 0xf) <= iter.item->size && |
1130 | kcdata_iter_array_elem_count(iter) <= iter.item->size - (iter.item->type & 0xf) && |
1131 | (iter.item->size - (iter.item->type & 0xf)) % kcdata_iter_array_elem_count(iter) == 0; |
1132 | } |
1133 | } |
1134 | |
1135 | |
1136 | static inline |
1137 | uint32_t kcdata_iter_array_elem_size(kcdata_iter_t iter) { |
1138 | if (iter.item->type == KCDATA_TYPE_ARRAY) |
1139 | return kcdata_iter_array_size_switch(iter); |
1140 | if (kcdata_iter_array_elem_count(iter) == 0) |
1141 | return 0; |
1142 | return (iter.item->size - (iter.item->type & 0xf)) / kcdata_iter_array_elem_count(iter); |
1143 | } |
1144 | |
1145 | static inline |
1146 | int kcdata_iter_container_valid(kcdata_iter_t iter) { |
1147 | return |
1148 | kcdata_iter_valid(iter) && |
1149 | kcdata_iter_type(iter) == KCDATA_TYPE_CONTAINER_BEGIN && |
1150 | iter.item->size >= sizeof(uint32_t); |
1151 | } |
1152 | |
1153 | static inline |
1154 | uint32_t kcdata_iter_container_type(kcdata_iter_t iter) { |
1155 | return * (uint32_t *) kcdata_iter_payload(iter); |
1156 | } |
1157 | |
1158 | static inline |
1159 | uint64_t kcdata_iter_container_id(kcdata_iter_t iter) { |
1160 | return iter.item->flags; |
1161 | } |
1162 | |
1163 | |
1164 | #define KCDATA_ITER_FOREACH(iter) for(; kcdata_iter_valid(iter) && iter.item->type != KCDATA_TYPE_BUFFER_END; iter = kcdata_iter_next(iter)) |
1165 | #define KCDATA_ITER_FOREACH_FAILED(iter) (!kcdata_iter_valid(iter) || (iter).item->type != KCDATA_TYPE_BUFFER_END) |
1166 | |
1167 | static inline |
1168 | kcdata_iter_t |
1169 | kcdata_iter_find_type(kcdata_iter_t iter, uint32_t type) |
1170 | { |
1171 | KCDATA_ITER_FOREACH(iter) |
1172 | { |
1173 | if (kcdata_iter_type(iter) == type) |
1174 | return iter; |
1175 | } |
1176 | return kcdata_invalid_iter; |
1177 | } |
1178 | |
1179 | static inline |
1180 | int kcdata_iter_data_with_desc_valid(kcdata_iter_t iter, uint32_t minsize) { |
1181 | return |
1182 | kcdata_iter_valid(iter) && |
1183 | kcdata_iter_size(iter) >= KCDATA_DESC_MAXLEN + minsize && |
1184 | ((char*)kcdata_iter_payload(iter))[KCDATA_DESC_MAXLEN-1] == 0; |
1185 | } |
1186 | |
1187 | static inline |
1188 | char *kcdata_iter_string(kcdata_iter_t iter, uint32_t offset) { |
1189 | if (offset > kcdata_iter_size(iter)) { |
1190 | return NULL; |
1191 | } |
1192 | uint32_t maxlen = kcdata_iter_size(iter) - offset; |
1193 | char *s = ((char*)kcdata_iter_payload(iter)) + offset; |
1194 | if (strnlen(s, maxlen) < maxlen) { |
1195 | return s; |
1196 | } else { |
1197 | return NULL; |
1198 | } |
1199 | } |
1200 | |
1201 | static inline void kcdata_iter_get_data_with_desc(kcdata_iter_t iter, char **desc_ptr, void **data_ptr, uint32_t *size_ptr) { |
1202 | if (desc_ptr) |
1203 | *desc_ptr = (char *)kcdata_iter_payload(iter); |
1204 | if (data_ptr) |
1205 | *data_ptr = (void *)((uintptr_t)kcdata_iter_payload(iter) + KCDATA_DESC_MAXLEN); |
1206 | if (size_ptr) |
1207 | *size_ptr = kcdata_iter_size(iter) - KCDATA_DESC_MAXLEN; |
1208 | } |
1209 | |
1210 | #endif |
1211 | |