1 | /* |
2 | * Copyright (c) 2008-2016 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | extern "C" { |
30 | #include <string.h> |
31 | #include <kern/clock.h> |
32 | #include <kern/host.h> |
33 | #include <kern/kext_alloc.h> |
34 | #include <firehose/tracepoint_private.h> |
35 | #include <firehose/chunk_private.h> |
36 | #include <os/firehose_buffer_private.h> |
37 | #include <vm/vm_kern.h> |
38 | #include <kextd/kextd_mach.h> |
39 | #include <libkern/kernel_mach_header.h> |
40 | #include <libkern/kext_panic_report.h> |
41 | #include <libkern/kext_request_keys.h> |
42 | #include <libkern/mkext.h> |
43 | #include <libkern/prelink.h> |
44 | #include <libkern/version.h> |
45 | #include <libkern/zlib.h> |
46 | #include <mach/host_special_ports.h> |
47 | #include <mach/mach_vm.h> |
48 | #include <mach/mach_time.h> |
49 | #include <sys/sysctl.h> |
50 | #include <uuid/uuid.h> |
51 | #include <sys/random.h> |
52 | |
53 | #include <sys/pgo.h> |
54 | |
55 | #if CONFIG_MACF |
56 | #include <sys/kauth.h> |
57 | #include <security/mac_framework.h> |
58 | #endif |
59 | }; |
60 | |
61 | #include <libkern/OSKextLibPrivate.h> |
62 | #include <libkern/c++/OSKext.h> |
63 | #include <libkern/c++/OSLib.h> |
64 | |
65 | #include <IOKit/IOLib.h> |
66 | #include <IOKit/IOCatalogue.h> |
67 | #include <IOKit/IORegistryEntry.h> |
68 | #include <IOKit/IOService.h> |
69 | |
70 | #include <IOKit/IOStatisticsPrivate.h> |
71 | #include <IOKit/IOBSD.h> |
72 | |
73 | #include <san/kasan.h> |
74 | |
75 | #if PRAGMA_MARK |
76 | #pragma mark External & Internal Function Protos |
77 | #endif |
78 | /********************************************************************* |
79 | *********************************************************************/ |
80 | extern "C" { |
81 | extern int IODTGetLoaderInfo(const char * key, void ** infoAddr, int * infoSize); |
82 | extern void IODTFreeLoaderInfo(const char * key, void * infoAddr, int infoSize); |
83 | |
84 | extern ppnum_t pmap_find_phys(pmap_t pmap, addr64_t va); /* osfmk/machine/pmap.h */ |
85 | extern int dtrace_keep_kernel_symbols(void); |
86 | } |
87 | |
88 | extern unsigned long gVirtBase; |
89 | extern unsigned long gPhysBase; |
90 | #if CONFIG_EMBEDDED |
91 | extern vm_offset_t segLOWESTTEXT; |
92 | #endif /* CONFIG_EMBEDDED */ |
93 | |
94 | static OSReturn _OSKextCreateRequest( |
95 | const char * predicate, |
96 | OSDictionary ** requestP); |
97 | static OSString * _OSKextGetRequestPredicate(OSDictionary * requestDict); |
98 | static OSObject * _OSKextGetRequestArgument( |
99 | OSDictionary * requestDict, |
100 | const char * argName); |
101 | static bool _OSKextSetRequestArgument( |
102 | OSDictionary * requestDict, |
103 | const char * argName, |
104 | OSObject * value); |
105 | static void * _OSKextExtractPointer(OSData * wrapper); |
106 | static OSReturn _OSDictionarySetCStringValue( |
107 | OSDictionary * dict, |
108 | const char * key, |
109 | const char * value); |
110 | static bool _OSKextInPrelinkRebuildWindow(void); |
111 | static bool _OSKextInUnloadedPrelinkedKexts(const OSSymbol * theBundleID); |
112 | |
113 | // We really should add containsObject() & containsCString to OSCollection & subclasses. |
114 | // So few pad slots, though.... |
115 | static bool _OSArrayContainsCString(OSArray * array, const char * cString); |
116 | |
117 | /* Prelinked arm kexts do not have VM entries because the method we use to |
118 | * fake an entry (see libsa/bootstrap.cpp:readPrelinkedExtensions()) does |
119 | * not work on ARM. To get around that, we must free prelinked kext |
120 | * executables with ml_static_mfree() instead of kext_free(). |
121 | */ |
122 | #if __i386__ || __x86_64__ |
123 | #define VM_MAPPED_KEXTS 1 |
124 | #define KASLR_KEXT_DEBUG 0 |
125 | #define KASLR_IOREG_DEBUG 0 |
126 | #elif __arm__ || __arm64__ |
127 | #define VM_MAPPED_KEXTS 0 |
128 | #define KASLR_KEXT_DEBUG 0 |
129 | #else |
130 | #error Unsupported architecture |
131 | #endif |
132 | |
133 | #if PRAGMA_MARK |
134 | #pragma mark Constants & Macros |
135 | #endif |
136 | /********************************************************************* |
137 | * Constants & Macros |
138 | *********************************************************************/ |
139 | |
140 | /* Use this number to create containers. |
141 | */ |
142 | #define kOSKextTypicalLoadCount (150) |
143 | |
144 | /* Any kext will have at least 1 retain for the internal lookup-by-ID dict. |
145 | * A loaded kext will no dependents or external retains will have 2 retains. |
146 | */ |
147 | #define kOSKextMinRetainCount (1) |
148 | #define kOSKextMinLoadedRetainCount (2) |
149 | |
150 | /********** |
151 | * Strings and substrings used in dependency resolution. |
152 | */ |
153 | #define APPLE_KEXT_PREFIX "com.apple." |
154 | #define KERNEL_LIB "com.apple.kernel" |
155 | |
156 | #define PRIVATE_KPI "com.apple.kpi.private" |
157 | |
158 | /* Version for compatbility pseudokexts (com.apple.kernel.*), |
159 | * compatible back to v6.0. |
160 | */ |
161 | #define KERNEL6_LIB "com.apple.kernel.6.0" |
162 | #define KERNEL6_VERSION "7.9.9" |
163 | |
164 | #define KERNEL_LIB_PREFIX "com.apple.kernel." |
165 | #define KPI_LIB_PREFIX "com.apple.kpi." |
166 | |
167 | #define STRING_HAS_PREFIX(s, p) (strncmp((s), (p), strlen(p)) == 0) |
168 | |
169 | #define REBUILD_MAX_TIME (60 * 5) // 5 minutes |
170 | #define MINIMUM_WAKEUP_SECONDS (30) |
171 | |
172 | /********************************************************************* |
173 | * infoDict keys for internally-stored data. Saves on ivar slots for |
174 | * objects we don't keep around past boot time or during active load. |
175 | *********************************************************************/ |
176 | |
177 | /* A usable, uncompressed file is stored under this key. |
178 | */ |
179 | #define _kOSKextExecutableKey "_OSKextExecutable" |
180 | |
181 | /* An indirect reference to the executable file from an mkext |
182 | * is stored under this key. |
183 | */ |
184 | #define _kOSKextMkextExecutableReferenceKey "_OSKextMkextExecutableReference" |
185 | |
186 | /* If the file is contained in a larger buffer laid down by the booter or |
187 | * sent from user space, the OSKext stores that OSData under this key so that |
188 | * references are properly tracked. This is always an mkext, right now. |
189 | */ |
190 | #define _kOSKextExecutableExternalDataKey "_OSKextExecutableExternalData" |
191 | |
192 | #define OS_LOG_HDR_VERSION 1 |
193 | #define NUM_OS_LOG_SECTIONS 2 |
194 | |
195 | #define OS_LOG_SECT_IDX 0 |
196 | #define CSTRING_SECT_IDX 1 |
197 | |
198 | #if PRAGMA_MARK |
199 | #pragma mark Typedefs |
200 | #endif |
201 | /********************************************************************* |
202 | * Typedefs |
203 | *********************************************************************/ |
204 | |
205 | /********************************************************************* |
206 | * osLogDataHeaderRef describes the header information of an OSData |
207 | * object that is returned when querying for kOSBundleLogStringsKey. |
208 | * We currently return information regarding 2 sections - os_log and |
209 | * cstring. In the case that the os_log section doesn't exist, we just |
210 | * return an offset and length of 0 for that section. |
211 | *********************************************************************/ |
212 | typedef struct { |
213 | uint32_t ; |
214 | uint32_t ; |
215 | struct { |
216 | uint32_t ; |
217 | uint32_t ; |
218 | } [0]; |
219 | } ; |
220 | |
221 | /********************************************************************* |
222 | * MkextEntryRef describes the contents of an OSData object |
223 | * referencing a file entry from an mkext so that we can uncompress |
224 | * (if necessary) and extract it on demand. |
225 | * |
226 | * It contains the mkextVersion in case we ever wind up supporting |
227 | * multiple mkext formats. Mkext format 1 is officially retired as of |
228 | * Snow Leopard. |
229 | *********************************************************************/ |
230 | typedef struct MkextEntryRef { |
231 | mkext_basic_header * mkext; // beginning of whole mkext file |
232 | void * fileinfo; // mkext2_file_entry or equiv; see mkext.h |
233 | } MkextEntryRef; |
234 | |
235 | #if PRAGMA_MARK |
236 | #pragma mark Global and static Module Variables |
237 | #endif |
238 | /********************************************************************* |
239 | * Global & static variables, used to keep track of kexts. |
240 | *********************************************************************/ |
241 | |
242 | static bool sPrelinkBoot = false; |
243 | static bool sSafeBoot = false; |
244 | static bool sKeepSymbols = false; |
245 | |
246 | /********************************************************************* |
247 | * sKextLock is the principal lock for OSKext, and guards all static |
248 | * and global variables not owned by other locks (declared further |
249 | * below). It must be taken by any entry-point method or function, |
250 | * including internal functions called on scheduled threads. |
251 | * |
252 | * sKextLock and sKextInnerLock are recursive due to multiple functions |
253 | * that are called both externally and internally. The other locks are |
254 | * nonrecursive. |
255 | * |
256 | * Which locks are taken depends on what they protect, but if more than |
257 | * one must be taken, they must always be locked in this order |
258 | * (and unlocked in reverse order) to prevent deadlocks: |
259 | * |
260 | * 1. sKextLock |
261 | * 2. sKextInnerLock |
262 | * 3. sKextSummariesLock |
263 | * 4. sKextLoggingLock |
264 | */ |
265 | static IORecursiveLock * sKextLock = NULL; |
266 | |
267 | static OSDictionary * sKextsByID = NULL; |
268 | static OSDictionary * sExcludeListByID = NULL; |
269 | static OSKextVersion sExcludeListVersion = 0; |
270 | static OSArray * sLoadedKexts = NULL; |
271 | static OSArray * sUnloadedPrelinkedKexts = NULL; |
272 | |
273 | // Requests to kextd waiting to be picked up. |
274 | static OSArray * sKernelRequests = NULL; |
275 | // Identifier of kext load requests in sKernelRequests |
276 | static OSSet * sPostedKextLoadIdentifiers = NULL; |
277 | static OSArray * sRequestCallbackRecords = NULL; |
278 | |
279 | // Identifiers of all kexts ever requested in kernel; used for prelinked kernel |
280 | static OSSet * sAllKextLoadIdentifiers = NULL; |
281 | static KXLDContext * sKxldContext = NULL; |
282 | static uint32_t sNextLoadTag = 0; |
283 | static uint32_t sNextRequestTag = 0; |
284 | |
285 | static bool sUserLoadsActive = false; |
286 | static bool sKextdActive = false; |
287 | static bool sDeferredLoadSucceeded = false; |
288 | static bool sConsiderUnloadsExecuted = false; |
289 | |
290 | #if NO_KEXTD |
291 | static bool sKernelRequestsEnabled = false; |
292 | #else |
293 | static bool sKernelRequestsEnabled = true; |
294 | #endif |
295 | static bool sLoadEnabled = true; |
296 | static bool sUnloadEnabled = true; |
297 | |
298 | /********************************************************************* |
299 | * Stuff for the OSKext representing the kernel itself. |
300 | **********/ |
301 | static OSKext * sKernelKext = NULL; |
302 | |
303 | /* Set up a fake kmod_info struct for the kernel. |
304 | * It's used in OSRuntime.cpp to call OSRuntimeInitializeCPP() |
305 | * before OSKext is initialized; that call only needs the name |
306 | * and address to be set correctly. |
307 | * |
308 | * We don't do much else with the kerne's kmod_info; we never |
309 | * put it into the kmod list, never adjust the reference count, |
310 | * and never have kernel components reference it. |
311 | * For that matter, we don't do much with kmod_info structs |
312 | * at all anymore! We just keep them filled in for gdb and |
313 | * binary compability. |
314 | */ |
315 | kmod_info_t g_kernel_kmod_info = { |
316 | /* next */ 0, |
317 | /* info_version */ KMOD_INFO_VERSION, |
318 | /* id */ 0, // loadTag: kernel is always 0 |
319 | /* name */ kOSKextKernelIdentifier, // bundle identifier |
320 | /* version */ "0" , // filled in in OSKext::initialize() |
321 | /* reference_count */ -1, // never adjusted; kernel never unloads |
322 | /* reference_list */ NULL, |
323 | /* address */ 0, |
324 | /* size */ 0, // filled in in OSKext::initialize() |
325 | /* hdr_size */ 0, |
326 | /* start */ 0, |
327 | /* stop */ 0 |
328 | }; |
329 | |
330 | /* Set up a fake kmod_info struct for statically linked kexts that don't have one. */ |
331 | |
332 | kmod_info_t invalid_kmod_info = { |
333 | /* next */ 0, |
334 | /* info_version */ KMOD_INFO_VERSION, |
335 | /* id */ UINT32_MAX, |
336 | /* name */ "invalid" , |
337 | /* version */ "0" , |
338 | /* reference_count */ -1, |
339 | /* reference_list */ NULL, |
340 | /* address */ 0, |
341 | /* size */ 0, |
342 | /* hdr_size */ 0, |
343 | /* start */ 0, |
344 | /* stop */ 0 |
345 | }; |
346 | |
347 | extern "C" { |
348 | // symbol 'kmod' referenced in: model_dep.c, db_trace.c, symbols.c, db_low_trace.c, |
349 | // dtrace.c, dtrace_glue.h, OSKext.cpp, locore.s, lowmem_vectors.s, |
350 | // misc_protos.h, db_low_trace.c, kgmacros |
351 | // 'kmod' is a holdover from the old kmod system, we can't rename it. |
352 | kmod_info_t * kmod = NULL; |
353 | |
354 | #define KEXT_PANICLIST_SIZE (2 * PAGE_SIZE) |
355 | |
356 | |
357 | static char * loaded_kext_paniclist = NULL; |
358 | static uint32_t loaded_kext_paniclist_size = 0; |
359 | |
360 | AbsoluteTime last_loaded_timestamp; |
361 | static char last_loaded_str_buf[2*KMOD_MAX_NAME]; |
362 | static u_long last_loaded_strlen = 0; |
363 | static void * last_loaded_address = NULL; |
364 | static u_long last_loaded_size = 0; |
365 | |
366 | AbsoluteTime last_unloaded_timestamp; |
367 | static char last_unloaded_str_buf[2*KMOD_MAX_NAME]; |
368 | static u_long last_unloaded_strlen = 0; |
369 | static void * last_unloaded_address = NULL; |
370 | static u_long last_unloaded_size = 0; |
371 | |
372 | // Statically linked kmods described by several mach-o sections: |
373 | // |
374 | // kPrelinkInfoSegment:kBuiltinInfoSection |
375 | // Array of pointers to kmod_info_t structs. |
376 | // |
377 | // kPrelinkInfoSegment:kBuiltinInfoSection |
378 | // Array of pointers to an embedded mach-o header. |
379 | // |
380 | // __DATA:kBuiltinInitSection, kBuiltinTermSection |
381 | // Structors for all kmods. Has to be filtered by proc address. |
382 | // |
383 | |
384 | static uint32_t gBuiltinKmodsCount; |
385 | static kernel_section_t * gBuiltinKmodsSectionInfo; |
386 | static kernel_section_t * gBuiltinKmodsSectionStart; |
387 | |
388 | static const OSSymbol * gIOSurfaceIdentifier; |
389 | vm_tag_t gIOSurfaceTag; |
390 | |
391 | /********************************************************************* |
392 | * sKextInnerLock protects against cross-calls with IOService and |
393 | * IOCatalogue, and owns the variables declared immediately below. |
394 | * |
395 | * Note that sConsiderUnloadsExecuted above belongs to sKextLock! |
396 | * |
397 | * When both sKextLock and sKextInnerLock need to be taken, |
398 | * always lock sKextLock first and unlock it second. Never take both |
399 | * locks in an entry point to OSKext; if you need to do so, you must |
400 | * spawn an independent thread to avoid potential deadlocks for threads |
401 | * calling into OSKext. |
402 | **********/ |
403 | static IORecursiveLock * sKextInnerLock = NULL; |
404 | |
405 | static bool sAutounloadEnabled = true; |
406 | static bool sConsiderUnloadsCalled = false; |
407 | static bool sConsiderUnloadsPending = false; |
408 | |
409 | static unsigned int sConsiderUnloadDelay = 60; // seconds |
410 | static thread_call_t sUnloadCallout = 0; |
411 | static thread_call_t sDestroyLinkContextThread = 0; // one-shot, one-at-a-time thread |
412 | static bool sSystemSleep = false; // true when system going to sleep |
413 | static AbsoluteTime sLastWakeTime; // last time we woke up |
414 | |
415 | /********************************************************************* |
416 | * Backtraces can be printed at various times so we need a tight lock |
417 | * on data used for that. sKextSummariesLock protects the variables |
418 | * declared immediately below. |
419 | * |
420 | * gLoadedKextSummaries is accessed by other modules, but only during |
421 | * a panic so the lock isn't needed then. |
422 | * |
423 | * gLoadedKextSummaries has the "used" attribute in order to ensure |
424 | * that it remains visible even when we are performing extremely |
425 | * aggressive optimizations, as it is needed to allow the debugger |
426 | * to automatically parse the list of loaded kexts. |
427 | **********/ |
428 | static IOLock * sKextSummariesLock = NULL; |
429 | extern "C" lck_spin_t vm_allocation_sites_lock; |
430 | static IOSimpleLock * sKextAccountsLock = &vm_allocation_sites_lock; |
431 | |
432 | void (*sLoadedKextSummariesUpdated)(void) = OSKextLoadedKextSummariesUpdated; |
433 | OSKextLoadedKextSummaryHeader * gLoadedKextSummaries __attribute__((used)) = NULL; |
434 | uint64_t gLoadedKextSummariesTimestamp __attribute__((used)) = 0; |
435 | static size_t sLoadedKextSummariesAllocSize = 0; |
436 | |
437 | static OSKextActiveAccount * sKextAccounts; |
438 | static uint32_t sKextAccountsCount; |
439 | }; |
440 | |
441 | /********************************************************************* |
442 | * sKextLoggingLock protects the logging variables declared immediately below. |
443 | **********/ |
444 | static IOLock * sKextLoggingLock = NULL; |
445 | |
446 | static const OSKextLogSpec kDefaultKernelLogFilter = kOSKextLogBasicLevel | |
447 | kOSKextLogVerboseFlagsMask; |
448 | static OSKextLogSpec sKernelLogFilter = kDefaultKernelLogFilter; |
449 | static bool sBootArgLogFilterFound = false; |
450 | SYSCTL_UINT(_debug, OID_AUTO, kextlog, CTLFLAG_RW | CTLFLAG_LOCKED, &sKernelLogFilter, |
451 | 0, "kernel kext logging" ); |
452 | |
453 | static OSKextLogSpec sUserSpaceKextLogFilter = kOSKextLogSilentFilter; |
454 | static OSArray * sUserSpaceLogSpecArray = NULL; |
455 | static OSArray * sUserSpaceLogMessageArray = NULL; |
456 | |
457 | /********* |
458 | * End scope for sKextInnerLock-protected variables. |
459 | *********************************************************************/ |
460 | |
461 | |
462 | /********************************************************************* |
463 | helper function used for collecting PGO data upon unload of a kext |
464 | */ |
465 | |
466 | static int OSKextGrabPgoDataLocked(OSKext *kext, |
467 | bool metadata, |
468 | uuid_t instance_uuid, |
469 | uint64_t *pSize, |
470 | char *pBuffer, |
471 | uint64_t bufferSize); |
472 | |
473 | /**********************************************************************/ |
474 | |
475 | |
476 | |
477 | #if PRAGMA_MARK |
478 | #pragma mark OSData callbacks (need to move to OSData) |
479 | #endif |
480 | /********************************************************************* |
481 | * C functions used for callbacks. |
482 | *********************************************************************/ |
483 | extern "C" { |
484 | void osdata_kmem_free(void * ptr, unsigned int length) { |
485 | kmem_free(kernel_map, (vm_address_t)ptr, length); |
486 | return; |
487 | } |
488 | |
489 | void osdata_phys_free(void * ptr, unsigned int length) { |
490 | ml_static_mfree((vm_offset_t)ptr, length); |
491 | return; |
492 | } |
493 | |
494 | void osdata_vm_deallocate(void * ptr, unsigned int length) |
495 | { |
496 | (void)vm_deallocate(kernel_map, (vm_offset_t)ptr, length); |
497 | return; |
498 | } |
499 | |
500 | void osdata_kext_free(void * ptr, unsigned int length) |
501 | { |
502 | (void)kext_free((vm_offset_t)ptr, length); |
503 | } |
504 | |
505 | }; |
506 | |
507 | #if PRAGMA_MARK |
508 | #pragma mark KXLD Allocation Callback |
509 | #endif |
510 | /********************************************************************* |
511 | * KXLD Allocation Callback |
512 | *********************************************************************/ |
513 | kxld_addr_t |
514 | kern_allocate( |
515 | u_long size, |
516 | KXLDAllocateFlags * flags, |
517 | void * user_data) |
518 | { |
519 | vm_address_t result = 0; // returned |
520 | kern_return_t mach_result = KERN_FAILURE; |
521 | bool success = false; |
522 | OSKext * theKext = (OSKext *)user_data; |
523 | u_long roundSize = round_page(size); |
524 | OSData * linkBuffer = NULL; // must release |
525 | |
526 | mach_result = kext_alloc(&result, roundSize, /* fixed */ FALSE); |
527 | if (mach_result != KERN_SUCCESS) { |
528 | OSKextLog(theKext, |
529 | kOSKextLogErrorLevel | |
530 | kOSKextLogGeneralFlag, |
531 | "Can't allocate kernel memory to link %s." , |
532 | theKext->getIdentifierCString()); |
533 | goto finish; |
534 | } |
535 | |
536 | /* Create an OSData wrapper for the allocated buffer. |
537 | */ |
538 | linkBuffer = OSData::withBytesNoCopy((void *)result, roundSize); |
539 | if (!linkBuffer) { |
540 | OSKextLog(theKext, |
541 | kOSKextLogErrorLevel | |
542 | kOSKextLogGeneralFlag, |
543 | "Can't allocate linked executable wrapper for %s." , |
544 | theKext->getIdentifierCString()); |
545 | goto finish; |
546 | } |
547 | linkBuffer->setDeallocFunction(osdata_kext_free); |
548 | OSKextLog(theKext, |
549 | kOSKextLogProgressLevel | |
550 | kOSKextLogLoadFlag | kOSKextLogLinkFlag, |
551 | "Allocated link buffer for kext %s at %p (%lu bytes)." , |
552 | theKext->getIdentifierCString(), |
553 | (void *)result, (unsigned long)roundSize); |
554 | |
555 | theKext->setLinkedExecutable(linkBuffer); |
556 | |
557 | *flags = kKxldAllocateWritable; |
558 | success = true; |
559 | |
560 | finish: |
561 | if (!success && result) { |
562 | kext_free(result, roundSize); |
563 | result = 0; |
564 | } |
565 | |
566 | OSSafeReleaseNULL(linkBuffer); |
567 | |
568 | return (kxld_addr_t)result; |
569 | } |
570 | |
571 | /********************************************************************* |
572 | *********************************************************************/ |
573 | void |
574 | kxld_log_callback( |
575 | KXLDLogSubsystem subsystem, |
576 | KXLDLogLevel level, |
577 | const char * format, |
578 | va_list argList, |
579 | void * user_data) |
580 | { |
581 | OSKext *theKext = (OSKext *) user_data; |
582 | OSKextLogSpec logSpec = 0; |
583 | |
584 | switch (subsystem) { |
585 | case kKxldLogLinking: |
586 | logSpec |= kOSKextLogLinkFlag; |
587 | break; |
588 | case kKxldLogPatching: |
589 | logSpec |= kOSKextLogPatchFlag; |
590 | break; |
591 | } |
592 | |
593 | switch (level) { |
594 | case kKxldLogExplicit: |
595 | logSpec |= kOSKextLogExplicitLevel; |
596 | break; |
597 | case kKxldLogErr: |
598 | logSpec |= kOSKextLogErrorLevel; |
599 | break; |
600 | case kKxldLogWarn: |
601 | logSpec |= kOSKextLogWarningLevel; |
602 | break; |
603 | case kKxldLogBasic: |
604 | logSpec |= kOSKextLogProgressLevel; |
605 | break; |
606 | case kKxldLogDetail: |
607 | logSpec |= kOSKextLogDetailLevel; |
608 | break; |
609 | case kKxldLogDebug: |
610 | logSpec |= kOSKextLogDebugLevel; |
611 | break; |
612 | } |
613 | |
614 | OSKextVLog(theKext, logSpec, format, argList); |
615 | } |
616 | |
617 | #if PRAGMA_MARK |
618 | #pragma mark IOStatistics defines |
619 | #endif |
620 | |
621 | #if IOKITSTATS |
622 | |
623 | #define notifyKextLoadObservers(kext, kmod_info) \ |
624 | do { \ |
625 | IOStatistics::onKextLoad(kext, kmod_info); \ |
626 | } while (0) |
627 | |
628 | #define notifyKextUnloadObservers(kext) \ |
629 | do { \ |
630 | IOStatistics::onKextUnload(kext); \ |
631 | } while (0) |
632 | |
633 | #define notifyAddClassObservers(kext, addedClass, flags) \ |
634 | do { \ |
635 | IOStatistics::onClassAdded(kext, addedClass); \ |
636 | } while (0) |
637 | |
638 | #define notifyRemoveClassObservers(kext, removedClass, flags) \ |
639 | do { \ |
640 | IOStatistics::onClassRemoved(kext, removedClass); \ |
641 | } while (0) |
642 | |
643 | #else |
644 | |
645 | #define notifyKextLoadObservers(kext, kmod_info) |
646 | #define notifyKextUnloadObservers(kext) |
647 | #define notifyAddClassObservers(kext, addedClass, flags) |
648 | #define notifyRemoveClassObservers(kext, removedClass, flags) |
649 | |
650 | #endif /* IOKITSTATS */ |
651 | |
652 | #if PRAGMA_MARK |
653 | #pragma mark Module Config (Startup & Shutdown) |
654 | #endif |
655 | /********************************************************************* |
656 | * Module Config (Class Definition & Class Methods) |
657 | *********************************************************************/ |
658 | #define super OSObject |
659 | OSDefineMetaClassAndStructors(OSKext, OSObject) |
660 | |
661 | /********************************************************************* |
662 | *********************************************************************/ |
663 | /* static */ |
664 | void |
665 | OSKext::initialize(void) |
666 | { |
667 | OSData * kernelExecutable = NULL; // do not release |
668 | u_char * kernelStart = NULL; // do not free |
669 | size_t kernelLength = 0; |
670 | OSString * scratchString = NULL; // must release |
671 | IORegistryEntry * registryRoot = NULL; // do not release |
672 | OSNumber * kernelCPUType = NULL; // must release |
673 | OSNumber * kernelCPUSubtype = NULL; // must release |
674 | OSKextLogSpec bootLogFilter = kOSKextLogSilentFilter; |
675 | bool setResult = false; |
676 | uint64_t * timestamp = 0; |
677 | char bootArgBuffer[16]; // for PE_parse_boot_argn w/strings |
678 | |
679 | /* This must be the first thing allocated. Everything else grabs this lock. |
680 | */ |
681 | sKextLock = IORecursiveLockAlloc(); |
682 | sKextInnerLock = IORecursiveLockAlloc(); |
683 | sKextSummariesLock = IOLockAlloc(); |
684 | sKextLoggingLock = IOLockAlloc(); |
685 | assert(sKextLock); |
686 | assert(sKextInnerLock); |
687 | assert(sKextSummariesLock); |
688 | assert(sKextLoggingLock); |
689 | |
690 | sKextsByID = OSDictionary::withCapacity(kOSKextTypicalLoadCount); |
691 | sLoadedKexts = OSArray::withCapacity(kOSKextTypicalLoadCount); |
692 | sUnloadedPrelinkedKexts = OSArray::withCapacity(kOSKextTypicalLoadCount / 10); |
693 | sKernelRequests = OSArray::withCapacity(0); |
694 | sPostedKextLoadIdentifiers = OSSet::withCapacity(0); |
695 | sAllKextLoadIdentifiers = OSSet::withCapacity(kOSKextTypicalLoadCount); |
696 | sRequestCallbackRecords = OSArray::withCapacity(0); |
697 | assert(sKextsByID && sLoadedKexts && sKernelRequests && |
698 | sPostedKextLoadIdentifiers && sAllKextLoadIdentifiers && |
699 | sRequestCallbackRecords && sUnloadedPrelinkedKexts); |
700 | |
701 | /* Read the log flag boot-args and set the log flags. |
702 | */ |
703 | if (PE_parse_boot_argn("kextlog" , &bootLogFilter, sizeof(bootLogFilter))) { |
704 | sBootArgLogFilterFound = true; |
705 | sKernelLogFilter = bootLogFilter; |
706 | // log this if any flags are set |
707 | OSKextLog(/* kext */ NULL, |
708 | kOSKextLogBasicLevel | |
709 | kOSKextLogFlagsMask, |
710 | "Kernel kext log filter 0x%x per kextlog boot arg." , |
711 | (unsigned)sKernelLogFilter); |
712 | } |
713 | |
714 | sSafeBoot = PE_parse_boot_argn("-x" , bootArgBuffer, |
715 | sizeof(bootArgBuffer)) ? true : false; |
716 | |
717 | if (sSafeBoot) { |
718 | OSKextLog(/* kext */ NULL, |
719 | kOSKextLogWarningLevel | |
720 | kOSKextLogGeneralFlag, |
721 | "SAFE BOOT DETECTED - " |
722 | "only valid OSBundleRequired kexts will be loaded." ); |
723 | } |
724 | |
725 | PE_parse_boot_argn("keepsyms" , &sKeepSymbols, sizeof(sKeepSymbols)); |
726 | #if CONFIG_DTRACE |
727 | if (dtrace_keep_kernel_symbols()) |
728 | sKeepSymbols = true; |
729 | #endif /* CONFIG_DTRACE */ |
730 | #if KASAN_DYNAMIC_BLACKLIST |
731 | /* needed for function lookup */ |
732 | sKeepSymbols = true; |
733 | #endif |
734 | |
735 | /* Set up an OSKext instance to represent the kernel itself. |
736 | */ |
737 | sKernelKext = new OSKext; |
738 | assert(sKernelKext); |
739 | |
740 | kernelStart = (u_char *)&_mh_execute_header; |
741 | kernelLength = getlastaddr() - (vm_offset_t)kernelStart; |
742 | kernelExecutable = OSData::withBytesNoCopy( |
743 | kernelStart, kernelLength); |
744 | assert(kernelExecutable); |
745 | |
746 | #if KASLR_KEXT_DEBUG |
747 | IOLog("kaslr: kernel start 0x%lx end 0x%lx length %lu vm_kernel_slide %llu (0x%016lx) \n" , |
748 | (unsigned long)kernelStart, |
749 | (unsigned long)getlastaddr(), |
750 | kernelLength, |
751 | vm_kernel_slide, vm_kernel_slide); |
752 | #endif |
753 | |
754 | sKernelKext->loadTag = sNextLoadTag++; // the kernel is load tag 0 |
755 | sKernelKext->bundleID = OSSymbol::withCString(kOSKextKernelIdentifier); |
756 | |
757 | sKernelKext->version = OSKextParseVersionString(osrelease); |
758 | sKernelKext->compatibleVersion = sKernelKext->version; |
759 | sKernelKext->linkedExecutable = kernelExecutable; |
760 | sKernelKext->interfaceUUID = sKernelKext->copyUUID(); |
761 | |
762 | sKernelKext->flags.hasAllDependencies = 1; |
763 | sKernelKext->flags.kernelComponent = 1; |
764 | sKernelKext->flags.prelinked = 0; |
765 | sKernelKext->flags.loaded = 1; |
766 | sKernelKext->flags.started = 1; |
767 | sKernelKext->flags.CPPInitialized = 0; |
768 | sKernelKext->flags.jettisonLinkeditSeg = 0; |
769 | |
770 | sKernelKext->kmod_info = &g_kernel_kmod_info; |
771 | strlcpy(g_kernel_kmod_info.version, osrelease, |
772 | sizeof(g_kernel_kmod_info.version)); |
773 | g_kernel_kmod_info.size = kernelLength; |
774 | g_kernel_kmod_info.id = sKernelKext->loadTag; |
775 | |
776 | /* Cons up an info dict, so we don't have to have special-case |
777 | * checking all over. |
778 | */ |
779 | sKernelKext->infoDict = OSDictionary::withCapacity(5); |
780 | assert(sKernelKext->infoDict); |
781 | setResult = sKernelKext->infoDict->setObject(kCFBundleIdentifierKey, |
782 | sKernelKext->bundleID); |
783 | assert(setResult); |
784 | setResult = sKernelKext->infoDict->setObject(kOSKernelResourceKey, |
785 | kOSBooleanTrue); |
786 | assert(setResult); |
787 | |
788 | scratchString = OSString::withCStringNoCopy(osrelease); |
789 | assert(scratchString); |
790 | setResult = sKernelKext->infoDict->setObject(kCFBundleVersionKey, |
791 | scratchString); |
792 | assert(setResult); |
793 | OSSafeReleaseNULL(scratchString); |
794 | |
795 | scratchString = OSString::withCStringNoCopy("mach_kernel" ); |
796 | assert(scratchString); |
797 | setResult = sKernelKext->infoDict->setObject(kCFBundleNameKey, |
798 | scratchString); |
799 | assert(setResult); |
800 | OSSafeReleaseNULL(scratchString); |
801 | |
802 | /* Add the kernel kext to the bookkeeping dictionaries. Note that |
803 | * the kernel kext doesn't have a kmod_info struct. copyInfo() |
804 | * gathers info from other places anyhow. |
805 | */ |
806 | setResult = sKextsByID->setObject(sKernelKext->bundleID, sKernelKext); |
807 | assert(setResult); |
808 | setResult = sLoadedKexts->setObject(sKernelKext); |
809 | assert(setResult); |
810 | sKernelKext->release(); |
811 | |
812 | registryRoot = IORegistryEntry::getRegistryRoot(); |
813 | kernelCPUType = OSNumber::withNumber( |
814 | (long long unsigned int)_mh_execute_header.cputype, |
815 | 8 * sizeof(_mh_execute_header.cputype)); |
816 | kernelCPUSubtype = OSNumber::withNumber( |
817 | (long long unsigned int)_mh_execute_header.cpusubtype, |
818 | 8 * sizeof(_mh_execute_header.cpusubtype)); |
819 | assert(registryRoot && kernelCPUSubtype && kernelCPUType); |
820 | |
821 | registryRoot->setProperty(kOSKernelCPUTypeKey, kernelCPUType); |
822 | registryRoot->setProperty(kOSKernelCPUSubtypeKey, kernelCPUSubtype); |
823 | |
824 | OSSafeReleaseNULL(kernelCPUType); |
825 | OSSafeReleaseNULL(kernelCPUSubtype); |
826 | |
827 | gBuiltinKmodsSectionInfo = getsectbyname(kPrelinkInfoSegment, kBuiltinInfoSection); |
828 | if (gBuiltinKmodsSectionInfo) { |
829 | uint32_t count; |
830 | |
831 | assert(gBuiltinKmodsSectionInfo->addr); |
832 | assert(gBuiltinKmodsSectionInfo->size); |
833 | gBuiltinKmodsCount = (gBuiltinKmodsSectionInfo->size / sizeof(kmod_info_t *)); |
834 | |
835 | gBuiltinKmodsSectionStart = getsectbyname(kPrelinkInfoSegment, kBuiltinStartSection); |
836 | assert(gBuiltinKmodsSectionStart); |
837 | assert(gBuiltinKmodsSectionStart->addr); |
838 | assert(gBuiltinKmodsSectionStart->size); |
839 | count = (gBuiltinKmodsSectionStart->size / sizeof(uintptr_t)); |
840 | // one extra pointer for the end of last kmod |
841 | assert(count == (gBuiltinKmodsCount + 1)); |
842 | |
843 | vm_kernel_builtinkmod_text = ((uintptr_t *)gBuiltinKmodsSectionStart->addr)[0]; |
844 | vm_kernel_builtinkmod_text_end = ((uintptr_t *)gBuiltinKmodsSectionStart->addr)[count - 1]; |
845 | } |
846 | gIOSurfaceIdentifier = OSSymbol::withCStringNoCopy("com.apple.iokit.IOSurface" ); |
847 | |
848 | timestamp = __OSAbsoluteTimePtr(&last_loaded_timestamp); |
849 | *timestamp = 0; |
850 | timestamp = __OSAbsoluteTimePtr(&last_unloaded_timestamp); |
851 | *timestamp = 0; |
852 | timestamp = __OSAbsoluteTimePtr(&sLastWakeTime); |
853 | *timestamp = 0; |
854 | |
855 | OSKextLog(/* kext */ NULL, |
856 | kOSKextLogProgressLevel | |
857 | kOSKextLogGeneralFlag, |
858 | "Kext system initialized." ); |
859 | |
860 | notifyKextLoadObservers(sKernelKext, sKernelKext->kmod_info); |
861 | |
862 | return; |
863 | } |
864 | |
865 | /********************************************************************* |
866 | * This is expected to be called exactly once, from exactly one thread |
867 | * context, during kernel bootstrap. |
868 | *********************************************************************/ |
869 | /* static */ |
870 | OSReturn |
871 | OSKext::removeKextBootstrap(void) |
872 | { |
873 | OSReturn result = kOSReturnError; |
874 | |
875 | const char * = "Kernel-__HEADER" ; |
876 | const char * dt_kernel_symtab_name = "Kernel-__SYMTAB" ; |
877 | kernel_mach_header_t * = NULL; |
878 | int = 0; |
879 | struct symtab_command * dt_symtab = NULL; |
880 | int dt_symtab_size = 0; |
881 | int dt_result = 0; |
882 | |
883 | kernel_segment_command_t * seg_to_remove = NULL; |
884 | |
885 | #if __arm__ || __arm64__ |
886 | const char * dt_segment_name = NULL; |
887 | void * segment_paddress = NULL; |
888 | int segment_size = 0; |
889 | #endif |
890 | |
891 | OSKextLog(/* kext */ NULL, |
892 | kOSKextLogProgressLevel | |
893 | kOSKextLogGeneralFlag, |
894 | "Jettisoning kext bootstrap segments." ); |
895 | |
896 | /***** |
897 | * Dispose of unnecessary stuff that the booter didn't need to load. |
898 | */ |
899 | dt_result = IODTGetLoaderInfo(dt_kernel_header_name, |
900 | (void **)&dt_mach_header, &dt_mach_header_size); |
901 | if (dt_result == 0 && dt_mach_header) { |
902 | IODTFreeLoaderInfo(dt_kernel_header_name, (void *)dt_mach_header, |
903 | round_page_32(dt_mach_header_size)); |
904 | } |
905 | dt_result = IODTGetLoaderInfo(dt_kernel_symtab_name, |
906 | (void **)&dt_symtab, &dt_symtab_size); |
907 | if (dt_result == 0 && dt_symtab) { |
908 | IODTFreeLoaderInfo(dt_kernel_symtab_name, (void *)dt_symtab, |
909 | round_page_32(dt_symtab_size)); |
910 | } |
911 | |
912 | /***** |
913 | * KLD bootstrap segment. |
914 | */ |
915 | // xxx - should rename KLD segment |
916 | seg_to_remove = getsegbyname("__KLD" ); |
917 | if (seg_to_remove) { |
918 | OSRuntimeUnloadCPPForSegment(seg_to_remove); |
919 | } |
920 | |
921 | #if __arm__ || __arm64__ |
922 | /* Free the memory that was set up by bootx. |
923 | */ |
924 | dt_segment_name = "Kernel-__KLD" ; |
925 | if (0 == IODTGetLoaderInfo(dt_segment_name, &segment_paddress, &segment_size)) { |
926 | /* We cannot free this with KTRR enabled, as we cannot |
927 | * update the permissions on the KLD range this late |
928 | * in the boot process. |
929 | */ |
930 | IODTFreeLoaderInfo(dt_segment_name, (void *)segment_paddress, |
931 | (int)segment_size); |
932 | } |
933 | #elif __i386__ || __x86_64__ |
934 | /* On x86, use the mapping data from the segment load command to |
935 | * unload KLD directly. |
936 | * This may invalidate any assumptions about "avail_start" |
937 | * defining the lower bound for valid physical addresses. |
938 | */ |
939 | if (seg_to_remove && seg_to_remove->vmaddr && seg_to_remove->vmsize) { |
940 | // 04/18/11 - gab: <rdar://problem/9236163> |
941 | // overwrite memory occupied by KLD segment with random data before |
942 | // releasing it. |
943 | read_frandom((void *) seg_to_remove->vmaddr, seg_to_remove->vmsize); |
944 | ml_static_mfree(seg_to_remove->vmaddr, seg_to_remove->vmsize); |
945 | } |
946 | #else |
947 | #error arch |
948 | #endif |
949 | |
950 | seg_to_remove = NULL; |
951 | |
952 | /***** |
953 | * Prelinked kernel's symtab (if there is one). |
954 | */ |
955 | kernel_section_t * sect; |
956 | sect = getsectbyname("__PRELINK" , "__symtab" ); |
957 | if (sect && sect->addr && sect->size) { |
958 | ml_static_mfree(sect->addr, sect->size); |
959 | } |
960 | |
961 | seg_to_remove = (kernel_segment_command_t *)getsegbyname("__LINKEDIT" ); |
962 | |
963 | /* kxld always needs the kernel's __LINKEDIT segment, but we can make it |
964 | * pageable, unless keepsyms is set. To do that, we have to copy it from |
965 | * its booter-allocated memory, free the booter memory, reallocate proper |
966 | * managed memory, then copy the segment back in. |
967 | */ |
968 | #if CONFIG_KXLD |
969 | #if (__arm__ || __arm64__) |
970 | #error CONFIG_KXLD not expected for this arch |
971 | #endif |
972 | if (!sKeepSymbols) { |
973 | kern_return_t mem_result; |
974 | void *seg_copy = NULL; |
975 | void *seg_data = NULL; |
976 | vm_map_offset_t seg_offset = 0; |
977 | vm_map_offset_t seg_copy_offset = 0; |
978 | vm_map_size_t seg_length = 0; |
979 | |
980 | seg_data = (void *) seg_to_remove->vmaddr; |
981 | seg_offset = (vm_map_offset_t) seg_to_remove->vmaddr; |
982 | seg_length = (vm_map_size_t) seg_to_remove->vmsize; |
983 | |
984 | /* Allocate space for the LINKEDIT copy. |
985 | */ |
986 | mem_result = kmem_alloc(kernel_map, (vm_offset_t *) &seg_copy, |
987 | seg_length, VM_KERN_MEMORY_KEXT); |
988 | if (mem_result != KERN_SUCCESS) { |
989 | OSKextLog(/* kext */ NULL, |
990 | kOSKextLogErrorLevel | |
991 | kOSKextLogGeneralFlag | kOSKextLogArchiveFlag, |
992 | "Can't copy __LINKEDIT segment for VM reassign." ); |
993 | return result; |
994 | } |
995 | seg_copy_offset = (vm_map_offset_t) seg_copy; |
996 | |
997 | /* Copy it out. |
998 | */ |
999 | memcpy(seg_copy, seg_data, seg_length); |
1000 | |
1001 | /* Dump the booter memory. |
1002 | */ |
1003 | ml_static_mfree(seg_offset, seg_length); |
1004 | |
1005 | /* Set up the VM region. |
1006 | */ |
1007 | mem_result = vm_map_enter_mem_object( |
1008 | kernel_map, |
1009 | &seg_offset, |
1010 | seg_length, /* mask */ 0, |
1011 | VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, |
1012 | VM_MAP_KERNEL_FLAGS_NONE, |
1013 | VM_KERN_MEMORY_NONE, |
1014 | (ipc_port_t)NULL, |
1015 | (vm_object_offset_t) 0, |
1016 | /* copy */ FALSE, |
1017 | /* cur_protection */ VM_PROT_READ | VM_PROT_WRITE, |
1018 | /* max_protection */ VM_PROT_ALL, |
1019 | /* inheritance */ VM_INHERIT_DEFAULT); |
1020 | if ((mem_result != KERN_SUCCESS) || |
1021 | (seg_offset != (vm_map_offset_t) seg_data)) |
1022 | { |
1023 | OSKextLog(/* kext */ NULL, |
1024 | kOSKextLogErrorLevel | |
1025 | kOSKextLogGeneralFlag | kOSKextLogArchiveFlag, |
1026 | "Can't create __LINKEDIT VM entry at %p, length 0x%llx (error 0x%x)." , |
1027 | seg_data, seg_length, mem_result); |
1028 | return result; |
1029 | } |
1030 | |
1031 | /* And copy it back. |
1032 | */ |
1033 | memcpy(seg_data, seg_copy, seg_length); |
1034 | |
1035 | /* Free the copy. |
1036 | */ |
1037 | kmem_free(kernel_map, seg_copy_offset, seg_length); |
1038 | } |
1039 | #else /* we are not CONFIG_KXLD */ |
1040 | #if !(__arm__ || __arm64__) |
1041 | #error CONFIG_KXLD is expected for this arch |
1042 | #endif |
1043 | |
1044 | /***** |
1045 | * Dump the LINKEDIT segment, unless keepsyms is set. |
1046 | */ |
1047 | if (!sKeepSymbols) { |
1048 | dt_segment_name = "Kernel-__LINKEDIT" ; |
1049 | if (0 == IODTGetLoaderInfo(dt_segment_name, |
1050 | &segment_paddress, &segment_size)) { |
1051 | #ifdef SECURE_KERNEL |
1052 | vm_offset_t vmaddr = ml_static_ptovirt((vm_offset_t)segment_paddress); |
1053 | bzero((void*)vmaddr, segment_size); |
1054 | #endif |
1055 | IODTFreeLoaderInfo(dt_segment_name, (void *)segment_paddress, |
1056 | (int)segment_size); |
1057 | } |
1058 | } else { |
1059 | OSKextLog(/* kext */ NULL, |
1060 | kOSKextLogBasicLevel | |
1061 | kOSKextLogGeneralFlag, |
1062 | "keepsyms boot arg specified; keeping linkedit segment for symbols." ); |
1063 | } |
1064 | #endif /* CONFIG_KXLD */ |
1065 | |
1066 | seg_to_remove = NULL; |
1067 | |
1068 | result = kOSReturnSuccess; |
1069 | |
1070 | return result; |
1071 | } |
1072 | |
1073 | /********************************************************************* |
1074 | *********************************************************************/ |
1075 | void |
1076 | OSKext::flushNonloadedKexts( |
1077 | Boolean flushPrelinkedKexts) |
1078 | { |
1079 | OSSet * prelinkedKexts = NULL; // must release |
1080 | OSCollectionIterator * kextIterator = NULL; // must release |
1081 | OSCollectionIterator * prelinkIterator = NULL; // must release |
1082 | const OSSymbol * thisID = NULL; // do not release |
1083 | OSKext * thisKext = NULL; // do not release |
1084 | uint32_t count, i; |
1085 | |
1086 | IORecursiveLockLock(sKextLock); |
1087 | |
1088 | OSKextLog(/* kext */ NULL, |
1089 | kOSKextLogProgressLevel | |
1090 | kOSKextLogKextBookkeepingFlag, |
1091 | "Flushing nonloaded kexts and other unused data." ); |
1092 | |
1093 | OSKext::considerDestroyingLinkContext(); |
1094 | |
1095 | /* If we aren't flushing unused prelinked kexts, we have to put them |
1096 | * aside while we flush everything else so make a container for them. |
1097 | */ |
1098 | if (!flushPrelinkedKexts) { |
1099 | prelinkedKexts = OSSet::withCapacity(0); |
1100 | if (!prelinkedKexts) { |
1101 | goto finish; |
1102 | } |
1103 | } |
1104 | |
1105 | /* Set aside prelinked kexts (in-use or not) and break |
1106 | * any lingering inter-kext references for nonloaded kexts |
1107 | * so they have min. retain counts. |
1108 | */ |
1109 | kextIterator = OSCollectionIterator::withCollection(sKextsByID); |
1110 | if (!kextIterator) { |
1111 | goto finish; |
1112 | } |
1113 | |
1114 | while ((thisID = OSDynamicCast(OSSymbol, |
1115 | kextIterator->getNextObject()))) { |
1116 | |
1117 | thisKext = OSDynamicCast(OSKext, sKextsByID->getObject(thisID)); |
1118 | |
1119 | if (thisKext) { |
1120 | if (prelinkedKexts && thisKext->isPrelinked()) { |
1121 | prelinkedKexts->setObject(thisKext); |
1122 | } |
1123 | thisKext->flushDependencies(/* forceIfLoaded */ false); |
1124 | } |
1125 | } |
1126 | |
1127 | /* Dump all the kexts in the ID dictionary; we'll repopulate it shortly. |
1128 | */ |
1129 | sKextsByID->flushCollection(); |
1130 | |
1131 | /* Now put the loaded kexts back into the ID dictionary. |
1132 | */ |
1133 | count = sLoadedKexts->getCount(); |
1134 | for (i = 0; i < count; i++) { |
1135 | thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
1136 | sKextsByID->setObject(thisKext->getIdentifierCString(), thisKext); |
1137 | } |
1138 | |
1139 | /* Finally, put back the prelinked kexts if we saved any. |
1140 | */ |
1141 | if (prelinkedKexts) { |
1142 | prelinkIterator = OSCollectionIterator::withCollection(prelinkedKexts); |
1143 | if (!prelinkIterator) { |
1144 | goto finish; |
1145 | } |
1146 | |
1147 | while ((thisKext = OSDynamicCast(OSKext, |
1148 | prelinkIterator->getNextObject()))) { |
1149 | |
1150 | sKextsByID->setObject(thisKext->getIdentifierCString(), |
1151 | thisKext); |
1152 | } |
1153 | } |
1154 | |
1155 | finish: |
1156 | IORecursiveLockUnlock(sKextLock); |
1157 | |
1158 | OSSafeReleaseNULL(prelinkedKexts); |
1159 | OSSafeReleaseNULL(kextIterator); |
1160 | OSSafeReleaseNULL(prelinkIterator); |
1161 | |
1162 | return; |
1163 | } |
1164 | |
1165 | /********************************************************************* |
1166 | *********************************************************************/ |
1167 | /* static */ |
1168 | void |
1169 | OSKext::setKextdActive(Boolean active) |
1170 | { |
1171 | IORecursiveLockLock(sKextLock); |
1172 | sKextdActive = active; |
1173 | if (sKernelRequests->getCount()) { |
1174 | OSKext::pingKextd(); |
1175 | } |
1176 | IORecursiveLockUnlock(sKextLock); |
1177 | |
1178 | return; |
1179 | } |
1180 | |
1181 | /********************************************************************* |
1182 | * OSKextLib.cpp might need access to this someday but for now it's |
1183 | * private. |
1184 | *********************************************************************/ |
1185 | extern "C" { |
1186 | extern void ipc_port_release_send(ipc_port_t); |
1187 | }; |
1188 | |
1189 | /* static */ |
1190 | OSReturn |
1191 | OSKext::pingKextd(void) |
1192 | { |
1193 | OSReturn result = kOSReturnError; |
1194 | #if !NO_KEXTD |
1195 | mach_port_t kextd_port = IPC_PORT_NULL; |
1196 | |
1197 | if (!sKextdActive) { |
1198 | result = kOSKextReturnDisabled; // basically unavailable |
1199 | goto finish; |
1200 | } |
1201 | |
1202 | result = host_get_kextd_port(host_priv_self(), &kextd_port); |
1203 | if (result != KERN_SUCCESS || !IPC_PORT_VALID(kextd_port)) { |
1204 | OSKextLog(/* kext */ NULL, |
1205 | kOSKextLogErrorLevel | |
1206 | kOSKextLogIPCFlag, |
1207 | "Can't get kextd port." ); |
1208 | goto finish; |
1209 | } |
1210 | |
1211 | result = kextd_ping(kextd_port); |
1212 | if (result != KERN_SUCCESS) { |
1213 | OSKextLog(/* kext */ NULL, |
1214 | kOSKextLogErrorLevel | |
1215 | kOSKextLogIPCFlag, |
1216 | "kextd ping failed (0x%x)." , (int)result); |
1217 | goto finish; |
1218 | } |
1219 | |
1220 | finish: |
1221 | if (IPC_PORT_VALID(kextd_port)) { |
1222 | ipc_port_release_send(kextd_port); |
1223 | } |
1224 | #endif |
1225 | |
1226 | return result; |
1227 | } |
1228 | |
1229 | /********************************************************************* |
1230 | *********************************************************************/ |
1231 | /* static */ |
1232 | void |
1233 | OSKext::setDeferredLoadSucceeded(Boolean succeeded) |
1234 | { |
1235 | IORecursiveLockLock(sKextLock); |
1236 | sDeferredLoadSucceeded = succeeded; |
1237 | IORecursiveLockUnlock(sKextLock); |
1238 | |
1239 | return; |
1240 | } |
1241 | |
1242 | /********************************************************************* |
1243 | * Called from IOSystemShutdownNotification. |
1244 | *********************************************************************/ |
1245 | /* static */ |
1246 | void |
1247 | OSKext::willShutdown(void) |
1248 | { |
1249 | #if !NO_KEXTD |
1250 | OSReturn checkResult = kOSReturnError; |
1251 | #endif |
1252 | OSDictionary * exitRequest = NULL; // must release |
1253 | |
1254 | IORecursiveLockLock(sKextLock); |
1255 | |
1256 | OSKext::setLoadEnabled(false); |
1257 | OSKext::setUnloadEnabled(false); |
1258 | OSKext::setAutounloadsEnabled(false); |
1259 | OSKext::setKernelRequestsEnabled(false); |
1260 | |
1261 | #if !NO_KEXTD |
1262 | OSKextLog(/* kext */ NULL, |
1263 | kOSKextLogProgressLevel | |
1264 | kOSKextLogGeneralFlag, |
1265 | "System shutdown; requesting immediate kextd exit." ); |
1266 | |
1267 | checkResult = _OSKextCreateRequest(kKextRequestPredicateRequestKextdExit, |
1268 | &exitRequest); |
1269 | if (checkResult != kOSReturnSuccess) { |
1270 | goto finish; |
1271 | } |
1272 | if (!sKernelRequests->setObject(exitRequest)) { |
1273 | goto finish; |
1274 | } |
1275 | |
1276 | OSKext::pingKextd(); |
1277 | |
1278 | finish: |
1279 | #endif |
1280 | |
1281 | IORecursiveLockUnlock(sKextLock); |
1282 | |
1283 | OSSafeReleaseNULL(exitRequest); |
1284 | return; |
1285 | } |
1286 | |
1287 | /********************************************************************* |
1288 | *********************************************************************/ |
1289 | /* static */ |
1290 | bool |
1291 | OSKext::getLoadEnabled(void) |
1292 | { |
1293 | bool result; |
1294 | |
1295 | IORecursiveLockLock(sKextLock); |
1296 | result = sLoadEnabled; |
1297 | IORecursiveLockUnlock(sKextLock); |
1298 | return result; |
1299 | } |
1300 | |
1301 | /********************************************************************* |
1302 | *********************************************************************/ |
1303 | /* static */ |
1304 | bool |
1305 | OSKext::setLoadEnabled(bool flag) |
1306 | { |
1307 | bool result; |
1308 | |
1309 | IORecursiveLockLock(sKextLock); |
1310 | result = sLoadEnabled; |
1311 | sLoadEnabled = (flag ? true : false); |
1312 | |
1313 | if (sLoadEnabled != result) { |
1314 | OSKextLog(/* kext */ NULL, |
1315 | kOSKextLogBasicLevel | |
1316 | kOSKextLogLoadFlag, |
1317 | "Kext loading now %sabled." , sLoadEnabled ? "en" : "dis" ); |
1318 | } |
1319 | |
1320 | IORecursiveLockUnlock(sKextLock); |
1321 | |
1322 | return result; |
1323 | } |
1324 | |
1325 | /********************************************************************* |
1326 | *********************************************************************/ |
1327 | /* static */ |
1328 | bool |
1329 | OSKext::getUnloadEnabled(void) |
1330 | { |
1331 | bool result; |
1332 | |
1333 | IORecursiveLockLock(sKextLock); |
1334 | result = sUnloadEnabled; |
1335 | IORecursiveLockUnlock(sKextLock); |
1336 | return result; |
1337 | } |
1338 | |
1339 | /********************************************************************* |
1340 | *********************************************************************/ |
1341 | /* static */ |
1342 | bool |
1343 | OSKext::setUnloadEnabled(bool flag) |
1344 | { |
1345 | bool result; |
1346 | |
1347 | IORecursiveLockLock(sKextLock); |
1348 | result = sUnloadEnabled; |
1349 | sUnloadEnabled = (flag ? true : false); |
1350 | IORecursiveLockUnlock(sKextLock); |
1351 | |
1352 | if (sUnloadEnabled != result) { |
1353 | OSKextLog(/* kext */ NULL, |
1354 | kOSKextLogBasicLevel | |
1355 | kOSKextLogGeneralFlag | kOSKextLogLoadFlag, |
1356 | "Kext unloading now %sabled." , sUnloadEnabled ? "en" : "dis" ); |
1357 | } |
1358 | |
1359 | return result; |
1360 | } |
1361 | |
1362 | /********************************************************************* |
1363 | * Do not call any function that takes sKextLock here! |
1364 | *********************************************************************/ |
1365 | /* static */ |
1366 | bool |
1367 | OSKext::getAutounloadEnabled(void) |
1368 | { |
1369 | bool result; |
1370 | |
1371 | IORecursiveLockLock(sKextInnerLock); |
1372 | result = sAutounloadEnabled ? true : false; |
1373 | IORecursiveLockUnlock(sKextInnerLock); |
1374 | return result; |
1375 | } |
1376 | |
1377 | /********************************************************************* |
1378 | * Do not call any function that takes sKextLock here! |
1379 | *********************************************************************/ |
1380 | /* static */ |
1381 | bool |
1382 | OSKext::setAutounloadsEnabled(bool flag) |
1383 | { |
1384 | bool result; |
1385 | |
1386 | IORecursiveLockLock(sKextInnerLock); |
1387 | |
1388 | result = sAutounloadEnabled; |
1389 | sAutounloadEnabled = (flag ? true : false); |
1390 | if (!sAutounloadEnabled && sUnloadCallout) { |
1391 | thread_call_cancel(sUnloadCallout); |
1392 | } |
1393 | |
1394 | if (sAutounloadEnabled != result) { |
1395 | OSKextLog(/* kext */ NULL, |
1396 | kOSKextLogBasicLevel | |
1397 | kOSKextLogGeneralFlag | kOSKextLogLoadFlag, |
1398 | "Kext autounloading now %sabled." , |
1399 | sAutounloadEnabled ? "en" : "dis" ); |
1400 | } |
1401 | |
1402 | IORecursiveLockUnlock(sKextInnerLock); |
1403 | |
1404 | return result; |
1405 | } |
1406 | |
1407 | /********************************************************************* |
1408 | *********************************************************************/ |
1409 | /* instance method operating on OSKext field */ |
1410 | bool |
1411 | OSKext::setAutounloadEnabled(bool flag) |
1412 | { |
1413 | bool result = flags.autounloadEnabled ? true : false; |
1414 | flags.autounloadEnabled = flag ? 1 : 0; |
1415 | |
1416 | if (result != (flag ? true : false)) { |
1417 | OSKextLog(this, |
1418 | kOSKextLogProgressLevel | |
1419 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
1420 | "Autounloading for kext %s now %sabled." , |
1421 | getIdentifierCString(), |
1422 | flags.autounloadEnabled ? "en" : "dis" ); |
1423 | } |
1424 | return result; |
1425 | } |
1426 | |
1427 | /********************************************************************* |
1428 | *********************************************************************/ |
1429 | /* static */ |
1430 | bool |
1431 | OSKext::setKernelRequestsEnabled(bool flag) |
1432 | { |
1433 | bool result; |
1434 | |
1435 | IORecursiveLockLock(sKextLock); |
1436 | result = sKernelRequestsEnabled; |
1437 | sKernelRequestsEnabled = flag ? true : false; |
1438 | |
1439 | if (sKernelRequestsEnabled != result) { |
1440 | OSKextLog(/* kext */ NULL, |
1441 | kOSKextLogBasicLevel | |
1442 | kOSKextLogGeneralFlag, |
1443 | "Kernel requests now %sabled." , |
1444 | sKernelRequestsEnabled ? "en" : "dis" ); |
1445 | } |
1446 | IORecursiveLockUnlock(sKextLock); |
1447 | return result; |
1448 | } |
1449 | |
1450 | /********************************************************************* |
1451 | *********************************************************************/ |
1452 | /* static */ |
1453 | bool |
1454 | OSKext::getKernelRequestsEnabled(void) |
1455 | { |
1456 | bool result; |
1457 | |
1458 | IORecursiveLockLock(sKextLock); |
1459 | result = sKernelRequestsEnabled; |
1460 | IORecursiveLockUnlock(sKextLock); |
1461 | return result; |
1462 | } |
1463 | |
1464 | #if PRAGMA_MARK |
1465 | #pragma mark Kext Life Cycle |
1466 | #endif |
1467 | /********************************************************************* |
1468 | *********************************************************************/ |
1469 | OSKext * |
1470 | OSKext::withPrelinkedInfoDict( |
1471 | OSDictionary * anInfoDict, |
1472 | bool doCoalesedSlides) |
1473 | { |
1474 | OSKext * newKext = new OSKext; |
1475 | |
1476 | if (newKext && !newKext->initWithPrelinkedInfoDict(anInfoDict, doCoalesedSlides)) { |
1477 | newKext->release(); |
1478 | return NULL; |
1479 | } |
1480 | |
1481 | return newKext; |
1482 | } |
1483 | |
1484 | /********************************************************************* |
1485 | *********************************************************************/ |
1486 | bool |
1487 | OSKext::initWithPrelinkedInfoDict( |
1488 | OSDictionary * anInfoDict, |
1489 | bool doCoalesedSlides) |
1490 | { |
1491 | bool result = false; |
1492 | OSString * kextPath = NULL; // do not release |
1493 | OSNumber * addressNum = NULL; // reused; do not release |
1494 | OSNumber * lengthNum = NULL; // reused; do not release |
1495 | void * data = NULL; // do not free |
1496 | void * srcData = NULL; // do not free |
1497 | OSData * prelinkedExecutable = NULL; // must release |
1498 | uint32_t length = 0; // reused |
1499 | |
1500 | if (!super::init()) { |
1501 | goto finish; |
1502 | } |
1503 | |
1504 | /* Get the path. Don't look for an arch-specific path property. |
1505 | */ |
1506 | kextPath = OSDynamicCast(OSString, |
1507 | anInfoDict->getObject(kPrelinkBundlePathKey)); |
1508 | |
1509 | if (!setInfoDictionaryAndPath(anInfoDict, kextPath)) { |
1510 | goto finish; |
1511 | } |
1512 | #if KASLR_KEXT_DEBUG |
1513 | IOLog("kaslr: doCoalesedSlides %d kext %s \n" , doCoalesedSlides, getIdentifierCString()); |
1514 | #endif |
1515 | |
1516 | /* Also get the executable's bundle-relative path if present. |
1517 | * Don't look for an arch-specific path property. |
1518 | */ |
1519 | executableRelPath = OSDynamicCast(OSString, |
1520 | anInfoDict->getObject(kPrelinkExecutableRelativePathKey)); |
1521 | if (executableRelPath) { |
1522 | executableRelPath->retain(); |
1523 | } |
1524 | |
1525 | /* Don't need the paths to be in the info dictionary any more. |
1526 | */ |
1527 | anInfoDict->removeObject(kPrelinkBundlePathKey); |
1528 | anInfoDict->removeObject(kPrelinkExecutableRelativePathKey); |
1529 | |
1530 | /* Create an OSData wrapper around the linked executable. |
1531 | */ |
1532 | addressNum = OSDynamicCast(OSNumber, |
1533 | anInfoDict->getObject(kPrelinkExecutableLoadKey)); |
1534 | if (addressNum) { |
1535 | lengthNum = OSDynamicCast(OSNumber, |
1536 | anInfoDict->getObject(kPrelinkExecutableSizeKey)); |
1537 | if (!lengthNum) { |
1538 | OSKextLog(this, |
1539 | kOSKextLogErrorLevel | |
1540 | kOSKextLogArchiveFlag, |
1541 | "Kext %s can't find prelinked kext executable size." , |
1542 | getIdentifierCString()); |
1543 | goto finish; |
1544 | } |
1545 | |
1546 | data = (void *) ml_static_slide((intptr_t) (addressNum->unsigned64BitValue())); |
1547 | length = (uint32_t) (lengthNum->unsigned32BitValue()); |
1548 | |
1549 | #if KASLR_KEXT_DEBUG |
1550 | IOLog("kaslr: unslid 0x%lx slid 0x%lx length %u - prelink executable \n" , |
1551 | (unsigned long)ml_static_unslide(data), |
1552 | (unsigned long)data, |
1553 | length); |
1554 | #endif |
1555 | |
1556 | anInfoDict->removeObject(kPrelinkExecutableLoadKey); |
1557 | anInfoDict->removeObject(kPrelinkExecutableSizeKey); |
1558 | |
1559 | /* If the kext's load address differs from its source address, allocate |
1560 | * space in the kext map at the load address and copy the kext over. |
1561 | */ |
1562 | addressNum = OSDynamicCast(OSNumber, anInfoDict->getObject(kPrelinkExecutableSourceKey)); |
1563 | if (addressNum) { |
1564 | srcData = (void *) ml_static_slide((intptr_t) (addressNum->unsigned64BitValue())); |
1565 | |
1566 | #if KASLR_KEXT_DEBUG |
1567 | IOLog("kaslr: unslid 0x%lx slid 0x%lx - prelink executable source \n" , |
1568 | (unsigned long)ml_static_unslide(srcData), |
1569 | (unsigned long)srcData); |
1570 | #endif |
1571 | |
1572 | if (data != srcData) { |
1573 | #if __LP64__ |
1574 | kern_return_t alloc_result; |
1575 | |
1576 | alloc_result = kext_alloc((vm_offset_t *)&data, length, /* fixed */ TRUE); |
1577 | if (alloc_result != KERN_SUCCESS) { |
1578 | OSKextLog(this, |
1579 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
1580 | "Failed to allocate space for prelinked kext %s." , |
1581 | getIdentifierCString()); |
1582 | goto finish; |
1583 | } |
1584 | memcpy(data, srcData, length); |
1585 | #else |
1586 | OSKextLog(this, |
1587 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
1588 | "Error: prelinked kext %s - source and load addresses " |
1589 | "differ on ILP32 architecture." , |
1590 | getIdentifierCString()); |
1591 | goto finish; |
1592 | #endif /* __LP64__ */ |
1593 | } |
1594 | |
1595 | anInfoDict->removeObject(kPrelinkExecutableSourceKey); |
1596 | } |
1597 | |
1598 | prelinkedExecutable = OSData::withBytesNoCopy(data, length); |
1599 | if (!prelinkedExecutable) { |
1600 | OSKextLog(this, |
1601 | kOSKextLogErrorLevel | |
1602 | kOSKextLogGeneralFlag | kOSKextLogArchiveFlag, |
1603 | "Kext %s failed to create executable wrapper." , |
1604 | getIdentifierCString()); |
1605 | goto finish; |
1606 | } |
1607 | |
1608 | #if VM_MAPPED_KEXTS |
1609 | prelinkedExecutable->setDeallocFunction(osdata_kext_free); |
1610 | #else |
1611 | prelinkedExecutable->setDeallocFunction(osdata_phys_free); |
1612 | #endif |
1613 | setLinkedExecutable(prelinkedExecutable); |
1614 | addressNum = OSDynamicCast(OSNumber, |
1615 | anInfoDict->getObject(kPrelinkKmodInfoKey)); |
1616 | if (!addressNum) { |
1617 | OSKextLog(this, |
1618 | kOSKextLogErrorLevel | |
1619 | kOSKextLogArchiveFlag, |
1620 | "Kext %s can't find prelinked kext kmod_info address." , |
1621 | getIdentifierCString()); |
1622 | goto finish; |
1623 | } |
1624 | |
1625 | if (addressNum->unsigned64BitValue() != 0) { |
1626 | kmod_info = (kmod_info_t *) ml_static_slide((intptr_t) (addressNum->unsigned64BitValue())); |
1627 | kmod_info->address = ml_static_slide(kmod_info->address); |
1628 | #if KASLR_KEXT_DEBUG |
1629 | IOLog("kaslr: unslid 0x%lx slid 0x%lx - kmod_info \n" , |
1630 | (unsigned long)ml_static_unslide(kmod_info), |
1631 | (unsigned long)kmod_info); |
1632 | IOLog("kaslr: unslid 0x%lx slid 0x%lx - kmod_info->address \n" , |
1633 | (unsigned long)ml_static_unslide(kmod_info->address), |
1634 | (unsigned long)kmod_info->address); |
1635 | #endif |
1636 | } |
1637 | |
1638 | anInfoDict->removeObject(kPrelinkKmodInfoKey); |
1639 | } |
1640 | |
1641 | if ((addressNum = OSDynamicCast(OSNumber, anInfoDict->getObject("ModuleIndex" )))) |
1642 | { |
1643 | uintptr_t builtinTextStart; |
1644 | uintptr_t builtinTextEnd; |
1645 | |
1646 | flags.builtin = true; |
1647 | builtinKmodIdx = addressNum->unsigned32BitValue(); |
1648 | assert(builtinKmodIdx < gBuiltinKmodsCount); |
1649 | |
1650 | builtinTextStart = ((uintptr_t *)gBuiltinKmodsSectionStart->addr)[builtinKmodIdx]; |
1651 | builtinTextEnd = ((uintptr_t *)gBuiltinKmodsSectionStart->addr)[builtinKmodIdx + 1]; |
1652 | |
1653 | kmod_info = ((kmod_info_t **)gBuiltinKmodsSectionInfo->addr)[builtinKmodIdx]; |
1654 | kmod_info->address = builtinTextStart; |
1655 | kmod_info->size = builtinTextEnd - builtinTextStart; |
1656 | } |
1657 | |
1658 | /* If the plist has a UUID for an interface, save that off. |
1659 | */ |
1660 | if (isInterface()) { |
1661 | interfaceUUID = OSDynamicCast(OSData, |
1662 | anInfoDict->getObject(kPrelinkInterfaceUUIDKey)); |
1663 | if (interfaceUUID) { |
1664 | interfaceUUID->retain(); |
1665 | anInfoDict->removeObject(kPrelinkInterfaceUUIDKey); |
1666 | } |
1667 | } |
1668 | |
1669 | result = slidePrelinkedExecutable(doCoalesedSlides); |
1670 | if (result != kOSReturnSuccess) { |
1671 | goto finish; |
1672 | } |
1673 | |
1674 | if (doCoalesedSlides == false) { |
1675 | /* set VM protections now, wire later at kext load */ |
1676 | result = setVMAttributes(true, false); |
1677 | if (result != KERN_SUCCESS) { |
1678 | goto finish; |
1679 | } |
1680 | } |
1681 | |
1682 | flags.prelinked = true; |
1683 | |
1684 | /* If we created a kext from prelink info, |
1685 | * we must be booting from a prelinked kernel. |
1686 | */ |
1687 | sPrelinkBoot = true; |
1688 | |
1689 | result = registerIdentifier(); |
1690 | |
1691 | finish: |
1692 | OSSafeReleaseNULL(prelinkedExecutable); |
1693 | |
1694 | return result; |
1695 | } |
1696 | |
1697 | /********************************************************************* |
1698 | *********************************************************************/ |
1699 | /* static */ |
1700 | void OSKext::setAllVMAttributes(void) |
1701 | { |
1702 | OSCollectionIterator * kextIterator = NULL; // must release |
1703 | const OSSymbol * thisID = NULL; // do not release |
1704 | |
1705 | IORecursiveLockLock(sKextLock); |
1706 | |
1707 | kextIterator = OSCollectionIterator::withCollection(sKextsByID); |
1708 | if (!kextIterator) { |
1709 | goto finish; |
1710 | } |
1711 | |
1712 | while ((thisID = OSDynamicCast(OSSymbol, kextIterator->getNextObject()))) { |
1713 | OSKext * thisKext; // do not release |
1714 | |
1715 | thisKext = OSDynamicCast(OSKext, sKextsByID->getObject(thisID)); |
1716 | if (!thisKext || thisKext->isInterface() || !thisKext->declaresExecutable()) { |
1717 | continue; |
1718 | } |
1719 | |
1720 | /* set VM protections now, wire later at kext load */ |
1721 | thisKext->setVMAttributes(true, false); |
1722 | } |
1723 | |
1724 | finish: |
1725 | IORecursiveLockUnlock(sKextLock); |
1726 | OSSafeReleaseNULL(kextIterator); |
1727 | |
1728 | return; |
1729 | } |
1730 | |
1731 | /********************************************************************* |
1732 | *********************************************************************/ |
1733 | OSKext * |
1734 | OSKext::withBooterData( |
1735 | OSString * deviceTreeName, |
1736 | OSData * booterData) |
1737 | { |
1738 | OSKext * newKext = new OSKext; |
1739 | |
1740 | if (newKext && !newKext->initWithBooterData(deviceTreeName, booterData)) { |
1741 | newKext->release(); |
1742 | return NULL; |
1743 | } |
1744 | |
1745 | return newKext; |
1746 | } |
1747 | |
1748 | /********************************************************************* |
1749 | *********************************************************************/ |
1750 | typedef struct _BooterKextFileInfo { |
1751 | uint32_t infoDictPhysAddr; |
1752 | uint32_t infoDictLength; |
1753 | uint32_t executablePhysAddr; |
1754 | uint32_t executableLength; |
1755 | uint32_t bundlePathPhysAddr; |
1756 | uint32_t bundlePathLength; |
1757 | } _BooterKextFileInfo; |
1758 | |
1759 | bool |
1760 | OSKext::initWithBooterData( |
1761 | OSString * deviceTreeName, |
1762 | OSData * booterData) |
1763 | { |
1764 | bool result = false; |
1765 | _BooterKextFileInfo * kextFileInfo = NULL; // do not free |
1766 | char * infoDictAddr = NULL; // do not free |
1767 | void * executableAddr = NULL; // do not free |
1768 | char * bundlePathAddr = NULL; // do not free |
1769 | |
1770 | OSObject * parsedXML = NULL; // must release |
1771 | OSDictionary * theInfoDict = NULL; // do not release |
1772 | OSString * kextPath = NULL; // must release |
1773 | OSString * errorString = NULL; // must release |
1774 | OSData * executable = NULL; // must release |
1775 | |
1776 | if (!super::init()) { |
1777 | goto finish; |
1778 | } |
1779 | |
1780 | kextFileInfo = (_BooterKextFileInfo *)booterData->getBytesNoCopy(); |
1781 | if (!kextFileInfo) { |
1782 | OSKextLog(this, |
1783 | kOSKextLogErrorLevel | |
1784 | kOSKextLogGeneralFlag, |
1785 | "No booter-provided data for kext device tree entry %s." , |
1786 | deviceTreeName->getCStringNoCopy()); |
1787 | goto finish; |
1788 | } |
1789 | |
1790 | /* The info plist must exist or we can't read the kext. |
1791 | */ |
1792 | if (!kextFileInfo->infoDictPhysAddr || !kextFileInfo->infoDictLength) { |
1793 | OSKextLog(this, |
1794 | kOSKextLogErrorLevel | |
1795 | kOSKextLogGeneralFlag, |
1796 | "No kext info dictionary for booter device tree entry %s." , |
1797 | deviceTreeName->getCStringNoCopy()); |
1798 | goto finish; |
1799 | } |
1800 | |
1801 | infoDictAddr = (char *)ml_static_ptovirt(kextFileInfo->infoDictPhysAddr); |
1802 | if (!infoDictAddr) { |
1803 | OSKextLog(this, |
1804 | kOSKextLogErrorLevel | |
1805 | kOSKextLogGeneralFlag, |
1806 | "Can't translate physical address 0x%x of kext info dictionary " |
1807 | "for device tree entry %s." , |
1808 | (int)kextFileInfo->infoDictPhysAddr, |
1809 | deviceTreeName->getCStringNoCopy()); |
1810 | goto finish; |
1811 | } |
1812 | |
1813 | parsedXML = OSUnserializeXML(infoDictAddr, &errorString); |
1814 | if (parsedXML) { |
1815 | theInfoDict = OSDynamicCast(OSDictionary, parsedXML); |
1816 | } |
1817 | if (!theInfoDict) { |
1818 | const char * errorCString = "(unknown error)" ; |
1819 | |
1820 | if (errorString && errorString->getCStringNoCopy()) { |
1821 | errorCString = errorString->getCStringNoCopy(); |
1822 | } else if (parsedXML) { |
1823 | errorCString = "not a dictionary" ; |
1824 | } |
1825 | OSKextLog(this, |
1826 | kOSKextLogErrorLevel | |
1827 | kOSKextLogGeneralFlag, |
1828 | "Error unserializing info dictionary for device tree entry %s: %s." , |
1829 | deviceTreeName->getCStringNoCopy(), errorCString); |
1830 | goto finish; |
1831 | } |
1832 | |
1833 | /* A bundle path is not mandatory. |
1834 | */ |
1835 | if (kextFileInfo->bundlePathPhysAddr && kextFileInfo->bundlePathLength) { |
1836 | bundlePathAddr = (char *)ml_static_ptovirt(kextFileInfo->bundlePathPhysAddr); |
1837 | if (!bundlePathAddr) { |
1838 | OSKextLog(this, |
1839 | kOSKextLogErrorLevel | |
1840 | kOSKextLogGeneralFlag, |
1841 | "Can't translate physical address 0x%x of kext bundle path " |
1842 | "for device tree entry %s." , |
1843 | (int)kextFileInfo->bundlePathPhysAddr, |
1844 | deviceTreeName->getCStringNoCopy()); |
1845 | goto finish; |
1846 | } |
1847 | bundlePathAddr[kextFileInfo->bundlePathLength-1] = '\0'; // just in case! |
1848 | |
1849 | kextPath = OSString::withCString(bundlePathAddr); |
1850 | if (!kextPath) { |
1851 | OSKextLog(this, |
1852 | kOSKextLogErrorLevel | |
1853 | kOSKextLogGeneralFlag, |
1854 | "Failed to create wrapper for device tree entry %s kext path %s." , |
1855 | deviceTreeName->getCStringNoCopy(), bundlePathAddr); |
1856 | goto finish; |
1857 | } |
1858 | } |
1859 | |
1860 | if (!setInfoDictionaryAndPath(theInfoDict, kextPath)) { |
1861 | goto finish; |
1862 | } |
1863 | |
1864 | /* An executable is not mandatory. |
1865 | */ |
1866 | if (kextFileInfo->executablePhysAddr && kextFileInfo->executableLength) { |
1867 | executableAddr = (void *)ml_static_ptovirt(kextFileInfo->executablePhysAddr); |
1868 | if (!executableAddr) { |
1869 | OSKextLog(this, |
1870 | kOSKextLogErrorLevel | |
1871 | kOSKextLogGeneralFlag, |
1872 | "Can't translate physical address 0x%x of kext executable " |
1873 | "for device tree entry %s." , |
1874 | (int)kextFileInfo->executablePhysAddr, |
1875 | deviceTreeName->getCStringNoCopy()); |
1876 | goto finish; |
1877 | } |
1878 | |
1879 | executable = OSData::withBytesNoCopy(executableAddr, |
1880 | kextFileInfo->executableLength); |
1881 | if (!executable) { |
1882 | OSKextLog(this, |
1883 | kOSKextLogErrorLevel | |
1884 | kOSKextLogGeneralFlag, |
1885 | "Failed to create executable wrapper for device tree entry %s." , |
1886 | deviceTreeName->getCStringNoCopy()); |
1887 | goto finish; |
1888 | } |
1889 | |
1890 | /* A kext with an executable needs to retain the whole booterData |
1891 | * object to keep the executable in memory. |
1892 | */ |
1893 | if (!setExecutable(executable, booterData)) { |
1894 | OSKextLog(this, |
1895 | kOSKextLogErrorLevel | |
1896 | kOSKextLogGeneralFlag, |
1897 | "Failed to set kext executable for device tree entry %s." , |
1898 | deviceTreeName->getCStringNoCopy()); |
1899 | goto finish; |
1900 | } |
1901 | } |
1902 | |
1903 | result = registerIdentifier(); |
1904 | |
1905 | finish: |
1906 | OSSafeReleaseNULL(parsedXML); |
1907 | OSSafeReleaseNULL(kextPath); |
1908 | OSSafeReleaseNULL(errorString); |
1909 | OSSafeReleaseNULL(executable); |
1910 | |
1911 | return result; |
1912 | } |
1913 | |
1914 | /********************************************************************* |
1915 | *********************************************************************/ |
1916 | bool |
1917 | OSKext::registerIdentifier(void) |
1918 | { |
1919 | bool result = false; |
1920 | OSKext * existingKext = NULL; // do not release |
1921 | bool existingIsLoaded = false; |
1922 | bool existingIsPrelinked = false; |
1923 | OSKextVersion newVersion = -1; |
1924 | OSKextVersion existingVersion = -1; |
1925 | char newVersionCString[kOSKextVersionMaxLength]; |
1926 | char existingVersionCString[kOSKextVersionMaxLength]; |
1927 | OSData * newUUID = NULL; // must release |
1928 | OSData * existingUUID = NULL; // must release |
1929 | |
1930 | IORecursiveLockLock(sKextLock); |
1931 | |
1932 | /* Get the new kext's version for checks & log messages. |
1933 | */ |
1934 | newVersion = getVersion(); |
1935 | OSKextVersionGetString(newVersion, newVersionCString, |
1936 | kOSKextVersionMaxLength); |
1937 | |
1938 | /* If we don't have an existing kext with this identifier, |
1939 | * just record the new kext and we're done! |
1940 | */ |
1941 | existingKext = OSDynamicCast(OSKext, sKextsByID->getObject(bundleID)); |
1942 | if (!existingKext) { |
1943 | sKextsByID->setObject(bundleID, this); |
1944 | result = true; |
1945 | goto finish; |
1946 | } |
1947 | |
1948 | /* Get the existing kext's version for checks & log messages. |
1949 | */ |
1950 | existingVersion = existingKext->getVersion(); |
1951 | OSKextVersionGetString(existingVersion, |
1952 | existingVersionCString, kOSKextVersionMaxLength); |
1953 | |
1954 | existingIsLoaded = existingKext->isLoaded(); |
1955 | existingIsPrelinked = existingKext->isPrelinked(); |
1956 | |
1957 | /* If we have a kext with this identifier that's already loaded/prelinked, |
1958 | * we can't use the new one, but let's be really thorough and check how |
1959 | * the two are related for a precise diagnostic log message. |
1960 | * |
1961 | * Note that user space can't find out about nonloaded prelinked kexts, |
1962 | * so in this case we log a message when new & existing are equivalent |
1963 | * at the step rather than warning level, because we are always going |
1964 | * be getting a copy of the kext in the user load request mkext. |
1965 | */ |
1966 | if (existingIsLoaded || existingIsPrelinked) { |
1967 | bool sameVersion = (newVersion == existingVersion); |
1968 | bool sameExecutable = true; // assume true unless we have UUIDs |
1969 | |
1970 | /* Only get the UUID if the existing kext is loaded. Doing so |
1971 | * might have to uncompress an mkext executable and we shouldn't |
1972 | * take that hit when neither kext is loaded. |
1973 | */ |
1974 | newUUID = copyUUID(); |
1975 | existingUUID = existingKext->copyUUID(); |
1976 | |
1977 | /* I'm entirely too paranoid about checking equivalence of executables, |
1978 | * but I remember nasty problems with it in the past. |
1979 | * |
1980 | * - If we have UUIDs for both kexts, compare them. |
1981 | * - If only one kext has a UUID, they're definitely different. |
1982 | */ |
1983 | if (newUUID && existingUUID) { |
1984 | sameExecutable = newUUID->isEqualTo(existingUUID); |
1985 | } else if (newUUID || existingUUID) { |
1986 | sameExecutable = false; |
1987 | } |
1988 | |
1989 | if (!newUUID && !existingUUID) { |
1990 | |
1991 | /* If there are no UUIDs, we can't really tell that the executables |
1992 | * are *different* without a lot of work; the loaded kext's |
1993 | * unrelocated executable is no longer around (and we never had it |
1994 | * in-kernel for a prelinked kext). We certainly don't want to do |
1995 | * a whole fake link for the new kext just to compare, either. |
1996 | */ |
1997 | |
1998 | OSKextVersionGetString(version, newVersionCString, |
1999 | sizeof(newVersionCString)); |
2000 | OSKextLog(this, |
2001 | kOSKextLogWarningLevel | |
2002 | kOSKextLogKextBookkeepingFlag, |
2003 | "Notice - new kext %s, v%s matches %s kext " |
2004 | "but can't determine if executables are the same (no UUIDs)." , |
2005 | getIdentifierCString(), |
2006 | newVersionCString, |
2007 | (existingIsLoaded ? "loaded" : "prelinked" )); |
2008 | } |
2009 | |
2010 | if (sameVersion && sameExecutable) { |
2011 | OSKextLog(this, |
2012 | (existingIsLoaded ? kOSKextLogWarningLevel : kOSKextLogStepLevel) | |
2013 | kOSKextLogKextBookkeepingFlag, |
2014 | "Refusing new kext %s, v%s: a %s copy is already present " |
2015 | "(same version and executable)." , |
2016 | getIdentifierCString(), newVersionCString, |
2017 | (existingIsLoaded ? "loaded" : "prelinked" )); |
2018 | } else { |
2019 | if (!sameVersion) { |
2020 | /* This condition is significant so log it under warnings. |
2021 | */ |
2022 | OSKextLog(this, |
2023 | kOSKextLogWarningLevel | |
2024 | kOSKextLogKextBookkeepingFlag, |
2025 | "Refusing new kext %s, v%s: already have %s v%s." , |
2026 | getIdentifierCString(), |
2027 | newVersionCString, |
2028 | (existingIsLoaded ? "loaded" : "prelinked" ), |
2029 | existingVersionCString); |
2030 | } else { |
2031 | /* This condition is significant so log it under warnings. |
2032 | */ |
2033 | OSKextLog(this, |
2034 | kOSKextLogWarningLevel | kOSKextLogKextBookkeepingFlag, |
2035 | "Refusing new kext %s, v%s: a %s copy with a different " |
2036 | "executable UUID is already present." , |
2037 | getIdentifierCString(), newVersionCString, |
2038 | (existingIsLoaded ? "loaded" : "prelinked" )); |
2039 | } |
2040 | } |
2041 | goto finish; |
2042 | } /* if (existingIsLoaded || existingIsPrelinked) */ |
2043 | |
2044 | /* We have two nonloaded/nonprelinked kexts, so our decision depends on whether |
2045 | * user loads are happening or if we're still in early boot. User agents are |
2046 | * supposed to resolve dependencies topside and include only the exact |
2047 | * kexts needed; so we always accept the new kext (in fact we should never |
2048 | * see an older unloaded copy hanging around). |
2049 | */ |
2050 | if (sUserLoadsActive) { |
2051 | sKextsByID->setObject(bundleID, this); |
2052 | result = true; |
2053 | |
2054 | OSKextLog(this, |
2055 | kOSKextLogStepLevel | |
2056 | kOSKextLogKextBookkeepingFlag, |
2057 | "Dropping old copy of kext %s (v%s) for newly-added (v%s)." , |
2058 | getIdentifierCString(), |
2059 | existingVersionCString, |
2060 | newVersionCString); |
2061 | |
2062 | goto finish; |
2063 | } |
2064 | |
2065 | /* During early boot, the kext with the highest version always wins out. |
2066 | * Prelinked kernels will never hit this, but mkexts and booter-read |
2067 | * kexts might have duplicates. |
2068 | */ |
2069 | if (newVersion > existingVersion) { |
2070 | sKextsByID->setObject(bundleID, this); |
2071 | result = true; |
2072 | |
2073 | OSKextLog(this, |
2074 | kOSKextLogStepLevel | |
2075 | kOSKextLogKextBookkeepingFlag, |
2076 | "Dropping lower version (v%s) of registered kext %s for higher (v%s)." , |
2077 | existingVersionCString, |
2078 | getIdentifierCString(), |
2079 | newVersionCString); |
2080 | |
2081 | } else { |
2082 | OSKextLog(this, |
2083 | kOSKextLogStepLevel | |
2084 | kOSKextLogKextBookkeepingFlag, |
2085 | "Kext %s is already registered with a higher/same version (v%s); " |
2086 | "dropping newly-added (v%s)." , |
2087 | getIdentifierCString(), |
2088 | existingVersionCString, |
2089 | newVersionCString); |
2090 | } |
2091 | |
2092 | /* result has been set appropriately by now. */ |
2093 | |
2094 | finish: |
2095 | |
2096 | IORecursiveLockUnlock(sKextLock); |
2097 | |
2098 | if (result) { |
2099 | OSKextLog(this, |
2100 | kOSKextLogStepLevel | |
2101 | kOSKextLogKextBookkeepingFlag, |
2102 | "Kext %s, v%s registered and available for loading." , |
2103 | getIdentifierCString(), newVersionCString); |
2104 | } |
2105 | |
2106 | OSSafeReleaseNULL(newUUID); |
2107 | OSSafeReleaseNULL(existingUUID); |
2108 | |
2109 | return result; |
2110 | } |
2111 | |
2112 | /********************************************************************* |
2113 | * Does the bare minimum validation to look up a kext. |
2114 | * All other validation is done on the spot as needed. |
2115 | **********************************************************************/ |
2116 | bool |
2117 | OSKext::setInfoDictionaryAndPath( |
2118 | OSDictionary * aDictionary, |
2119 | OSString * aPath) |
2120 | { |
2121 | bool result = false; |
2122 | OSString * bundleIDString = NULL; // do not release |
2123 | OSString * versionString = NULL; // do not release |
2124 | OSString * compatibleVersionString = NULL; // do not release |
2125 | const char * versionCString = NULL; // do not free |
2126 | const char * compatibleVersionCString = NULL; // do not free |
2127 | OSBoolean * scratchBool = NULL; // do not release |
2128 | OSDictionary * scratchDict = NULL; // do not release |
2129 | |
2130 | if (infoDict) { |
2131 | panic("Attempt to set info dictionary on a kext " |
2132 | "that already has one (%s)." , |
2133 | getIdentifierCString()); |
2134 | } |
2135 | |
2136 | if (!aDictionary || !OSDynamicCast(OSDictionary, aDictionary)) { |
2137 | goto finish; |
2138 | } |
2139 | |
2140 | infoDict = aDictionary; |
2141 | infoDict->retain(); |
2142 | |
2143 | /* Check right away if the info dictionary has any log flags. |
2144 | */ |
2145 | scratchBool = OSDynamicCast(OSBoolean, |
2146 | getPropertyForHostArch(kOSBundleEnableKextLoggingKey)); |
2147 | if (scratchBool == kOSBooleanTrue) { |
2148 | flags.loggingEnabled = 1; |
2149 | } |
2150 | |
2151 | /* The very next thing to get is the bundle identifier. Unlike |
2152 | * in user space, a kext with no bundle identifier gets axed |
2153 | * immediately. |
2154 | */ |
2155 | bundleIDString = OSDynamicCast(OSString, |
2156 | getPropertyForHostArch(kCFBundleIdentifierKey)); |
2157 | if (!bundleIDString) { |
2158 | OSKextLog(this, |
2159 | kOSKextLogErrorLevel | |
2160 | kOSKextLogValidationFlag, |
2161 | "CFBundleIdentifier missing/invalid type in kext %s." , |
2162 | aPath ? aPath->getCStringNoCopy() : "(unknown)" ); |
2163 | goto finish; |
2164 | } |
2165 | bundleID = OSSymbol::withString(bundleIDString); |
2166 | if (!bundleID) { |
2167 | OSKextLog(this, |
2168 | kOSKextLogErrorLevel | |
2169 | kOSKextLogValidationFlag, |
2170 | "Can't copy bundle identifier as symbol for kext %s." , |
2171 | bundleIDString->getCStringNoCopy()); |
2172 | goto finish; |
2173 | } |
2174 | |
2175 | /* Save the path if we got one (it should always be available but it's |
2176 | * just something nice to have for bookkeeping). |
2177 | */ |
2178 | if (aPath) { |
2179 | path = aPath; |
2180 | path->retain(); |
2181 | } |
2182 | |
2183 | /***** |
2184 | * Minimal validation to initialize. We'll do other validation on the spot. |
2185 | */ |
2186 | if (bundleID->getLength() >= KMOD_MAX_NAME) { |
2187 | OSKextLog(this, |
2188 | kOSKextLogErrorLevel | |
2189 | kOSKextLogValidationFlag, |
2190 | "Kext %s error - CFBundleIdentifier over max length %d." , |
2191 | getIdentifierCString(), KMOD_MAX_NAME - 1); |
2192 | goto finish; |
2193 | } |
2194 | |
2195 | version = compatibleVersion = -1; |
2196 | |
2197 | versionString = OSDynamicCast(OSString, |
2198 | getPropertyForHostArch(kCFBundleVersionKey)); |
2199 | if (!versionString) { |
2200 | OSKextLog(this, |
2201 | kOSKextLogErrorLevel | |
2202 | kOSKextLogValidationFlag, |
2203 | "Kext %s error - CFBundleVersion missing/invalid type." , |
2204 | getIdentifierCString()); |
2205 | goto finish; |
2206 | } |
2207 | versionCString = versionString->getCStringNoCopy(); |
2208 | version = OSKextParseVersionString(versionCString); |
2209 | if (version < 0) { |
2210 | OSKextLog(this, |
2211 | kOSKextLogErrorLevel | |
2212 | kOSKextLogValidationFlag, |
2213 | "Kext %s error - CFBundleVersion bad value '%s'." , |
2214 | getIdentifierCString(), versionCString); |
2215 | goto finish; |
2216 | } |
2217 | |
2218 | compatibleVersion = -1; // set to illegal value for kexts that don't have |
2219 | |
2220 | compatibleVersionString = OSDynamicCast(OSString, |
2221 | getPropertyForHostArch(kOSBundleCompatibleVersionKey)); |
2222 | if (compatibleVersionString) { |
2223 | compatibleVersionCString = compatibleVersionString->getCStringNoCopy(); |
2224 | compatibleVersion = OSKextParseVersionString(compatibleVersionCString); |
2225 | if (compatibleVersion < 0) { |
2226 | OSKextLog(this, |
2227 | kOSKextLogErrorLevel | |
2228 | kOSKextLogValidationFlag, |
2229 | "Kext %s error - OSBundleCompatibleVersion bad value '%s'." , |
2230 | getIdentifierCString(), compatibleVersionCString); |
2231 | goto finish; |
2232 | } |
2233 | |
2234 | if (compatibleVersion > version) { |
2235 | OSKextLog(this, |
2236 | kOSKextLogErrorLevel | |
2237 | kOSKextLogValidationFlag, |
2238 | "Kext %s error - %s %s > %s %s (must be <=)." , |
2239 | getIdentifierCString(), |
2240 | kOSBundleCompatibleVersionKey, compatibleVersionCString, |
2241 | kCFBundleVersionKey, versionCString); |
2242 | goto finish; |
2243 | } |
2244 | } |
2245 | |
2246 | /* Check to see if this kext is in exclude list */ |
2247 | if ( isInExcludeList() ) { |
2248 | OSKextLog(this, |
2249 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
2250 | "Kext %s is in exclude list, not loadable" , |
2251 | getIdentifierCString()); |
2252 | goto finish; |
2253 | } |
2254 | |
2255 | /* Set flags for later use if the infoDict gets flushed. We only |
2256 | * check for true values, not false ones(!) |
2257 | */ |
2258 | scratchBool = OSDynamicCast(OSBoolean, |
2259 | getPropertyForHostArch(kOSBundleIsInterfaceKey)); |
2260 | if (scratchBool == kOSBooleanTrue) { |
2261 | flags.interface = 1; |
2262 | } |
2263 | |
2264 | scratchBool = OSDynamicCast(OSBoolean, |
2265 | getPropertyForHostArch(kOSKernelResourceKey)); |
2266 | if (scratchBool == kOSBooleanTrue) { |
2267 | flags.kernelComponent = 1; |
2268 | flags.interface = 1; // xxx - hm. the kernel itself isn't an interface... |
2269 | flags.started = 1; |
2270 | |
2271 | /* A kernel component has one implicit dependency on the kernel. |
2272 | */ |
2273 | flags.hasAllDependencies = 1; |
2274 | } |
2275 | |
2276 | /* Make sure common string values in personalities are uniqued to OSSymbols. |
2277 | */ |
2278 | scratchDict = OSDynamicCast(OSDictionary, |
2279 | getPropertyForHostArch(kIOKitPersonalitiesKey)); |
2280 | if (scratchDict) { |
2281 | uniquePersonalityProperties(scratchDict); |
2282 | } |
2283 | |
2284 | result = true; |
2285 | |
2286 | finish: |
2287 | |
2288 | return result; |
2289 | } |
2290 | |
2291 | /********************************************************************* |
2292 | * Not used for prelinked kernel boot as there is no unrelocated |
2293 | * executable. |
2294 | *********************************************************************/ |
2295 | bool |
2296 | OSKext::setExecutable( |
2297 | OSData * anExecutable, |
2298 | OSData * externalData, |
2299 | bool externalDataIsMkext) |
2300 | { |
2301 | bool result = false; |
2302 | const char * executableKey = NULL; // do not free |
2303 | |
2304 | if (!anExecutable) { |
2305 | infoDict->removeObject(_kOSKextExecutableKey); |
2306 | infoDict->removeObject(_kOSKextMkextExecutableReferenceKey); |
2307 | infoDict->removeObject(_kOSKextExecutableExternalDataKey); |
2308 | result = true; |
2309 | goto finish; |
2310 | } |
2311 | |
2312 | if (infoDict->getObject(_kOSKextExecutableKey) || |
2313 | infoDict->getObject(_kOSKextMkextExecutableReferenceKey)) { |
2314 | |
2315 | panic("Attempt to set an executable on a kext " |
2316 | "that already has one (%s)." , |
2317 | getIdentifierCString()); |
2318 | goto finish; |
2319 | } |
2320 | |
2321 | if (externalDataIsMkext) { |
2322 | executableKey = _kOSKextMkextExecutableReferenceKey; |
2323 | } else { |
2324 | executableKey = _kOSKextExecutableKey; |
2325 | } |
2326 | |
2327 | if (anExecutable) { |
2328 | infoDict->setObject(executableKey, anExecutable); |
2329 | if (externalData) { |
2330 | infoDict->setObject(_kOSKextExecutableExternalDataKey, externalData); |
2331 | } |
2332 | } |
2333 | |
2334 | result = true; |
2335 | |
2336 | finish: |
2337 | return result; |
2338 | } |
2339 | |
2340 | /********************************************************************* |
2341 | *********************************************************************/ |
2342 | static void |
2343 | uniqueStringPlistProperty(OSDictionary * dict, const char * key) |
2344 | { |
2345 | OSString * stringValue = NULL; // do not release |
2346 | const OSSymbol * symbolValue = NULL; // must release |
2347 | |
2348 | stringValue = OSDynamicCast(OSString, dict->getObject(key)); |
2349 | if (!stringValue) { |
2350 | goto finish; |
2351 | } |
2352 | |
2353 | symbolValue = OSSymbol::withString(stringValue); |
2354 | if (!symbolValue) { |
2355 | goto finish; |
2356 | } |
2357 | |
2358 | dict->setObject(key, symbolValue); |
2359 | |
2360 | finish: |
2361 | if (symbolValue) symbolValue->release(); |
2362 | |
2363 | return; |
2364 | } |
2365 | |
2366 | /********************************************************************* |
2367 | *********************************************************************/ |
2368 | static void |
2369 | uniqueStringPlistProperty(OSDictionary * dict, const OSString * key) |
2370 | { |
2371 | OSString * stringValue = NULL; // do not release |
2372 | const OSSymbol * symbolValue = NULL; // must release |
2373 | |
2374 | stringValue = OSDynamicCast(OSString, dict->getObject(key)); |
2375 | if (!stringValue) { |
2376 | goto finish; |
2377 | } |
2378 | |
2379 | symbolValue = OSSymbol::withString(stringValue); |
2380 | if (!symbolValue) { |
2381 | goto finish; |
2382 | } |
2383 | |
2384 | dict->setObject(key, symbolValue); |
2385 | |
2386 | finish: |
2387 | if (symbolValue) symbolValue->release(); |
2388 | |
2389 | return; |
2390 | } |
2391 | |
2392 | /********************************************************************* |
2393 | * Replace common personality property values with uniqued instances |
2394 | * to save on wired memory. |
2395 | *********************************************************************/ |
2396 | /* static */ |
2397 | void |
2398 | OSKext::uniquePersonalityProperties(OSDictionary * personalityDict) |
2399 | { |
2400 | /* Properties every personality has. |
2401 | */ |
2402 | uniqueStringPlistProperty(personalityDict, kCFBundleIdentifierKey); |
2403 | uniqueStringPlistProperty(personalityDict, kIOProviderClassKey); |
2404 | uniqueStringPlistProperty(personalityDict, gIOClassKey); |
2405 | |
2406 | /* Other commonly used properties. |
2407 | */ |
2408 | uniqueStringPlistProperty(personalityDict, gIOMatchCategoryKey); |
2409 | uniqueStringPlistProperty(personalityDict, gIOResourceMatchKey); |
2410 | uniqueStringPlistProperty(personalityDict, gIOUserClientClassKey); |
2411 | |
2412 | uniqueStringPlistProperty(personalityDict, "HIDDefaultBehavior" ); |
2413 | uniqueStringPlistProperty(personalityDict, "HIDPointerAccelerationType" ); |
2414 | uniqueStringPlistProperty(personalityDict, "HIDRemoteControlType" ); |
2415 | uniqueStringPlistProperty(personalityDict, "HIDScrollAccelerationType" ); |
2416 | uniqueStringPlistProperty(personalityDict, "IOPersonalityPublisher" ); |
2417 | uniqueStringPlistProperty(personalityDict, "Physical Interconnect" ); |
2418 | uniqueStringPlistProperty(personalityDict, "Physical Interconnect Location" ); |
2419 | uniqueStringPlistProperty(personalityDict, "Vendor" ); |
2420 | uniqueStringPlistProperty(personalityDict, "Vendor Identification" ); |
2421 | uniqueStringPlistProperty(personalityDict, "Vendor Name" ); |
2422 | uniqueStringPlistProperty(personalityDict, "bConfigurationValue" ); |
2423 | uniqueStringPlistProperty(personalityDict, "bInterfaceNumber" ); |
2424 | uniqueStringPlistProperty(personalityDict, "idProduct" ); |
2425 | |
2426 | return; |
2427 | } |
2428 | |
2429 | /********************************************************************* |
2430 | *********************************************************************/ |
2431 | void |
2432 | OSKext::free(void) |
2433 | { |
2434 | if (isLoaded()) { |
2435 | panic("Attempt to free loaded kext %s." , getIdentifierCString()); |
2436 | } |
2437 | |
2438 | OSSafeReleaseNULL(infoDict); |
2439 | OSSafeReleaseNULL(bundleID); |
2440 | OSSafeReleaseNULL(path); |
2441 | OSSafeReleaseNULL(executableRelPath); |
2442 | OSSafeReleaseNULL(dependencies); |
2443 | OSSafeReleaseNULL(linkedExecutable); |
2444 | OSSafeReleaseNULL(metaClasses); |
2445 | OSSafeReleaseNULL(interfaceUUID); |
2446 | |
2447 | if (isInterface() && kmod_info) { |
2448 | kfree(kmod_info, sizeof(kmod_info_t)); |
2449 | } |
2450 | |
2451 | super::free(); |
2452 | return; |
2453 | } |
2454 | |
2455 | #if PRAGMA_MARK |
2456 | #pragma mark Mkext files |
2457 | #endif |
2458 | /********************************************************************* |
2459 | *********************************************************************/ |
2460 | OSReturn |
2461 | OSKext::readMkextArchive(OSData * mkextData, |
2462 | uint32_t * checksumPtr) |
2463 | { |
2464 | OSReturn result = kOSKextReturnBadData; |
2465 | uint32_t mkextLength = 0; |
2466 | mkext_header * = 0; // do not free |
2467 | uint32_t mkextVersion = 0; |
2468 | |
2469 | /* Note default return of kOSKextReturnBadData above. |
2470 | */ |
2471 | mkextLength = mkextData->getLength(); |
2472 | if (mkextLength < sizeof(mkext_basic_header)) { |
2473 | OSKextLog(/* kext */ NULL, |
2474 | kOSKextLogErrorLevel | |
2475 | kOSKextLogArchiveFlag, |
2476 | "Mkext archive too small to be valid." ); |
2477 | goto finish; |
2478 | } |
2479 | |
2480 | mkextHeader = (mkext_header *)mkextData->getBytesNoCopy(); |
2481 | |
2482 | if (MKEXT_GET_MAGIC(mkextHeader) != MKEXT_MAGIC || |
2483 | MKEXT_GET_SIGNATURE(mkextHeader) != MKEXT_SIGN) { |
2484 | OSKextLog(/* kext */ NULL, |
2485 | kOSKextLogErrorLevel | |
2486 | kOSKextLogArchiveFlag, |
2487 | "Mkext archive has invalid magic or signature." ); |
2488 | goto finish; |
2489 | } |
2490 | |
2491 | if (MKEXT_GET_LENGTH(mkextHeader) != mkextLength) { |
2492 | OSKextLog(/* kext */ NULL, |
2493 | kOSKextLogErrorLevel | |
2494 | kOSKextLogArchiveFlag, |
2495 | "Mkext archive recorded length doesn't match actual file length." ); |
2496 | goto finish; |
2497 | } |
2498 | |
2499 | mkextVersion = MKEXT_GET_VERSION(mkextHeader); |
2500 | |
2501 | if (mkextVersion == MKEXT_VERS_2) { |
2502 | result = OSKext::readMkext2Archive(mkextData, NULL, checksumPtr); |
2503 | } else { |
2504 | OSKextLog(/* kext */ NULL, |
2505 | kOSKextLogErrorLevel | |
2506 | kOSKextLogArchiveFlag, |
2507 | "Mkext archive of unsupported mkext version 0x%x." , mkextVersion); |
2508 | result = kOSKextReturnUnsupported; |
2509 | } |
2510 | |
2511 | finish: |
2512 | return result; |
2513 | } |
2514 | |
2515 | /********************************************************************* |
2516 | * Assumes magic, signature, version, length have been checked. |
2517 | * xxx - need to add further bounds checking for each file entry |
2518 | * |
2519 | * Should keep track of all kexts created so far, and if we hit a |
2520 | * fatal error halfway through, remove those kexts. If we've dropped |
2521 | * an older version that had already been read, whoops! Might want to |
2522 | * add a level of buffering? |
2523 | *********************************************************************/ |
2524 | /* static */ |
2525 | OSReturn |
2526 | OSKext::readMkext2Archive( |
2527 | OSData * mkextData, |
2528 | OSDictionary ** mkextPlistOut, |
2529 | uint32_t * checksumPtr) |
2530 | { |
2531 | OSReturn result = kOSReturnError; |
2532 | uint32_t mkextLength; |
2533 | mkext2_header * = NULL; // do not free |
2534 | void * mkextEnd = NULL; // do not free |
2535 | uint32_t mkextVersion; |
2536 | uint8_t * crc_address = NULL; |
2537 | uint32_t checksum; |
2538 | uint32_t mkextPlistOffset; |
2539 | uint32_t mkextPlistCompressedSize; |
2540 | char * mkextPlistEnd = NULL; // do not free |
2541 | uint32_t mkextPlistFullSize; |
2542 | OSString * errorString = NULL; // must release |
2543 | OSData * mkextPlistUncompressedData = NULL; // must release |
2544 | const char * mkextPlistDataBuffer = NULL; // do not free |
2545 | OSObject * parsedXML = NULL; // must release |
2546 | OSDictionary * mkextPlist = NULL; // do not release |
2547 | OSArray * mkextInfoDictArray = NULL; // do not release |
2548 | uint32_t count, i; |
2549 | |
2550 | mkextLength = mkextData->getLength(); |
2551 | mkextHeader = (mkext2_header *)mkextData->getBytesNoCopy(); |
2552 | mkextEnd = (char *)mkextHeader + mkextLength; |
2553 | mkextVersion = MKEXT_GET_VERSION(mkextHeader); |
2554 | |
2555 | crc_address = (u_int8_t *)&mkextHeader->version; |
2556 | checksum = mkext_adler32(crc_address, |
2557 | (uintptr_t)mkextHeader + |
2558 | MKEXT_GET_LENGTH(mkextHeader) - (uintptr_t)crc_address); |
2559 | |
2560 | if (MKEXT_GET_CHECKSUM(mkextHeader) != checksum) { |
2561 | OSKextLog(/* kext */ NULL, |
2562 | kOSKextLogErrorLevel | |
2563 | kOSKextLogArchiveFlag, |
2564 | "Mkext archive has bad checksum." ); |
2565 | result = kOSKextReturnBadData; |
2566 | goto finish; |
2567 | } |
2568 | |
2569 | if (checksumPtr) { |
2570 | *checksumPtr = checksum; |
2571 | } |
2572 | |
2573 | /* Check that the CPU type & subtype match that of the running kernel. */ |
2574 | if (MKEXT_GET_CPUTYPE(mkextHeader) == (UInt32)CPU_TYPE_ANY) { |
2575 | OSKextLog(/* kext */ NULL, |
2576 | kOSKextLogErrorLevel | |
2577 | kOSKextLogArchiveFlag, |
2578 | "Mkext archive must have a specific CPU type." ); |
2579 | result = kOSKextReturnBadData; |
2580 | goto finish; |
2581 | } else { |
2582 | if ((UInt32)_mh_execute_header.cputype != |
2583 | MKEXT_GET_CPUTYPE(mkextHeader)) { |
2584 | |
2585 | OSKextLog(/* kext */ NULL, |
2586 | kOSKextLogErrorLevel | |
2587 | kOSKextLogArchiveFlag, |
2588 | "Mkext archive does not match the running kernel's CPU type." ); |
2589 | result = kOSKextReturnArchNotFound; |
2590 | goto finish; |
2591 | } |
2592 | } |
2593 | |
2594 | mkextPlistOffset = MKEXT2_GET_PLIST(mkextHeader); |
2595 | mkextPlistCompressedSize = MKEXT2_GET_PLIST_COMPSIZE(mkextHeader); |
2596 | mkextPlistEnd = (char *)mkextHeader + mkextPlistOffset + |
2597 | mkextPlistCompressedSize; |
2598 | if (mkextPlistEnd > mkextEnd) { |
2599 | OSKextLog(/* kext */ NULL, |
2600 | kOSKextLogErrorLevel | |
2601 | kOSKextLogArchiveFlag, |
2602 | "Mkext archive file overrun." ); |
2603 | result = kOSKextReturnBadData; |
2604 | } |
2605 | |
2606 | mkextPlistFullSize = MKEXT2_GET_PLIST_FULLSIZE(mkextHeader); |
2607 | if (mkextPlistCompressedSize) { |
2608 | mkextPlistUncompressedData = sKernelKext->extractMkext2FileData( |
2609 | (UInt8 *)mkextHeader + mkextPlistOffset, |
2610 | "plist" , |
2611 | mkextPlistCompressedSize, mkextPlistFullSize); |
2612 | if (!mkextPlistUncompressedData) { |
2613 | goto finish; |
2614 | } |
2615 | mkextPlistDataBuffer = (const char *) |
2616 | mkextPlistUncompressedData->getBytesNoCopy(); |
2617 | } else { |
2618 | mkextPlistDataBuffer = (const char *)mkextHeader + mkextPlistOffset; |
2619 | } |
2620 | |
2621 | /* IOCFSerialize added a nul byte to the end of the string. Very nice of it. |
2622 | */ |
2623 | parsedXML = OSUnserializeXML(mkextPlistDataBuffer, &errorString); |
2624 | if (parsedXML) { |
2625 | mkextPlist = OSDynamicCast(OSDictionary, parsedXML); |
2626 | } |
2627 | if (!mkextPlist) { |
2628 | const char * errorCString = "(unknown error)" ; |
2629 | |
2630 | if (errorString && errorString->getCStringNoCopy()) { |
2631 | errorCString = errorString->getCStringNoCopy(); |
2632 | } else if (parsedXML) { |
2633 | errorCString = "not a dictionary" ; |
2634 | } |
2635 | OSKextLog(/* kext */ NULL, |
2636 | kOSKextLogErrorLevel | |
2637 | kOSKextLogArchiveFlag, |
2638 | "Error unserializing mkext plist: %s." , errorCString); |
2639 | goto finish; |
2640 | } |
2641 | |
2642 | /* If the caller needs the plist, hand it back and retain it. |
2643 | * (This function releases it at the end.) |
2644 | */ |
2645 | if (mkextPlistOut) { |
2646 | *mkextPlistOut = mkextPlist; |
2647 | (*mkextPlistOut)->retain(); |
2648 | } |
2649 | |
2650 | mkextInfoDictArray = OSDynamicCast(OSArray, |
2651 | mkextPlist->getObject(kMKEXTInfoDictionariesKey)); |
2652 | if (!mkextInfoDictArray) { |
2653 | OSKextLog(/* kext */ NULL, |
2654 | kOSKextLogErrorLevel | |
2655 | kOSKextLogArchiveFlag, |
2656 | "Mkext archive contains no kext info dictionaries." ); |
2657 | goto finish; |
2658 | } |
2659 | |
2660 | count = mkextInfoDictArray->getCount(); |
2661 | for (i = 0; i < count; i++) { |
2662 | OSDictionary * infoDict; |
2663 | |
2664 | |
2665 | infoDict = OSDynamicCast(OSDictionary, |
2666 | mkextInfoDictArray->getObject(i)); |
2667 | |
2668 | /* Create the kext for the entry, then release it, because the |
2669 | * kext system keeps them around until explicitly removed. |
2670 | * Any creation/registration failures are already logged for us. |
2671 | */ |
2672 | if (infoDict) { |
2673 | OSKext * newKext = OSKext::withMkext2Info(infoDict, mkextData); |
2674 | OSSafeReleaseNULL(newKext); |
2675 | } |
2676 | } |
2677 | |
2678 | /* Even if we didn't keep any kexts from the mkext, we may have a load |
2679 | * request to process, so we are successful (no errors occurred). |
2680 | */ |
2681 | result = kOSReturnSuccess; |
2682 | |
2683 | finish: |
2684 | |
2685 | OSSafeReleaseNULL(parsedXML); |
2686 | OSSafeReleaseNULL(mkextPlistUncompressedData); |
2687 | OSSafeReleaseNULL(errorString); |
2688 | |
2689 | return result; |
2690 | } |
2691 | |
2692 | /********************************************************************* |
2693 | *********************************************************************/ |
2694 | /* static */ |
2695 | OSKext * |
2696 | OSKext::withMkext2Info( |
2697 | OSDictionary * anInfoDict, |
2698 | OSData * mkextData) |
2699 | { |
2700 | OSKext * newKext = new OSKext; |
2701 | |
2702 | if (newKext && !newKext->initWithMkext2Info(anInfoDict, mkextData)) { |
2703 | newKext->release(); |
2704 | return NULL; |
2705 | } |
2706 | |
2707 | return newKext; |
2708 | } |
2709 | |
2710 | /********************************************************************* |
2711 | *********************************************************************/ |
2712 | bool |
2713 | OSKext::initWithMkext2Info( |
2714 | OSDictionary * anInfoDict, |
2715 | OSData * mkextData) |
2716 | { |
2717 | bool result = false; |
2718 | OSString * kextPath = NULL; // do not release |
2719 | OSNumber * executableOffsetNum = NULL; // do not release |
2720 | OSCollectionIterator * iterator = NULL; // must release |
2721 | OSData * executable = NULL; // must release |
2722 | |
2723 | if (anInfoDict == NULL || !super::init()) { |
2724 | goto finish; |
2725 | } |
2726 | |
2727 | /* Get the path. Don't look for an arch-specific path property. |
2728 | */ |
2729 | kextPath = OSDynamicCast(OSString, |
2730 | anInfoDict->getObject(kMKEXTBundlePathKey)); |
2731 | |
2732 | if (!setInfoDictionaryAndPath(anInfoDict, kextPath)) { |
2733 | goto finish; |
2734 | } |
2735 | |
2736 | /* If we have a path to the executable, save it. |
2737 | */ |
2738 | executableRelPath = OSDynamicCast(OSString, |
2739 | anInfoDict->getObject(kMKEXTExecutableRelativePathKey)); |
2740 | if (executableRelPath) { |
2741 | executableRelPath->retain(); |
2742 | } |
2743 | |
2744 | /* Don't need the paths to be in the info dictionary any more. |
2745 | */ |
2746 | anInfoDict->removeObject(kMKEXTBundlePathKey); |
2747 | anInfoDict->removeObject(kMKEXTExecutableRelativePathKey); |
2748 | |
2749 | executableOffsetNum = OSDynamicCast(OSNumber, |
2750 | infoDict->getObject(kMKEXTExecutableKey)); |
2751 | if (executableOffsetNum) { |
2752 | executable = createMkext2FileEntry(mkextData, |
2753 | executableOffsetNum, "executable" ); |
2754 | infoDict->removeObject(kMKEXTExecutableKey); |
2755 | if (!executable) { |
2756 | goto finish; |
2757 | } |
2758 | if (!setExecutable(executable, mkextData, true)) { |
2759 | goto finish; |
2760 | } |
2761 | } |
2762 | |
2763 | result = registerIdentifier(); |
2764 | |
2765 | finish: |
2766 | |
2767 | OSSafeReleaseNULL(executable); |
2768 | OSSafeReleaseNULL(iterator); |
2769 | return result; |
2770 | } |
2771 | |
2772 | /********************************************************************* |
2773 | *********************************************************************/ |
2774 | OSData * |
2775 | OSKext::createMkext2FileEntry( |
2776 | OSData * mkextData, |
2777 | OSNumber * offsetNum, |
2778 | const char * name) |
2779 | { |
2780 | OSData * result = NULL; |
2781 | MkextEntryRef entryRef; |
2782 | uint8_t * mkextBuffer = (uint8_t *)mkextData->getBytesNoCopy(); |
2783 | uint32_t entryOffset = offsetNum->unsigned32BitValue(); |
2784 | |
2785 | result = OSData::withCapacity(sizeof(entryRef)); |
2786 | if (!result) { |
2787 | goto finish; |
2788 | } |
2789 | |
2790 | entryRef.mkext = (mkext_basic_header *)mkextBuffer; |
2791 | entryRef.fileinfo = mkextBuffer + entryOffset; |
2792 | if (!result->appendBytes(&entryRef, sizeof(entryRef))) { |
2793 | OSSafeReleaseNULL(result); |
2794 | goto finish; |
2795 | } |
2796 | |
2797 | finish: |
2798 | if (!result) { |
2799 | OSKextLog(this, |
2800 | kOSKextLogErrorLevel | |
2801 | kOSKextLogArchiveFlag, |
2802 | "Can't create wrapper for mkext file entry '%s' of kext %s." , |
2803 | name, getIdentifierCString()); |
2804 | } |
2805 | return result; |
2806 | } |
2807 | |
2808 | /********************************************************************* |
2809 | *********************************************************************/ |
2810 | extern "C" { |
2811 | static void * z_alloc(void *, u_int items, u_int size); |
2812 | static void z_free(void *, void *ptr); |
2813 | |
2814 | typedef struct z_mem { |
2815 | uint32_t alloc_size; |
2816 | uint8_t data[0]; |
2817 | } z_mem; |
2818 | |
2819 | /* |
2820 | * Space allocation and freeing routines for use by zlib routines. |
2821 | */ |
2822 | void * |
2823 | z_alloc(void * notused __unused, u_int num_items, u_int size) |
2824 | { |
2825 | void * result = NULL; |
2826 | z_mem * zmem = NULL; |
2827 | |
2828 | uint64_t total = ((uint64_t)num_items) * ((uint64_t)size); |
2829 | //Check for overflow due to multiplication |
2830 | if (total > UINT32_MAX){ |
2831 | panic("z_alloc(%p, %x, %x): overflow caused by %x * %x\n" , |
2832 | notused, num_items, size, num_items, size); |
2833 | } |
2834 | |
2835 | uint64_t allocSize64 = total + ((uint64_t)sizeof(zmem)); |
2836 | //Check for overflow due to addition |
2837 | if (allocSize64 > UINT32_MAX){ |
2838 | panic("z_alloc(%p, %x, %x): overflow caused by %x + %lx\n" , |
2839 | notused, num_items, size, (uint32_t)total, sizeof(zmem)); |
2840 | } |
2841 | uint32_t allocSize = (uint32_t)allocSize64; |
2842 | |
2843 | zmem = (z_mem *)kalloc_tag(allocSize, VM_KERN_MEMORY_OSKEXT); |
2844 | if (!zmem) { |
2845 | goto finish; |
2846 | } |
2847 | zmem->alloc_size = allocSize; |
2848 | result = (void *)&(zmem->data); |
2849 | finish: |
2850 | return result; |
2851 | } |
2852 | |
2853 | void |
2854 | z_free(void * notused __unused, void * ptr) |
2855 | { |
2856 | uint32_t * skipper = (uint32_t *)ptr - 1; |
2857 | z_mem * zmem = (z_mem *)skipper; |
2858 | kfree((void *)zmem, zmem->alloc_size); |
2859 | return; |
2860 | } |
2861 | }; |
2862 | |
2863 | OSData * |
2864 | OSKext::( |
2865 | UInt8 * data, |
2866 | const char * name, |
2867 | uint32_t compressedSize, |
2868 | uint32_t fullSize) |
2869 | { |
2870 | OSData * result = NULL; |
2871 | |
2872 | OSData * uncompressedData = NULL; // release on error |
2873 | |
2874 | uint8_t * uncompressedDataBuffer = 0; // do not free |
2875 | unsigned long uncompressedSize; |
2876 | z_stream zstream; |
2877 | bool zstream_inited = false; |
2878 | int zlib_result; |
2879 | |
2880 | /* If the file isn't compressed, we want to make a copy |
2881 | * so that we don't have the tie to the larger mkext file buffer any more. |
2882 | */ |
2883 | if (!compressedSize) { |
2884 | uncompressedData = OSData::withBytes(data, fullSize); |
2885 | // xxx - no check for failure? |
2886 | result = uncompressedData; |
2887 | goto finish; |
2888 | } |
2889 | |
2890 | if (KERN_SUCCESS != kmem_alloc(kernel_map, |
2891 | (vm_offset_t*)&uncompressedDataBuffer, fullSize, VM_KERN_MEMORY_OSKEXT)) { |
2892 | |
2893 | /* How's this for cheesy? The kernel is only asked to extract |
2894 | * kext plists so we tailor the log messages. |
2895 | */ |
2896 | if (isKernel()) { |
2897 | OSKextLog(this, |
2898 | kOSKextLogErrorLevel | |
2899 | kOSKextLogArchiveFlag, |
2900 | "Allocation failure extracting %s from mkext." , name); |
2901 | } else { |
2902 | OSKextLog(this, |
2903 | kOSKextLogErrorLevel | |
2904 | kOSKextLogArchiveFlag, |
2905 | "Allocation failure extracting %s from mkext for kext %s." , |
2906 | name, getIdentifierCString()); |
2907 | } |
2908 | |
2909 | goto finish; |
2910 | } |
2911 | uncompressedData = OSData::withBytesNoCopy(uncompressedDataBuffer, fullSize); |
2912 | if (!uncompressedData) { |
2913 | if (isKernel()) { |
2914 | OSKextLog(this, |
2915 | kOSKextLogErrorLevel | |
2916 | kOSKextLogArchiveFlag, |
2917 | "Allocation failure extracting %s from mkext." , name); |
2918 | } else { |
2919 | OSKextLog(this, |
2920 | kOSKextLogErrorLevel | |
2921 | kOSKextLogArchiveFlag, |
2922 | "Allocation failure extracting %s from mkext for kext %s." , |
2923 | name, getIdentifierCString()); |
2924 | } |
2925 | goto finish; |
2926 | } |
2927 | uncompressedData->setDeallocFunction(&osdata_kmem_free); |
2928 | |
2929 | if (isKernel()) { |
2930 | OSKextLog(this, |
2931 | kOSKextLogDetailLevel | |
2932 | kOSKextLogArchiveFlag, |
2933 | "Kernel extracted %s from mkext - compressed size %d, uncompressed size %d." , |
2934 | name, compressedSize, fullSize); |
2935 | } else { |
2936 | OSKextLog(this, |
2937 | kOSKextLogDetailLevel | |
2938 | kOSKextLogArchiveFlag, |
2939 | "Kext %s extracted %s from mkext - compressed size %d, uncompressed size %d." , |
2940 | getIdentifierCString(), name, compressedSize, fullSize); |
2941 | } |
2942 | |
2943 | bzero(&zstream, sizeof(zstream)); |
2944 | zstream.next_in = (UInt8 *)data; |
2945 | zstream.avail_in = compressedSize; |
2946 | |
2947 | zstream.next_out = uncompressedDataBuffer; |
2948 | zstream.avail_out = fullSize; |
2949 | |
2950 | zstream.zalloc = z_alloc; |
2951 | zstream.zfree = z_free; |
2952 | |
2953 | zlib_result = inflateInit(&zstream); |
2954 | if (Z_OK != zlib_result) { |
2955 | if (isKernel()) { |
2956 | OSKextLog(this, |
2957 | kOSKextLogErrorLevel | |
2958 | kOSKextLogArchiveFlag, |
2959 | "Mkext error; zlib inflateInit failed (%d) for %s." , |
2960 | zlib_result, name); |
2961 | } else { |
2962 | OSKextLog(this, |
2963 | kOSKextLogErrorLevel | |
2964 | kOSKextLogArchiveFlag, |
2965 | "Kext %s - mkext error; zlib inflateInit failed (%d) for %s ." , |
2966 | getIdentifierCString(), zlib_result, name); |
2967 | } |
2968 | goto finish; |
2969 | } else { |
2970 | zstream_inited = true; |
2971 | } |
2972 | |
2973 | zlib_result = inflate(&zstream, Z_FINISH); |
2974 | |
2975 | if (zlib_result == Z_STREAM_END || zlib_result == Z_OK) { |
2976 | uncompressedSize = zstream.total_out; |
2977 | } else { |
2978 | if (isKernel()) { |
2979 | OSKextLog(this, |
2980 | kOSKextLogErrorLevel | |
2981 | kOSKextLogArchiveFlag, |
2982 | "Mkext error; zlib inflate failed (%d) for %s." , |
2983 | zlib_result, name); |
2984 | } else { |
2985 | OSKextLog(this, |
2986 | kOSKextLogErrorLevel | |
2987 | kOSKextLogArchiveFlag, |
2988 | "Kext %s - mkext error; zlib inflate failed (%d) for %s ." , |
2989 | getIdentifierCString(), zlib_result, name); |
2990 | } |
2991 | if (zstream.msg) { |
2992 | OSKextLog(this, |
2993 | kOSKextLogErrorLevel | |
2994 | kOSKextLogArchiveFlag, |
2995 | "zlib error: %s." , zstream.msg); |
2996 | } |
2997 | goto finish; |
2998 | } |
2999 | |
3000 | if (uncompressedSize != fullSize) { |
3001 | if (isKernel()) { |
3002 | OSKextLog(this, |
3003 | kOSKextLogErrorLevel | |
3004 | kOSKextLogArchiveFlag, |
3005 | "Mkext error; zlib inflate discrepancy for %s, " |
3006 | "uncompressed size != original size." , name); |
3007 | } else { |
3008 | OSKextLog(this, |
3009 | kOSKextLogErrorLevel | |
3010 | kOSKextLogArchiveFlag, |
3011 | "Kext %s - mkext error; zlib inflate discrepancy for %s, " |
3012 | "uncompressed size != original size." , |
3013 | getIdentifierCString(), name); |
3014 | } |
3015 | goto finish; |
3016 | } |
3017 | |
3018 | result = uncompressedData; |
3019 | |
3020 | finish: |
3021 | /* Don't bother checking return, nothing we can do on fail. |
3022 | */ |
3023 | if (zstream_inited) inflateEnd(&zstream); |
3024 | |
3025 | if (!result) { |
3026 | OSSafeReleaseNULL(uncompressedData); |
3027 | } |
3028 | |
3029 | return result; |
3030 | } |
3031 | |
3032 | /********************************************************************* |
3033 | *********************************************************************/ |
3034 | /* static */ |
3035 | OSReturn |
3036 | OSKext::loadFromMkext( |
3037 | OSKextLogSpec clientLogFilter, |
3038 | char * mkextBuffer, |
3039 | uint32_t mkextBufferLength, |
3040 | char ** logInfoOut, |
3041 | uint32_t * logInfoLengthOut) |
3042 | { |
3043 | OSReturn result = kOSReturnError; |
3044 | OSReturn tempResult = kOSReturnError; |
3045 | |
3046 | OSData * mkextData = NULL; // must release |
3047 | OSDictionary * mkextPlist = NULL; // must release |
3048 | |
3049 | OSArray * logInfoArray = NULL; // must release |
3050 | OSSerialize * serializer = NULL; // must release |
3051 | |
3052 | OSString * predicate = NULL; // do not release |
3053 | OSDictionary * requestArgs = NULL; // do not release |
3054 | |
3055 | OSString * kextIdentifier = NULL; // do not release |
3056 | OSNumber * startKextExcludeNum = NULL; // do not release |
3057 | OSNumber * startMatchingExcludeNum = NULL; // do not release |
3058 | OSBoolean * delayAutounloadBool = NULL; // do not release |
3059 | OSArray * personalityNames = NULL; // do not release |
3060 | |
3061 | /* Default values for these two options: regular autounload behavior, |
3062 | * load all kexts, send no personalities. |
3063 | */ |
3064 | Boolean delayAutounload = false; |
3065 | OSKextExcludeLevel startKextExcludeLevel = kOSKextExcludeNone; |
3066 | OSKextExcludeLevel startMatchingExcludeLevel = kOSKextExcludeAll; |
3067 | |
3068 | IORecursiveLockLock(sKextLock); |
3069 | |
3070 | if (logInfoOut) { |
3071 | *logInfoOut = NULL; |
3072 | *logInfoLengthOut = 0; |
3073 | } |
3074 | |
3075 | OSKext::setUserSpaceLogFilter(clientLogFilter, logInfoOut ? true : false); |
3076 | |
3077 | OSKextLog(/* kext */ NULL, |
3078 | kOSKextLogDebugLevel | |
3079 | kOSKextLogIPCFlag, |
3080 | "Received kext load request from user space." ); |
3081 | |
3082 | /* Regardless of processing, the fact that we have gotten here means some |
3083 | * user-space program is up and talking to us, so we'll switch our kext |
3084 | * registration to reflect that. |
3085 | */ |
3086 | if (!sUserLoadsActive) { |
3087 | OSKextLog(/* kext */ NULL, |
3088 | kOSKextLogProgressLevel | |
3089 | kOSKextLogGeneralFlag | kOSKextLogLoadFlag, |
3090 | "Switching to late startup (user-space) kext loading policy." ); |
3091 | |
3092 | sUserLoadsActive = true; |
3093 | } |
3094 | |
3095 | if (!sLoadEnabled) { |
3096 | OSKextLog(/* kext */ NULL, |
3097 | kOSKextLogErrorLevel | |
3098 | kOSKextLogLoadFlag, |
3099 | "Kext loading is disabled." ); |
3100 | result = kOSKextReturnDisabled; |
3101 | goto finish; |
3102 | } |
3103 | |
3104 | /* Note that we do not set a dealloc function on this OSData |
3105 | * object! No references to it can remain after the loadFromMkext() |
3106 | * call since we are in a MIG function, and will vm_deallocate() |
3107 | * the buffer. |
3108 | */ |
3109 | mkextData = OSData::withBytesNoCopy(mkextBuffer, |
3110 | mkextBufferLength); |
3111 | if (!mkextData) { |
3112 | OSKextLog(/* kext */ NULL, |
3113 | kOSKextLogErrorLevel | |
3114 | kOSKextLogLoadFlag | kOSKextLogIPCFlag, |
3115 | "Failed to create wrapper for kext load request." ); |
3116 | result = kOSKextReturnNoMemory; |
3117 | goto finish; |
3118 | } |
3119 | |
3120 | result = readMkext2Archive(mkextData, &mkextPlist, NULL); |
3121 | if (result != kOSReturnSuccess) { |
3122 | OSKextLog(/* kext */ NULL, |
3123 | kOSKextLogErrorLevel | |
3124 | kOSKextLogLoadFlag, |
3125 | "Failed to read kext load request." ); |
3126 | goto finish; |
3127 | } |
3128 | |
3129 | predicate = _OSKextGetRequestPredicate(mkextPlist); |
3130 | if (!predicate || !predicate->isEqualTo(kKextRequestPredicateLoad)) { |
3131 | OSKextLog(/* kext */ NULL, |
3132 | kOSKextLogErrorLevel | |
3133 | kOSKextLogLoadFlag, |
3134 | "Received kext load request with no predicate; skipping." ); |
3135 | result = kOSKextReturnInvalidArgument; |
3136 | goto finish; |
3137 | } |
3138 | |
3139 | requestArgs = OSDynamicCast(OSDictionary, |
3140 | mkextPlist->getObject(kKextRequestArgumentsKey)); |
3141 | if (!requestArgs || !requestArgs->getCount()) { |
3142 | OSKextLog(/* kext */ NULL, |
3143 | kOSKextLogErrorLevel | |
3144 | kOSKextLogLoadFlag, |
3145 | "Received kext load request with no arguments." ); |
3146 | result = kOSKextReturnInvalidArgument; |
3147 | goto finish; |
3148 | } |
3149 | |
3150 | kextIdentifier = OSDynamicCast(OSString, |
3151 | requestArgs->getObject(kKextRequestArgumentBundleIdentifierKey)); |
3152 | if (!kextIdentifier) { |
3153 | OSKextLog(/* kext */ NULL, |
3154 | kOSKextLogErrorLevel | |
3155 | kOSKextLogLoadFlag, |
3156 | "Received kext load request with no kext identifier." ); |
3157 | result = kOSKextReturnInvalidArgument; |
3158 | goto finish; |
3159 | } |
3160 | |
3161 | startKextExcludeNum = OSDynamicCast(OSNumber, |
3162 | requestArgs->getObject(kKextRequestArgumentStartExcludeKey)); |
3163 | startMatchingExcludeNum = OSDynamicCast(OSNumber, |
3164 | requestArgs->getObject(kKextRequestArgumentStartMatchingExcludeKey)); |
3165 | delayAutounloadBool = OSDynamicCast(OSBoolean, |
3166 | requestArgs->getObject(kKextRequestArgumentDelayAutounloadKey)); |
3167 | personalityNames = OSDynamicCast(OSArray, |
3168 | requestArgs->getObject(kKextRequestArgumentPersonalityNamesKey)); |
3169 | |
3170 | if (delayAutounloadBool) { |
3171 | delayAutounload = delayAutounloadBool->getValue(); |
3172 | } |
3173 | if (startKextExcludeNum) { |
3174 | startKextExcludeLevel = startKextExcludeNum->unsigned8BitValue(); |
3175 | } |
3176 | if (startMatchingExcludeNum) { |
3177 | startMatchingExcludeLevel = startMatchingExcludeNum->unsigned8BitValue(); |
3178 | } |
3179 | |
3180 | OSKextLog(/* kext */ NULL, |
3181 | kOSKextLogProgressLevel | |
3182 | kOSKextLogIPCFlag, |
3183 | "Received request from user space to load kext %s." , |
3184 | kextIdentifier->getCStringNoCopy()); |
3185 | |
3186 | /* Load the kext, with no deferral, since this is a load from outside |
3187 | * the kernel. |
3188 | * xxx - Would like a better way to handle the default values for the |
3189 | * xxx - start/match opt args. |
3190 | */ |
3191 | result = OSKext::loadKextWithIdentifier( |
3192 | kextIdentifier, |
3193 | /* allowDefer */ false, |
3194 | delayAutounload, |
3195 | startKextExcludeLevel, |
3196 | startMatchingExcludeLevel, |
3197 | personalityNames); |
3198 | if (result != kOSReturnSuccess) { |
3199 | goto finish; |
3200 | } |
3201 | /* If the load came down from kextd, it will shortly inform IOCatalogue |
3202 | * for matching via a separate IOKit calldown. |
3203 | */ |
3204 | |
3205 | finish: |
3206 | |
3207 | /* Gather up the collected log messages for user space. Any |
3208 | * error messages past this call will not make it up as log messages |
3209 | * but will be in the system log. |
3210 | */ |
3211 | logInfoArray = OSKext::clearUserSpaceLogFilter(); |
3212 | |
3213 | if (logInfoArray && logInfoOut && logInfoLengthOut) { |
3214 | tempResult = OSKext::serializeLogInfo(logInfoArray, |
3215 | logInfoOut, logInfoLengthOut); |
3216 | if (tempResult != kOSReturnSuccess) { |
3217 | result = tempResult; |
3218 | } |
3219 | } |
3220 | |
3221 | OSKext::flushNonloadedKexts(/* flushPrelinkedKexts */ false); |
3222 | |
3223 | /* Note: mkextDataObject will have been retained by every kext w/an |
3224 | * executable in it. That should all have been flushed out at the |
3225 | * and of the load operation, but you never know.... |
3226 | */ |
3227 | if (mkextData && mkextData->getRetainCount() > 1) { |
3228 | OSKextLog(/* kext */ NULL, |
3229 | kOSKextLogErrorLevel | |
3230 | kOSKextLogLoadFlag | kOSKextLogIPCFlag, |
3231 | "Kext load request buffer from user space still retained by a kext; " |
3232 | "probable memory leak." ); |
3233 | } |
3234 | |
3235 | IORecursiveLockUnlock(sKextLock); |
3236 | |
3237 | OSSafeReleaseNULL(mkextData); |
3238 | OSSafeReleaseNULL(mkextPlist); |
3239 | OSSafeReleaseNULL(serializer); |
3240 | OSSafeReleaseNULL(logInfoArray); |
3241 | |
3242 | return result; |
3243 | } |
3244 | |
3245 | /********************************************************************* |
3246 | *********************************************************************/ |
3247 | /* static */ |
3248 | OSReturn |
3249 | OSKext::serializeLogInfo( |
3250 | OSArray * logInfoArray, |
3251 | char ** logInfoOut, |
3252 | uint32_t * logInfoLengthOut) |
3253 | { |
3254 | OSReturn result = kOSReturnError; |
3255 | char * buffer = NULL; |
3256 | kern_return_t kmem_result = KERN_FAILURE; |
3257 | OSSerialize * serializer = NULL; // must release; reused |
3258 | char * logInfo = NULL; // returned by reference |
3259 | uint32_t logInfoLength = 0; |
3260 | |
3261 | if (!logInfoArray || !logInfoOut || !logInfoLengthOut) { |
3262 | OSKextLog(/* kext */ NULL, |
3263 | kOSKextLogErrorLevel | |
3264 | kOSKextLogIPCFlag, |
3265 | "Internal error; invalid arguments to OSKext::serializeLogInfo()." ); |
3266 | /* Bad programmer. */ |
3267 | result = kOSKextReturnInvalidArgument; |
3268 | goto finish; |
3269 | } |
3270 | |
3271 | serializer = OSSerialize::withCapacity(0); |
3272 | if (!serializer) { |
3273 | OSKextLog(/* kext */ NULL, |
3274 | kOSKextLogErrorLevel | |
3275 | kOSKextLogIPCFlag, |
3276 | "Failed to create serializer on log info for request from user space." ); |
3277 | /* Incidental error; we're going to (try to) allow the request |
3278 | * itself to succeed. */ |
3279 | } |
3280 | |
3281 | if (!logInfoArray->serialize(serializer)) { |
3282 | OSKextLog(/* kext */ NULL, |
3283 | kOSKextLogErrorLevel | |
3284 | kOSKextLogIPCFlag, |
3285 | "Failed to serialize log info for request from user space." ); |
3286 | /* Incidental error; we're going to (try to) allow the request |
3287 | * itself to succeed. */ |
3288 | } else { |
3289 | logInfo = serializer->text(); |
3290 | logInfoLength = serializer->getLength(); |
3291 | |
3292 | kmem_result = kmem_alloc(kernel_map, (vm_offset_t *)&buffer, round_page(logInfoLength), VM_KERN_MEMORY_OSKEXT); |
3293 | if (kmem_result != KERN_SUCCESS) { |
3294 | OSKextLog(/* kext */ NULL, |
3295 | kOSKextLogErrorLevel | |
3296 | kOSKextLogIPCFlag, |
3297 | "Failed to copy log info for request from user space." ); |
3298 | /* Incidental error; we're going to (try to) allow the request |
3299 | * to succeed. */ |
3300 | } else { |
3301 | /* 11981737 - clear uninitialized data in last page */ |
3302 | bzero((void *)(buffer + logInfoLength), |
3303 | (round_page(logInfoLength) - logInfoLength)); |
3304 | memcpy(buffer, logInfo, logInfoLength); |
3305 | *logInfoOut = buffer; |
3306 | *logInfoLengthOut = logInfoLength; |
3307 | } |
3308 | } |
3309 | |
3310 | result = kOSReturnSuccess; |
3311 | finish: |
3312 | OSSafeReleaseNULL(serializer); |
3313 | return result; |
3314 | } |
3315 | |
3316 | #if PRAGMA_MARK |
3317 | #pragma mark Instance Management Methods |
3318 | #endif |
3319 | /********************************************************************* |
3320 | *********************************************************************/ |
3321 | OSKext * |
3322 | OSKext::lookupKextWithIdentifier(const char * kextIdentifier) |
3323 | { |
3324 | OSKext * foundKext = NULL; |
3325 | |
3326 | IORecursiveLockLock(sKextLock); |
3327 | foundKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextIdentifier)); |
3328 | if (foundKext) { |
3329 | foundKext->retain(); |
3330 | } |
3331 | IORecursiveLockUnlock(sKextLock); |
3332 | |
3333 | return foundKext; |
3334 | } |
3335 | |
3336 | /********************************************************************* |
3337 | *********************************************************************/ |
3338 | OSKext * |
3339 | OSKext::lookupKextWithIdentifier(OSString * kextIdentifier) |
3340 | { |
3341 | return OSKext::lookupKextWithIdentifier(kextIdentifier->getCStringNoCopy()); |
3342 | } |
3343 | |
3344 | /********************************************************************* |
3345 | *********************************************************************/ |
3346 | OSKext * |
3347 | OSKext::lookupKextWithLoadTag(uint32_t aTag) |
3348 | { |
3349 | OSKext * foundKext = NULL; // returned |
3350 | uint32_t count, i; |
3351 | |
3352 | IORecursiveLockLock(sKextLock); |
3353 | |
3354 | count = sLoadedKexts->getCount(); |
3355 | for (i = 0; i < count; i++) { |
3356 | OSKext * thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
3357 | if (thisKext->getLoadTag() == aTag) { |
3358 | foundKext = thisKext; |
3359 | foundKext->retain(); |
3360 | goto finish; |
3361 | } |
3362 | } |
3363 | |
3364 | finish: |
3365 | IORecursiveLockUnlock(sKextLock); |
3366 | |
3367 | return foundKext; |
3368 | } |
3369 | |
3370 | /********************************************************************* |
3371 | *********************************************************************/ |
3372 | OSKext * |
3373 | OSKext::lookupKextWithAddress(vm_address_t address) |
3374 | { |
3375 | OSKext * foundKext = NULL; // returned |
3376 | uint32_t count, i; |
3377 | |
3378 | IORecursiveLockLock(sKextLock); |
3379 | |
3380 | count = sLoadedKexts->getCount(); |
3381 | for (i = 0; i < count; i++) { |
3382 | OSKext * thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
3383 | if (thisKext->linkedExecutable) { |
3384 | vm_address_t kext_start = |
3385 | (vm_address_t)thisKext->linkedExecutable->getBytesNoCopy(); |
3386 | vm_address_t kext_end = kext_start + |
3387 | thisKext->linkedExecutable->getLength(); |
3388 | if ((kext_start <= address) && (address < kext_end)) { |
3389 | foundKext = thisKext; |
3390 | foundKext->retain(); |
3391 | goto finish; |
3392 | } |
3393 | } |
3394 | } |
3395 | |
3396 | finish: |
3397 | IORecursiveLockUnlock(sKextLock); |
3398 | |
3399 | return foundKext; |
3400 | } |
3401 | |
3402 | OSData * |
3403 | OSKext::copyKextUUIDForAddress(OSNumber *address) |
3404 | { |
3405 | OSData * uuid = NULL; |
3406 | OSKextActiveAccount * active; |
3407 | OSKext * kext = NULL; |
3408 | uint32_t baseIdx; |
3409 | uint32_t lim; |
3410 | |
3411 | if (!address) { |
3412 | return NULL; |
3413 | } |
3414 | |
3415 | uintptr_t addr = ml_static_slide((uintptr_t)address->unsigned64BitValue()); |
3416 | |
3417 | #if CONFIG_MACF |
3418 | /* Is the calling process allowed to query kext info? */ |
3419 | if (current_task() != kernel_task) { |
3420 | int macCheckResult = 0; |
3421 | kauth_cred_t cred = NULL; |
3422 | |
3423 | cred = kauth_cred_get_with_ref(); |
3424 | macCheckResult = mac_kext_check_query(cred); |
3425 | kauth_cred_unref(&cred); |
3426 | |
3427 | if (macCheckResult != 0) { |
3428 | OSKextLog(/* kext */ NULL, |
3429 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
3430 | "Failed to query kext UUID (MAC policy error 0x%x)." , |
3431 | macCheckResult); |
3432 | return NULL; |
3433 | } |
3434 | } |
3435 | #endif |
3436 | |
3437 | IOSimpleLockLock(sKextAccountsLock); |
3438 | // bsearch sKextAccounts list |
3439 | for (baseIdx = 0, lim = sKextAccountsCount; lim; lim >>= 1) |
3440 | { |
3441 | active = &sKextAccounts[baseIdx + (lim >> 1)]; |
3442 | if ((addr >= active->address) && (addr < active->address_end)) |
3443 | { |
3444 | kext = active->account->kext; |
3445 | if (kext) kext->retain(); |
3446 | break; |
3447 | } |
3448 | else if (addr > active->address) |
3449 | { |
3450 | // move right |
3451 | baseIdx += (lim >> 1) + 1; |
3452 | lim--; |
3453 | } |
3454 | // else move left |
3455 | } |
3456 | IOSimpleLockUnlock(sKextAccountsLock); |
3457 | |
3458 | if (kext) |
3459 | { |
3460 | uuid = kext->copyTextUUID(); |
3461 | kext->release(); |
3462 | } |
3463 | else if (((vm_offset_t)addr >= vm_kernel_stext) && ((vm_offset_t)addr < vm_kernel_etext)) |
3464 | { |
3465 | uuid = sKernelKext->copyTextUUID(); |
3466 | } |
3467 | |
3468 | return uuid; |
3469 | } |
3470 | |
3471 | /********************************************************************* |
3472 | *********************************************************************/ |
3473 | OSKext * |
3474 | OSKext::lookupKextWithUUID(uuid_t wanted) |
3475 | { |
3476 | OSKext * foundKext = NULL; // returned |
3477 | uint32_t count, i; |
3478 | |
3479 | IORecursiveLockLock(sKextLock); |
3480 | |
3481 | count = sLoadedKexts->getCount(); |
3482 | |
3483 | for (i = 0; i < count; i++) { |
3484 | OSKext * thisKext = NULL; |
3485 | |
3486 | thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
3487 | if (!thisKext) { |
3488 | continue; |
3489 | } |
3490 | |
3491 | OSData *uuid_data = thisKext->copyUUID(); |
3492 | if (!uuid_data) { |
3493 | continue; |
3494 | } |
3495 | |
3496 | uuid_t uuid; |
3497 | memcpy(&uuid, uuid_data->getBytesNoCopy(), sizeof(uuid)); |
3498 | uuid_data->release(); |
3499 | |
3500 | if (0 == uuid_compare(wanted, uuid)) { |
3501 | foundKext = thisKext; |
3502 | foundKext->retain(); |
3503 | goto finish; |
3504 | } |
3505 | |
3506 | } |
3507 | |
3508 | finish: |
3509 | IORecursiveLockUnlock(sKextLock); |
3510 | |
3511 | return foundKext; |
3512 | } |
3513 | |
3514 | |
3515 | |
3516 | |
3517 | /********************************************************************* |
3518 | *********************************************************************/ |
3519 | /* static */ |
3520 | bool OSKext::isKextWithIdentifierLoaded(const char * kextIdentifier) |
3521 | { |
3522 | bool result = false; |
3523 | OSKext * foundKext = NULL; // returned |
3524 | |
3525 | IORecursiveLockLock(sKextLock); |
3526 | |
3527 | foundKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextIdentifier)); |
3528 | if (foundKext && foundKext->isLoaded()) { |
3529 | result = true; |
3530 | } |
3531 | |
3532 | IORecursiveLockUnlock(sKextLock); |
3533 | |
3534 | return result; |
3535 | } |
3536 | |
3537 | /********************************************************************* |
3538 | * xxx - should spawn a separate thread so a kext can safely have |
3539 | * xxx - itself unloaded. |
3540 | *********************************************************************/ |
3541 | /* static */ |
3542 | OSReturn |
3543 | OSKext::removeKext( |
3544 | OSKext * aKext, |
3545 | #if CONFIG_EMBEDDED |
3546 | __unused |
3547 | #endif |
3548 | bool terminateServicesAndRemovePersonalitiesFlag) |
3549 | { |
3550 | #if CONFIG_EMBEDDED |
3551 | OSKextLog(aKext, |
3552 | kOSKextLogErrorLevel | |
3553 | kOSKextLogKextBookkeepingFlag, |
3554 | "removeKext() called for %s, not supported on embedded" , |
3555 | aKext->getIdentifier() ? aKext->getIdentifierCString() : "unknown kext" ); |
3556 | |
3557 | return kOSReturnSuccess; |
3558 | #else /* CONFIG_EMBEDDED */ |
3559 | |
3560 | OSReturn result = kOSKextReturnInUse; |
3561 | OSKext * checkKext = NULL; // do not release |
3562 | #if CONFIG_MACF |
3563 | int macCheckResult = 0; |
3564 | kauth_cred_t cred = NULL; |
3565 | #endif |
3566 | |
3567 | IORecursiveLockLock(sKextLock); |
3568 | |
3569 | /* If the kext has no identifier, it failed to init |
3570 | * so isn't in sKextsByID and it isn't loaded. |
3571 | */ |
3572 | if (!aKext->getIdentifier()) { |
3573 | result = kOSReturnSuccess; |
3574 | goto finish; |
3575 | } |
3576 | |
3577 | checkKext = OSDynamicCast(OSKext, |
3578 | sKextsByID->getObject(aKext->getIdentifier())); |
3579 | if (checkKext != aKext) { |
3580 | result = kOSKextReturnNotFound; |
3581 | goto finish; |
3582 | } |
3583 | |
3584 | if (aKext->isLoaded()) { |
3585 | #if CONFIG_MACF |
3586 | if (current_task() != kernel_task) { |
3587 | cred = kauth_cred_get_with_ref(); |
3588 | macCheckResult = mac_kext_check_unload(cred, aKext->getIdentifierCString()); |
3589 | kauth_cred_unref(&cred); |
3590 | } |
3591 | |
3592 | if (macCheckResult != 0) { |
3593 | result = kOSReturnError; |
3594 | OSKextLog(aKext, |
3595 | kOSKextLogErrorLevel | |
3596 | kOSKextLogKextBookkeepingFlag, |
3597 | "Failed to remove kext %s (MAC policy error 0x%x)." , |
3598 | aKext->getIdentifierCString(), macCheckResult); |
3599 | goto finish; |
3600 | } |
3601 | #endif |
3602 | |
3603 | /* make sure there are no resource requests in flight - 17187548 */ |
3604 | if (aKext->countRequestCallbacks()) { |
3605 | goto finish; |
3606 | } |
3607 | |
3608 | /* If we are terminating, send the request to the IOCatalogue |
3609 | * (which will actually call us right back but that's ok we have |
3610 | * a recursive lock don't you know) but do not ask the IOCatalogue |
3611 | * to call back with an unload, we'll do that right here. |
3612 | */ |
3613 | if (terminateServicesAndRemovePersonalitiesFlag) { |
3614 | result = gIOCatalogue->terminateDriversForModule( |
3615 | aKext->getIdentifierCString(), /* unload */ false); |
3616 | if (result != kOSReturnSuccess) { |
3617 | OSKextLog(aKext, |
3618 | kOSKextLogErrorLevel | |
3619 | kOSKextLogKextBookkeepingFlag, |
3620 | "Can't remove kext %s; services failed to terminate - 0x%x." , |
3621 | aKext->getIdentifierCString(), result); |
3622 | goto finish; |
3623 | } |
3624 | } |
3625 | |
3626 | result = aKext->unload(); |
3627 | if (result != kOSReturnSuccess) { |
3628 | goto finish; |
3629 | } |
3630 | } |
3631 | |
3632 | /* Remove personalities as requested. This is a bit redundant for a loaded |
3633 | * kext as IOCatalogue::terminateDriversForModule() removes driver |
3634 | * personalities, but it doesn't restart matching, which we always want |
3635 | * coming from here, and OSKext::removePersonalitiesFromCatalog() ensures |
3636 | * that happens. |
3637 | */ |
3638 | if (terminateServicesAndRemovePersonalitiesFlag) { |
3639 | aKext->removePersonalitiesFromCatalog(); |
3640 | } |
3641 | |
3642 | OSKextLog(aKext, |
3643 | kOSKextLogProgressLevel | |
3644 | kOSKextLogKextBookkeepingFlag, |
3645 | "Removing kext %s." , |
3646 | aKext->getIdentifierCString()); |
3647 | |
3648 | sKextsByID->removeObject(aKext->getIdentifier()); |
3649 | result = kOSReturnSuccess; |
3650 | |
3651 | finish: |
3652 | IORecursiveLockUnlock(sKextLock); |
3653 | return result; |
3654 | #endif /* CONFIG_EMBEDDED */ |
3655 | } |
3656 | |
3657 | /********************************************************************* |
3658 | *********************************************************************/ |
3659 | /* static */ |
3660 | OSReturn |
3661 | OSKext::removeKextWithIdentifier( |
3662 | const char * kextIdentifier, |
3663 | bool terminateServicesAndRemovePersonalitiesFlag) |
3664 | { |
3665 | OSReturn result = kOSReturnError; |
3666 | |
3667 | IORecursiveLockLock(sKextLock); |
3668 | |
3669 | OSKext * aKext = OSDynamicCast(OSKext, |
3670 | sKextsByID->getObject(kextIdentifier)); |
3671 | if (!aKext) { |
3672 | result = kOSKextReturnNotFound; |
3673 | OSKextLog(/* kext */ NULL, |
3674 | kOSKextLogErrorLevel | |
3675 | kOSKextLogKextBookkeepingFlag, |
3676 | "Can't remove kext %s - not found." , |
3677 | kextIdentifier); |
3678 | goto finish; |
3679 | } |
3680 | |
3681 | result = OSKext::removeKext(aKext, |
3682 | terminateServicesAndRemovePersonalitiesFlag); |
3683 | |
3684 | finish: |
3685 | IORecursiveLockUnlock(sKextLock); |
3686 | |
3687 | return result; |
3688 | } |
3689 | |
3690 | /********************************************************************* |
3691 | *********************************************************************/ |
3692 | /* static */ |
3693 | OSReturn |
3694 | OSKext::removeKextWithLoadTag( |
3695 | OSKextLoadTag loadTag, |
3696 | bool terminateServicesAndRemovePersonalitiesFlag) |
3697 | { |
3698 | OSReturn result = kOSReturnError; |
3699 | OSKext * foundKext = NULL; |
3700 | uint32_t count, i; |
3701 | |
3702 | IORecursiveLockLock(sKextLock); |
3703 | |
3704 | count = sLoadedKexts->getCount(); |
3705 | for (i = 0; i < count; i++) { |
3706 | OSKext * thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
3707 | if (thisKext->loadTag == loadTag) { |
3708 | foundKext = thisKext; |
3709 | break; |
3710 | } |
3711 | } |
3712 | |
3713 | if (!foundKext) { |
3714 | result = kOSKextReturnNotFound; |
3715 | OSKextLog(/* kext */ NULL, |
3716 | kOSKextLogErrorLevel | |
3717 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
3718 | "Can't remove kext with load tag %d - not found." , |
3719 | loadTag); |
3720 | goto finish; |
3721 | } |
3722 | |
3723 | result = OSKext::removeKext(foundKext, |
3724 | terminateServicesAndRemovePersonalitiesFlag); |
3725 | |
3726 | finish: |
3727 | IORecursiveLockUnlock(sKextLock); |
3728 | |
3729 | return result; |
3730 | } |
3731 | |
3732 | /********************************************************************* |
3733 | *********************************************************************/ |
3734 | OSDictionary * |
3735 | OSKext::copyKexts(void) |
3736 | { |
3737 | OSDictionary * result; |
3738 | |
3739 | IORecursiveLockLock(sKextLock); |
3740 | result = OSDynamicCast(OSDictionary, sKextsByID->copyCollection()); |
3741 | IORecursiveLockUnlock(sKextLock); |
3742 | |
3743 | return result; |
3744 | } |
3745 | |
3746 | /********************************************************************* |
3747 | *********************************************************************/ |
3748 | #define BOOTER_KEXT_PREFIX "Driver-" |
3749 | |
3750 | typedef struct _DeviceTreeBuffer { |
3751 | uint32_t paddr; |
3752 | uint32_t length; |
3753 | } _DeviceTreeBuffer; |
3754 | |
3755 | /********************************************************************* |
3756 | * Create a dictionary of excluded kexts from the given booter data. |
3757 | *********************************************************************/ |
3758 | /* static */ |
3759 | void |
3760 | OSKext::createExcludeListFromBooterData( |
3761 | OSDictionary * theDictionary, |
3762 | OSCollectionIterator * theIterator ) |
3763 | { |
3764 | OSString * deviceTreeName = NULL; // do not release |
3765 | const _DeviceTreeBuffer * deviceTreeBuffer = NULL; // do not release |
3766 | char * booterDataPtr = NULL; // do not release |
3767 | _BooterKextFileInfo * kextFileInfo = NULL; // do not release |
3768 | char * infoDictAddr = NULL; // do not release |
3769 | OSObject * parsedXML = NULL; // must release |
3770 | OSDictionary * theInfoDict = NULL; // do not release |
3771 | |
3772 | theIterator->reset(); |
3773 | |
3774 | /* look for AppleKextExcludeList.kext */ |
3775 | while ( (deviceTreeName = |
3776 | OSDynamicCast(OSString, theIterator->getNextObject())) ) { |
3777 | |
3778 | const char * devTreeNameCString; |
3779 | OSData * deviceTreeEntry; |
3780 | OSString * myBundleID; // do not release |
3781 | |
3782 | OSSafeReleaseNULL(parsedXML); |
3783 | |
3784 | deviceTreeEntry = |
3785 | OSDynamicCast(OSData, theDictionary->getObject(deviceTreeName)); |
3786 | if (!deviceTreeEntry) { |
3787 | continue; |
3788 | } |
3789 | |
3790 | /* Make sure it is a kext */ |
3791 | devTreeNameCString = deviceTreeName->getCStringNoCopy(); |
3792 | if (strncmp(devTreeNameCString, BOOTER_KEXT_PREFIX, |
3793 | (sizeof(BOOTER_KEXT_PREFIX) - 1)) != 0) { |
3794 | OSKextLog(NULL, |
3795 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
3796 | "\"%s\" not a kext" , |
3797 | devTreeNameCString); |
3798 | continue; |
3799 | } |
3800 | |
3801 | deviceTreeBuffer = (const _DeviceTreeBuffer *) |
3802 | deviceTreeEntry->getBytesNoCopy(0, sizeof(deviceTreeBuffer)); |
3803 | if (!deviceTreeBuffer) { |
3804 | continue; |
3805 | } |
3806 | |
3807 | booterDataPtr = (char *)ml_static_ptovirt(deviceTreeBuffer->paddr); |
3808 | if (!booterDataPtr) { |
3809 | continue; |
3810 | } |
3811 | |
3812 | kextFileInfo = (_BooterKextFileInfo *) booterDataPtr; |
3813 | if (!kextFileInfo->infoDictPhysAddr || |
3814 | !kextFileInfo->infoDictLength) { |
3815 | continue; |
3816 | } |
3817 | |
3818 | infoDictAddr = (char *) |
3819 | ml_static_ptovirt(kextFileInfo->infoDictPhysAddr); |
3820 | if (!infoDictAddr) { |
3821 | continue; |
3822 | } |
3823 | |
3824 | parsedXML = OSUnserializeXML(infoDictAddr); |
3825 | if (!parsedXML) { |
3826 | continue; |
3827 | } |
3828 | |
3829 | theInfoDict = OSDynamicCast(OSDictionary, parsedXML); |
3830 | if (!theInfoDict) { |
3831 | continue; |
3832 | } |
3833 | |
3834 | myBundleID = |
3835 | OSDynamicCast(OSString, |
3836 | theInfoDict->getObject(kCFBundleIdentifierKey)); |
3837 | if ( myBundleID && |
3838 | strcmp( myBundleID->getCStringNoCopy(), "com.apple.driver.KextExcludeList" ) == 0 ) { |
3839 | |
3840 | boolean_t updated = updateExcludeList(theInfoDict); |
3841 | if (!updated) { |
3842 | /* 25322874 */ |
3843 | panic("Missing OSKextExcludeList dictionary\n" ); |
3844 | } |
3845 | break; |
3846 | } |
3847 | |
3848 | } // while ( (deviceTreeName = ...) ) |
3849 | |
3850 | OSSafeReleaseNULL(parsedXML); |
3851 | return; |
3852 | } |
3853 | |
3854 | /********************************************************************* |
3855 | * Create a dictionary of excluded kexts from the given prelink |
3856 | * info (kernelcache). |
3857 | *********************************************************************/ |
3858 | /* static */ |
3859 | void |
3860 | OSKext::createExcludeListFromPrelinkInfo( OSArray * theInfoArray ) |
3861 | { |
3862 | OSDictionary * myInfoDict = NULL; // do not release |
3863 | OSString * myBundleID; // do not release |
3864 | u_int i; |
3865 | |
3866 | /* Find com.apple.driver.KextExcludeList. */ |
3867 | for (i = 0; i < theInfoArray->getCount(); i++) { |
3868 | myInfoDict = OSDynamicCast(OSDictionary, theInfoArray->getObject(i)); |
3869 | if (!myInfoDict) { |
3870 | continue; |
3871 | } |
3872 | myBundleID = |
3873 | OSDynamicCast(OSString, |
3874 | myInfoDict->getObject(kCFBundleIdentifierKey)); |
3875 | if ( myBundleID && |
3876 | strcmp( myBundleID->getCStringNoCopy(), "com.apple.driver.KextExcludeList" ) == 0 ) { |
3877 | |
3878 | boolean_t updated = updateExcludeList(myInfoDict); |
3879 | if (!updated) { |
3880 | /* 25322874 */ |
3881 | panic("Missing OSKextExcludeList dictionary\n" ); |
3882 | } |
3883 | break; |
3884 | } |
3885 | } // for (i = 0; i < theInfoArray->getCount()... |
3886 | |
3887 | return; |
3888 | } |
3889 | |
3890 | /* static */ |
3891 | boolean_t |
3892 | OSKext::updateExcludeList(OSDictionary *infoDict) |
3893 | { |
3894 | OSDictionary *myTempDict = NULL; // do not free |
3895 | OSString *myTempString = NULL; // do not free |
3896 | OSKextVersion newVersion = 0; |
3897 | boolean_t updated = false; |
3898 | |
3899 | if (!infoDict) { |
3900 | return false; |
3901 | } |
3902 | |
3903 | myTempDict = OSDynamicCast(OSDictionary, infoDict->getObject("OSKextExcludeList" )); |
3904 | if (!myTempDict) { |
3905 | return false; |
3906 | } |
3907 | |
3908 | myTempString = OSDynamicCast(OSString, infoDict->getObject(kCFBundleVersionKey)); |
3909 | if (!myTempString) { |
3910 | return false; |
3911 | } |
3912 | |
3913 | newVersion = OSKextParseVersionString(myTempString->getCStringNoCopy()); |
3914 | if (newVersion == 0) { |
3915 | return false; |
3916 | } |
3917 | |
3918 | IORecursiveLockLock(sKextLock); |
3919 | |
3920 | if (newVersion > sExcludeListVersion) { |
3921 | OSSafeReleaseNULL(sExcludeListByID); |
3922 | sExcludeListByID = OSDictionary::withDictionary(myTempDict, 0); |
3923 | sExcludeListVersion = newVersion; |
3924 | updated = true; |
3925 | } |
3926 | |
3927 | IORecursiveLockUnlock(sKextLock); |
3928 | return updated; |
3929 | } |
3930 | |
3931 | #if PRAGMA_MARK |
3932 | #pragma mark Accessors |
3933 | #endif |
3934 | /********************************************************************* |
3935 | *********************************************************************/ |
3936 | const OSSymbol * |
3937 | OSKext::getIdentifier(void) |
3938 | { |
3939 | return bundleID; |
3940 | } |
3941 | |
3942 | /********************************************************************* |
3943 | * A kext must have a bundle identifier to even survive initialization; |
3944 | * this is guaranteed to exist past then. |
3945 | *********************************************************************/ |
3946 | const char * |
3947 | OSKext::getIdentifierCString(void) |
3948 | { |
3949 | return bundleID->getCStringNoCopy(); |
3950 | } |
3951 | |
3952 | /********************************************************************* |
3953 | *********************************************************************/ |
3954 | OSKextVersion |
3955 | OSKext::getVersion(void) |
3956 | { |
3957 | return version; |
3958 | } |
3959 | |
3960 | /********************************************************************* |
3961 | *********************************************************************/ |
3962 | OSKextVersion |
3963 | OSKext::getCompatibleVersion(void) |
3964 | { |
3965 | return compatibleVersion; |
3966 | } |
3967 | |
3968 | /********************************************************************* |
3969 | *********************************************************************/ |
3970 | bool |
3971 | OSKext::isLibrary(void) |
3972 | { |
3973 | return (getCompatibleVersion() > 0); |
3974 | } |
3975 | |
3976 | /********************************************************************* |
3977 | *********************************************************************/ |
3978 | bool |
3979 | OSKext::isCompatibleWithVersion(OSKextVersion aVersion) |
3980 | { |
3981 | if ((compatibleVersion > -1 && version > -1) && |
3982 | (compatibleVersion <= version && aVersion <= version)) { |
3983 | return true; |
3984 | } |
3985 | return false; |
3986 | } |
3987 | |
3988 | /********************************************************************* |
3989 | *********************************************************************/ |
3990 | bool |
3991 | OSKext::declaresExecutable(void) |
3992 | { |
3993 | return (getPropertyForHostArch(kCFBundleExecutableKey) != NULL); |
3994 | } |
3995 | |
3996 | /********************************************************************* |
3997 | *********************************************************************/ |
3998 | OSData * |
3999 | OSKext::getExecutable(void) |
4000 | { |
4001 | OSData * result = NULL; |
4002 | OSData * = NULL; // must release |
4003 | OSData * mkextExecutableRef = NULL; // do not release |
4004 | |
4005 | if (flags.builtin) return (sKernelKext->linkedExecutable); |
4006 | |
4007 | result = OSDynamicCast(OSData, infoDict->getObject(_kOSKextExecutableKey)); |
4008 | if (result) { |
4009 | goto finish; |
4010 | } |
4011 | |
4012 | mkextExecutableRef = OSDynamicCast(OSData, |
4013 | getPropertyForHostArch(_kOSKextMkextExecutableReferenceKey)); |
4014 | |
4015 | if (mkextExecutableRef) { |
4016 | |
4017 | MkextEntryRef * mkextEntryRef = (MkextEntryRef *) |
4018 | mkextExecutableRef->getBytesNoCopy(); |
4019 | uint32_t mkextVersion = MKEXT_GET_VERSION(mkextEntryRef->mkext); |
4020 | if (mkextVersion == MKEXT_VERS_2) { |
4021 | mkext2_file_entry * fileinfo = |
4022 | (mkext2_file_entry *)mkextEntryRef->fileinfo; |
4023 | uint32_t compressedSize = MKEXT2_GET_ENTRY_COMPSIZE(fileinfo); |
4024 | uint32_t fullSize = MKEXT2_GET_ENTRY_FULLSIZE(fileinfo); |
4025 | extractedExecutable = extractMkext2FileData( |
4026 | MKEXT2_GET_ENTRY_DATA(fileinfo), "executable" , |
4027 | compressedSize, fullSize); |
4028 | } else { |
4029 | OSKextLog(this, kOSKextLogErrorLevel | |
4030 | kOSKextLogArchiveFlag, |
4031 | "Kext %s - unknown mkext version 0x%x for executable." , |
4032 | getIdentifierCString(), mkextVersion); |
4033 | } |
4034 | |
4035 | /* Regardless of success, remove the mkext executable, |
4036 | * and drop one reference on the mkext. (setExecutable() does not |
4037 | * replace, it removes, or panics if asked to replace.) |
4038 | */ |
4039 | infoDict->removeObject(_kOSKextMkextExecutableReferenceKey); |
4040 | infoDict->removeObject(_kOSKextExecutableExternalDataKey); |
4041 | |
4042 | if (extractedExecutable && extractedExecutable->getLength()) { |
4043 | if (!setExecutable(extractedExecutable)) { |
4044 | goto finish; |
4045 | } |
4046 | result = extractedExecutable; |
4047 | } else { |
4048 | goto finish; |
4049 | } |
4050 | } |
4051 | |
4052 | finish: |
4053 | |
4054 | OSSafeReleaseNULL(extractedExecutable); |
4055 | |
4056 | return result; |
4057 | } |
4058 | |
4059 | /********************************************************************* |
4060 | *********************************************************************/ |
4061 | bool |
4062 | OSKext::isInterface(void) |
4063 | { |
4064 | return flags.interface; |
4065 | } |
4066 | |
4067 | /********************************************************************* |
4068 | *********************************************************************/ |
4069 | bool |
4070 | OSKext::isKernel(void) |
4071 | { |
4072 | return (this == sKernelKext); |
4073 | } |
4074 | |
4075 | /********************************************************************* |
4076 | *********************************************************************/ |
4077 | bool |
4078 | OSKext::isKernelComponent(void) |
4079 | { |
4080 | return flags.kernelComponent ? true : false; |
4081 | } |
4082 | |
4083 | /********************************************************************* |
4084 | *********************************************************************/ |
4085 | bool |
4086 | OSKext::isExecutable(void) |
4087 | { |
4088 | return (!isKernel() && !isInterface() && declaresExecutable()); |
4089 | } |
4090 | |
4091 | /********************************************************************* |
4092 | * We might want to check this recursively for all dependencies, |
4093 | * since a subtree of dependencies could get loaded before we hit |
4094 | * a dependency that isn't safe-boot-loadable. |
4095 | * |
4096 | * xxx - Might want to return false if OSBundleEnableKextLogging or |
4097 | * OSBundleDebugLevel |
4098 | * or IOKitDebug is nonzero too (we used to do that, but I don't see |
4099 | * the point except it's usually development drivers, which might |
4100 | * cause panics on startup, that have those properties). Heh; could |
4101 | * use a "kx" boot-arg! |
4102 | *********************************************************************/ |
4103 | bool |
4104 | OSKext::isLoadableInSafeBoot(void) |
4105 | { |
4106 | bool result = false; |
4107 | OSString * required = NULL; // do not release |
4108 | |
4109 | if (isKernel()) { |
4110 | result = true; |
4111 | goto finish; |
4112 | } |
4113 | |
4114 | required = OSDynamicCast(OSString, |
4115 | getPropertyForHostArch(kOSBundleRequiredKey)); |
4116 | if (!required) { |
4117 | goto finish; |
4118 | } |
4119 | if (required->isEqualTo(kOSBundleRequiredRoot) || |
4120 | required->isEqualTo(kOSBundleRequiredLocalRoot) || |
4121 | required->isEqualTo(kOSBundleRequiredNetworkRoot) || |
4122 | required->isEqualTo(kOSBundleRequiredSafeBoot) || |
4123 | required->isEqualTo(kOSBundleRequiredConsole)) { |
4124 | |
4125 | result = true; |
4126 | } |
4127 | |
4128 | finish: |
4129 | return result; |
4130 | } |
4131 | |
4132 | /********************************************************************* |
4133 | *********************************************************************/ |
4134 | bool |
4135 | OSKext::isPrelinked(void) |
4136 | { |
4137 | return flags.prelinked ? true : false; |
4138 | } |
4139 | |
4140 | /********************************************************************* |
4141 | *********************************************************************/ |
4142 | bool OSKext::isLoaded(void) |
4143 | { |
4144 | return flags.loaded ? true : false; |
4145 | } |
4146 | |
4147 | /********************************************************************* |
4148 | *********************************************************************/ |
4149 | bool |
4150 | OSKext::isStarted(void) |
4151 | { |
4152 | return flags.started ? true : false; |
4153 | } |
4154 | |
4155 | /********************************************************************* |
4156 | *********************************************************************/ |
4157 | bool |
4158 | OSKext::isCPPInitialized(void) |
4159 | { |
4160 | return flags.CPPInitialized; |
4161 | } |
4162 | |
4163 | /********************************************************************* |
4164 | *********************************************************************/ |
4165 | void |
4166 | OSKext::setCPPInitialized(bool initialized) |
4167 | { |
4168 | flags.CPPInitialized = initialized; |
4169 | } |
4170 | |
4171 | /********************************************************************* |
4172 | *********************************************************************/ |
4173 | uint32_t |
4174 | OSKext::getLoadTag(void) |
4175 | { |
4176 | return loadTag; |
4177 | } |
4178 | |
4179 | /********************************************************************* |
4180 | *********************************************************************/ |
4181 | void OSKext::getSizeInfo(uint32_t *loadSize, uint32_t *wiredSize) |
4182 | { |
4183 | if (linkedExecutable) { |
4184 | *loadSize = linkedExecutable->getLength(); |
4185 | |
4186 | /* If we have a kmod_info struct, calculated the wired size |
4187 | * from that. Otherwise it's the full load size. |
4188 | */ |
4189 | if (kmod_info) { |
4190 | *wiredSize = *loadSize - kmod_info->hdr_size; |
4191 | } else { |
4192 | *wiredSize = *loadSize; |
4193 | } |
4194 | } |
4195 | else { |
4196 | *wiredSize = 0; |
4197 | *loadSize = 0; |
4198 | } |
4199 | } |
4200 | |
4201 | /********************************************************************* |
4202 | *********************************************************************/ |
4203 | OSData * |
4204 | OSKext::copyUUID(void) |
4205 | { |
4206 | OSData * result = NULL; |
4207 | OSData * theExecutable = NULL; // do not release |
4208 | const kernel_mach_header_t * ; |
4209 | |
4210 | /* An interface kext doesn't have a linked executable with an LC_UUID, |
4211 | * we create one when it's linked. |
4212 | */ |
4213 | if (interfaceUUID) { |
4214 | result = interfaceUUID; |
4215 | result->retain(); |
4216 | goto finish; |
4217 | } |
4218 | |
4219 | if (flags.builtin || isInterface()) return (sKernelKext->copyUUID()); |
4220 | |
4221 | /* For real kexts, try to get the UUID from the linked executable, |
4222 | * or if is hasn't been linked yet, the unrelocated executable. |
4223 | */ |
4224 | theExecutable = linkedExecutable; |
4225 | if (!theExecutable) { |
4226 | theExecutable = getExecutable(); |
4227 | } |
4228 | if (!theExecutable) { |
4229 | goto finish; |
4230 | } |
4231 | |
4232 | header = (const kernel_mach_header_t *)theExecutable->getBytesNoCopy(); |
4233 | result = copyMachoUUID(header); |
4234 | |
4235 | finish: |
4236 | return result; |
4237 | } |
4238 | |
4239 | /********************************************************************* |
4240 | *********************************************************************/ |
4241 | OSData * |
4242 | OSKext::copyTextUUID(void) |
4243 | { |
4244 | if (flags.builtin) |
4245 | { |
4246 | return (copyMachoUUID((const kernel_mach_header_t *)kmod_info->address)); |
4247 | } |
4248 | return (copyUUID()); |
4249 | } |
4250 | |
4251 | /********************************************************************* |
4252 | *********************************************************************/ |
4253 | OSData * |
4254 | OSKext::(const kernel_mach_header_t * ) |
4255 | { |
4256 | OSData * result = NULL; |
4257 | const struct load_command * load_cmd = NULL; |
4258 | const struct uuid_command * uuid_cmd = NULL; |
4259 | uint32_t i; |
4260 | |
4261 | load_cmd = (const struct load_command *)&header[1]; |
4262 | |
4263 | if (header->magic != MH_MAGIC_KERNEL) { |
4264 | OSKextLog(NULL, |
4265 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
4266 | "%s: bad header %p" , |
4267 | __func__, |
4268 | header); |
4269 | goto finish; |
4270 | } |
4271 | |
4272 | for (i = 0; i < header->ncmds; i++) { |
4273 | if (load_cmd->cmd == LC_UUID) { |
4274 | uuid_cmd = (struct uuid_command *)load_cmd; |
4275 | result = OSData::withBytes(uuid_cmd->uuid, sizeof(uuid_cmd->uuid)); |
4276 | goto finish; |
4277 | } |
4278 | load_cmd = (struct load_command *)((caddr_t)load_cmd + load_cmd->cmdsize); |
4279 | } |
4280 | |
4281 | finish: |
4282 | return result; |
4283 | } |
4284 | |
4285 | /********************************************************************* |
4286 | *********************************************************************/ |
4287 | #if defined (__arm__) |
4288 | #include <arm/arch.h> |
4289 | #endif |
4290 | |
4291 | #if defined (__x86_64__) |
4292 | #define ARCHNAME "x86_64" |
4293 | #elif defined (__arm64__) |
4294 | #define ARCHNAME "arm64" |
4295 | #elif defined (__arm__) |
4296 | |
4297 | #if defined (__ARM_ARCH_7S__) |
4298 | #define ARCHNAME "armv7s" |
4299 | #elif defined (__ARM_ARCH_7F__) |
4300 | #define ARCHNAME "armv7f" |
4301 | #elif defined (__ARM_ARCH_7K__) |
4302 | #define ARCHNAME "armv7k" |
4303 | #elif defined (_ARM_ARCH_7) /* umbrella for all remaining */ |
4304 | #define ARCHNAME "armv7" |
4305 | #elif defined (_ARM_ARCH_6) /* umbrella for all armv6 */ |
4306 | #define ARCHNAME "armv6" |
4307 | #endif |
4308 | |
4309 | #elif defined (__arm64__) |
4310 | #define ARCHNAME "arm64" |
4311 | #else |
4312 | #error architecture not supported |
4313 | #endif |
4314 | |
4315 | #define ARCH_SEPARATOR_CHAR '_' |
4316 | |
4317 | static char * makeHostArchKey(const char * key, uint32_t * keySizeOut) |
4318 | { |
4319 | char * result = NULL; |
4320 | uint32_t keyLength = strlen(key); |
4321 | uint32_t keySize; |
4322 | |
4323 | /* Add 1 for the ARCH_SEPARATOR_CHAR, and 1 for the '\0'. |
4324 | */ |
4325 | keySize = 1 + 1 + strlen(key) + strlen(ARCHNAME); |
4326 | result = (char *)kalloc_tag(keySize, VM_KERN_MEMORY_OSKEXT); |
4327 | if (!result) { |
4328 | goto finish; |
4329 | } |
4330 | strlcpy(result, key, keySize); |
4331 | result[keyLength++] = ARCH_SEPARATOR_CHAR; |
4332 | result[keyLength] = '\0'; |
4333 | strlcat(result, ARCHNAME, keySize); |
4334 | *keySizeOut = keySize; |
4335 | |
4336 | finish: |
4337 | return result; |
4338 | } |
4339 | |
4340 | /********************************************************************* |
4341 | *********************************************************************/ |
4342 | OSObject * |
4343 | OSKext::getPropertyForHostArch(const char * key) |
4344 | { |
4345 | OSObject * result = NULL; // do not release |
4346 | uint32_t hostArchKeySize = 0; |
4347 | char * hostArchKey = NULL; // must kfree |
4348 | |
4349 | if (!key || !infoDict) { |
4350 | goto finish; |
4351 | } |
4352 | |
4353 | /* Some properties are not allowed to be arch-variant: |
4354 | * - Any CFBundle... property. |
4355 | * - OSBundleIsInterface. |
4356 | * - OSKernelResource. |
4357 | */ |
4358 | if (STRING_HAS_PREFIX(key, "OS" ) || |
4359 | STRING_HAS_PREFIX(key, "IO" )) { |
4360 | |
4361 | hostArchKey = makeHostArchKey(key, &hostArchKeySize); |
4362 | if (!hostArchKey) { |
4363 | OSKextLog(/* kext (this isn't about a kext) */ NULL, |
4364 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
4365 | "Allocation failure." ); |
4366 | goto finish; |
4367 | } |
4368 | result = infoDict->getObject(hostArchKey); |
4369 | } |
4370 | |
4371 | if (!result) { |
4372 | result = infoDict->getObject(key); |
4373 | } |
4374 | |
4375 | finish: |
4376 | if (hostArchKey) kfree(hostArchKey, hostArchKeySize); |
4377 | return result; |
4378 | } |
4379 | |
4380 | #if PRAGMA_MARK |
4381 | #pragma mark Load/Start/Stop/Unload |
4382 | #endif |
4383 | |
4384 | #define isWhiteSpace(c) ((c) == ' ' || (c) == '\t' || (c) == '\r' || (c) == ',' || (c) == '\n') |
4385 | |
4386 | /********************************************************************* |
4387 | * sExcludeListByID is a dictionary with keys / values of: |
4388 | * key = bundleID string of kext we will not allow to load |
4389 | * value = version string(s) of the kext that is to be denied loading. |
4390 | * The version strings can be comma delimited. For example if kext |
4391 | * com.foocompany.fookext has two versions that we want to deny |
4392 | * loading then the version strings might look like: |
4393 | * 1.0.0, 1.0.1 |
4394 | * If the current fookext has a version of 1.0.0 OR 1.0.1 we will |
4395 | * not load the kext. |
4396 | * |
4397 | * Value may also be in the form of "LE 2.0.0" (version numbers |
4398 | * less than or equal to 2.0.0 will not load) or "LT 2.0.0" (version |
4399 | * number less than 2.0.0 will not load) |
4400 | * |
4401 | * NOTE - we cannot use the characters "<=" or "<" because we have code |
4402 | * that serializes plists and treats '<' as a special character. |
4403 | *********************************************************************/ |
4404 | bool |
4405 | OSKext::isInExcludeList(void) |
4406 | { |
4407 | OSString * versionString = NULL; // do not release |
4408 | char * versionCString = NULL; // do not free |
4409 | size_t i; |
4410 | boolean_t wantLessThan = false; |
4411 | boolean_t wantLessThanEqualTo = false; |
4412 | boolean_t isInExcludeList = true; |
4413 | char myBuffer[32]; |
4414 | |
4415 | IORecursiveLockLock(sKextLock); |
4416 | |
4417 | if (!sExcludeListByID) { |
4418 | isInExcludeList = false; |
4419 | } else { |
4420 | /* look up by bundleID in our exclude list and if found get version |
4421 | * string (or strings) that we will not allow to load |
4422 | */ |
4423 | versionString = OSDynamicCast(OSString, sExcludeListByID->getObject(bundleID)); |
4424 | if (versionString == NULL || versionString->getLength() > (sizeof(myBuffer) - 1)) { |
4425 | isInExcludeList = false; |
4426 | } |
4427 | } |
4428 | |
4429 | IORecursiveLockUnlock(sKextLock); |
4430 | |
4431 | if (!isInExcludeList) { |
4432 | return(false); |
4433 | } |
4434 | |
4435 | /* parse version strings */ |
4436 | versionCString = (char *) versionString->getCStringNoCopy(); |
4437 | |
4438 | /* look for "LT" or "LE" form of version string, must be in first two |
4439 | * positions. |
4440 | */ |
4441 | if (*versionCString == 'L' && *(versionCString + 1) == 'T') { |
4442 | wantLessThan = true; |
4443 | versionCString +=2; |
4444 | } |
4445 | else if (*versionCString == 'L' && *(versionCString + 1) == 'E') { |
4446 | wantLessThanEqualTo = true; |
4447 | versionCString +=2; |
4448 | } |
4449 | |
4450 | for (i = 0; *versionCString != 0x00; versionCString++) { |
4451 | /* skip whitespace */ |
4452 | if (isWhiteSpace(*versionCString)) { |
4453 | continue; |
4454 | } |
4455 | |
4456 | /* peek ahead for version string separator or null terminator */ |
4457 | if (*(versionCString + 1) == ',' || *(versionCString + 1) == 0x00) { |
4458 | |
4459 | /* OK, we have a version string */ |
4460 | myBuffer[i++] = *versionCString; |
4461 | myBuffer[i] = 0x00; |
4462 | |
4463 | OSKextVersion excludeVers; |
4464 | excludeVers = OSKextParseVersionString(myBuffer); |
4465 | |
4466 | if (wantLessThanEqualTo) { |
4467 | if (version <= excludeVers) { |
4468 | return(true); |
4469 | } |
4470 | } |
4471 | else if (wantLessThan) { |
4472 | if (version < excludeVers) { |
4473 | return(true); |
4474 | } |
4475 | } |
4476 | else if ( version == excludeVers ) { |
4477 | return(true); |
4478 | } |
4479 | |
4480 | /* reset for the next (if any) version string */ |
4481 | i = 0; |
4482 | wantLessThan = false; |
4483 | wantLessThanEqualTo = false; |
4484 | } |
4485 | else { |
4486 | /* save valid version character */ |
4487 | myBuffer[i++] = *versionCString; |
4488 | |
4489 | /* make sure bogus version string doesn't overrun local buffer */ |
4490 | if ( i >= sizeof(myBuffer) ) { |
4491 | break; |
4492 | } |
4493 | } |
4494 | } |
4495 | |
4496 | return(false); |
4497 | } |
4498 | |
4499 | /********************************************************************* |
4500 | *********************************************************************/ |
4501 | /* static */ |
4502 | OSReturn |
4503 | OSKext::loadKextWithIdentifier( |
4504 | const char * kextIdentifierCString, |
4505 | Boolean allowDeferFlag, |
4506 | Boolean delayAutounloadFlag, |
4507 | OSKextExcludeLevel startOpt, |
4508 | OSKextExcludeLevel startMatchingOpt, |
4509 | OSArray * personalityNames) |
4510 | { |
4511 | OSReturn result = kOSReturnError; |
4512 | OSString * kextIdentifier = NULL; // must release |
4513 | |
4514 | kextIdentifier = OSString::withCString(kextIdentifierCString); |
4515 | if (!kextIdentifier) { |
4516 | result = kOSKextReturnNoMemory; |
4517 | goto finish; |
4518 | } |
4519 | result = OSKext::loadKextWithIdentifier(kextIdentifier, |
4520 | allowDeferFlag, delayAutounloadFlag, |
4521 | startOpt, startMatchingOpt, personalityNames); |
4522 | |
4523 | finish: |
4524 | OSSafeReleaseNULL(kextIdentifier); |
4525 | return result; |
4526 | } |
4527 | |
4528 | /********************************************************************* |
4529 | *********************************************************************/ |
4530 | OSReturn |
4531 | OSKext::loadKextWithIdentifier( |
4532 | OSString * kextIdentifier, |
4533 | Boolean allowDeferFlag, |
4534 | Boolean delayAutounloadFlag, |
4535 | OSKextExcludeLevel startOpt, |
4536 | OSKextExcludeLevel startMatchingOpt, |
4537 | OSArray * personalityNames) |
4538 | { |
4539 | OSReturn result = kOSReturnError; |
4540 | OSReturn pingResult = kOSReturnError; |
4541 | OSKext * theKext = NULL; // do not release |
4542 | OSDictionary * loadRequest = NULL; // must release |
4543 | const OSSymbol * kextIdentifierSymbol = NULL; // must release |
4544 | |
4545 | IORecursiveLockLock(sKextLock); |
4546 | |
4547 | if (!kextIdentifier) { |
4548 | result = kOSKextReturnInvalidArgument; |
4549 | goto finish; |
4550 | } |
4551 | |
4552 | OSKext::recordIdentifierRequest(kextIdentifier); |
4553 | |
4554 | theKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextIdentifier)); |
4555 | if (!theKext) { |
4556 | if (!allowDeferFlag) { |
4557 | OSKextLog(/* kext */ NULL, |
4558 | kOSKextLogErrorLevel | |
4559 | kOSKextLogLoadFlag, |
4560 | "Can't load kext %s - not found." , |
4561 | kextIdentifier->getCStringNoCopy()); |
4562 | goto finish; |
4563 | } |
4564 | |
4565 | if (!sKernelRequestsEnabled) { |
4566 | OSKextLog(theKext, |
4567 | kOSKextLogErrorLevel | |
4568 | kOSKextLogLoadFlag, |
4569 | "Can't load kext %s - requests to user space are disabled." , |
4570 | kextIdentifier->getCStringNoCopy()); |
4571 | result = kOSKextReturnDisabled; |
4572 | goto finish; |
4573 | } |
4574 | |
4575 | /* Create a new request unless one is already sitting |
4576 | * in sKernelRequests for this bundle identifier |
4577 | */ |
4578 | kextIdentifierSymbol = OSSymbol::withString(kextIdentifier); |
4579 | if (!sPostedKextLoadIdentifiers->containsObject(kextIdentifierSymbol)) { |
4580 | result = _OSKextCreateRequest(kKextRequestPredicateRequestLoad, |
4581 | &loadRequest); |
4582 | if (result != kOSReturnSuccess) { |
4583 | goto finish; |
4584 | } |
4585 | if (!_OSKextSetRequestArgument(loadRequest, |
4586 | kKextRequestArgumentBundleIdentifierKey, kextIdentifier)) { |
4587 | |
4588 | result = kOSKextReturnNoMemory; |
4589 | goto finish; |
4590 | } |
4591 | if (!sKernelRequests->setObject(loadRequest)) { |
4592 | result = kOSKextReturnNoMemory; |
4593 | goto finish; |
4594 | } |
4595 | |
4596 | if (!sPostedKextLoadIdentifiers->setObject(kextIdentifierSymbol)) { |
4597 | result = kOSKextReturnNoMemory; |
4598 | goto finish; |
4599 | } |
4600 | |
4601 | OSKextLog(theKext, |
4602 | kOSKextLogDebugLevel | |
4603 | kOSKextLogLoadFlag, |
4604 | "Kext %s not found; queued load request to user space." , |
4605 | kextIdentifier->getCStringNoCopy()); |
4606 | } |
4607 | |
4608 | pingResult = OSKext::pingKextd(); |
4609 | if (pingResult == kOSKextReturnDisabled) { |
4610 | OSKextLog(/* kext */ NULL, |
4611 | ((sPrelinkBoot) ? kOSKextLogDebugLevel : kOSKextLogErrorLevel) | |
4612 | kOSKextLogLoadFlag, |
4613 | "Kext %s might not load - kextd is currently unavailable." , |
4614 | kextIdentifier->getCStringNoCopy()); |
4615 | } |
4616 | |
4617 | result = kOSKextReturnDeferred; |
4618 | goto finish; |
4619 | } |
4620 | |
4621 | result = theKext->load(startOpt, startMatchingOpt, personalityNames); |
4622 | |
4623 | if (result != kOSReturnSuccess) { |
4624 | OSKextLog(theKext, |
4625 | kOSKextLogErrorLevel | |
4626 | kOSKextLogLoadFlag, |
4627 | "Failed to load kext %s (error 0x%x)." , |
4628 | kextIdentifier->getCStringNoCopy(), (int)result); |
4629 | |
4630 | OSKext::removeKext(theKext, |
4631 | /* terminateService/removePersonalities */ true); |
4632 | goto finish; |
4633 | } |
4634 | |
4635 | if (delayAutounloadFlag) { |
4636 | OSKextLog(theKext, |
4637 | kOSKextLogProgressLevel | |
4638 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
4639 | "Setting delayed autounload for %s." , |
4640 | kextIdentifier->getCStringNoCopy()); |
4641 | theKext->flags.delayAutounload = 1; |
4642 | } |
4643 | |
4644 | finish: |
4645 | OSSafeReleaseNULL(loadRequest); |
4646 | OSSafeReleaseNULL(kextIdentifierSymbol); |
4647 | |
4648 | IORecursiveLockUnlock(sKextLock); |
4649 | |
4650 | return result; |
4651 | } |
4652 | |
4653 | /********************************************************************* |
4654 | *********************************************************************/ |
4655 | /* static */ |
4656 | void |
4657 | OSKext::recordIdentifierRequest( |
4658 | OSString * kextIdentifier) |
4659 | { |
4660 | const OSSymbol * kextIdentifierSymbol = NULL; // must release |
4661 | bool fail = false; |
4662 | |
4663 | if (!sAllKextLoadIdentifiers || !kextIdentifier) { |
4664 | goto finish; |
4665 | } |
4666 | |
4667 | kextIdentifierSymbol = OSSymbol::withString(kextIdentifier); |
4668 | if (!kextIdentifierSymbol) { |
4669 | // xxx - this is really a basic alloc failure |
4670 | fail = true; |
4671 | goto finish; |
4672 | } |
4673 | |
4674 | IORecursiveLockLock(sKextLock); |
4675 | if (!sAllKextLoadIdentifiers->containsObject(kextIdentifierSymbol)) { |
4676 | if (!sAllKextLoadIdentifiers->setObject(kextIdentifierSymbol)) { |
4677 | fail = true; |
4678 | } else { |
4679 | // xxx - need to find a way to associate this whole func w/the kext |
4680 | OSKextLog(/* kext */ NULL, |
4681 | // xxx - check level |
4682 | kOSKextLogStepLevel | |
4683 | kOSKextLogArchiveFlag, |
4684 | "Recorded kext %s as a candidate for inclusion in prelinked kernel." , |
4685 | kextIdentifier->getCStringNoCopy()); |
4686 | } |
4687 | } |
4688 | IORecursiveLockUnlock(sKextLock); |
4689 | |
4690 | finish: |
4691 | |
4692 | if (fail) { |
4693 | OSKextLog(/* kext */ NULL, |
4694 | kOSKextLogErrorLevel | |
4695 | kOSKextLogArchiveFlag, |
4696 | "Failed to record kext %s as a candidate for inclusion in prelinked kernel." , |
4697 | kextIdentifier->getCStringNoCopy()); |
4698 | } |
4699 | OSSafeReleaseNULL(kextIdentifierSymbol); |
4700 | return; |
4701 | } |
4702 | |
4703 | /********************************************************************* |
4704 | *********************************************************************/ |
4705 | OSReturn |
4706 | OSKext::load( |
4707 | OSKextExcludeLevel startOpt, |
4708 | OSKextExcludeLevel startMatchingOpt, |
4709 | OSArray * personalityNames) |
4710 | { |
4711 | OSReturn result = kOSReturnError; |
4712 | kern_return_t kxldResult; |
4713 | OSKextExcludeLevel dependenciesStartOpt = startOpt; |
4714 | OSKextExcludeLevel dependenciesStartMatchingOpt = startMatchingOpt; |
4715 | unsigned int i, count; |
4716 | Boolean alreadyLoaded = false; |
4717 | OSKext * lastLoadedKext = NULL; |
4718 | |
4719 | if (isInExcludeList()) { |
4720 | OSKextLog(this, |
4721 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag | |
4722 | kOSKextLogLoadFlag, |
4723 | "Kext %s is in exclude list, not loadable" , |
4724 | getIdentifierCString()); |
4725 | |
4726 | result = kOSKextReturnNotLoadable; |
4727 | goto finish; |
4728 | } |
4729 | |
4730 | if (isLoaded()) { |
4731 | alreadyLoaded = true; |
4732 | result = kOSReturnSuccess; |
4733 | |
4734 | OSKextLog(this, |
4735 | kOSKextLogDebugLevel | |
4736 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
4737 | "Kext %s is already loaded." , |
4738 | getIdentifierCString()); |
4739 | goto loaded; |
4740 | } |
4741 | |
4742 | #if CONFIG_MACF |
4743 | if (current_task() != kernel_task) { |
4744 | int macCheckResult = 0; |
4745 | kauth_cred_t cred = NULL; |
4746 | |
4747 | cred = kauth_cred_get_with_ref(); |
4748 | macCheckResult = mac_kext_check_load(cred, getIdentifierCString()); |
4749 | kauth_cred_unref(&cred); |
4750 | |
4751 | if (macCheckResult != 0) { |
4752 | result = kOSReturnError; |
4753 | OSKextLog(this, |
4754 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
4755 | "Failed to load kext %s (MAC policy error 0x%x)." , |
4756 | getIdentifierCString(), macCheckResult); |
4757 | goto finish; |
4758 | } |
4759 | } |
4760 | #endif |
4761 | |
4762 | if (!sLoadEnabled) { |
4763 | OSKextLog(this, |
4764 | kOSKextLogErrorLevel | |
4765 | kOSKextLogLoadFlag, |
4766 | "Kext loading is disabled (attempt to load kext %s)." , |
4767 | getIdentifierCString()); |
4768 | result = kOSKextReturnDisabled; |
4769 | goto finish; |
4770 | } |
4771 | |
4772 | /* If we've pushed the next available load tag to the invalid value, |
4773 | * we can't load any more kexts. |
4774 | */ |
4775 | if (sNextLoadTag == kOSKextInvalidLoadTag) { |
4776 | OSKextLog(this, |
4777 | kOSKextLogErrorLevel | |
4778 | kOSKextLogLoadFlag, |
4779 | "Can't load kext %s - no more load tags to assign." , |
4780 | getIdentifierCString()); |
4781 | result = kOSKextReturnNoResources; |
4782 | goto finish; |
4783 | } |
4784 | |
4785 | /* This is a bit of a hack, because we shouldn't be handling |
4786 | * personalities within the load function. |
4787 | */ |
4788 | if (!declaresExecutable()) { |
4789 | /* There is a special case where a non-executable kext can be loaded: the |
4790 | * AppleKextExcludeList. Detect that special kext by bundle identifier and |
4791 | * load its metadata into the global data structures, if appropriate |
4792 | */ |
4793 | if (strcmp(getIdentifierCString(), "com.apple.driver.KextExcludeList" ) == 0) { |
4794 | boolean_t updated = updateExcludeList(infoDict); |
4795 | if (updated) { |
4796 | OSKextLog(this, |
4797 | kOSKextLogDebugLevel | kOSKextLogLoadFlag, |
4798 | "KextExcludeList was updated to version: %lld" , sExcludeListVersion); |
4799 | } |
4800 | } |
4801 | result = kOSReturnSuccess; |
4802 | goto loaded; |
4803 | } |
4804 | |
4805 | /* Are we in safe boot? |
4806 | */ |
4807 | if (sSafeBoot && !isLoadableInSafeBoot()) { |
4808 | OSKextLog(this, |
4809 | kOSKextLogErrorLevel | |
4810 | kOSKextLogLoadFlag, |
4811 | "Can't load kext %s - not loadable during safe boot." , |
4812 | getIdentifierCString()); |
4813 | result = kOSKextReturnBootLevel; |
4814 | goto finish; |
4815 | } |
4816 | |
4817 | OSKextLog(this, |
4818 | kOSKextLogProgressLevel | kOSKextLogLoadFlag, |
4819 | "Loading kext %s." , |
4820 | getIdentifierCString()); |
4821 | |
4822 | if (!sKxldContext) { |
4823 | kxldResult = kxld_create_context(&sKxldContext, &kern_allocate, |
4824 | &kxld_log_callback, /* Flags */ (KXLDFlags) 0, |
4825 | /* cputype */ 0, /* cpusubtype */ 0, /* page size */ 0); |
4826 | if (kxldResult) { |
4827 | OSKextLog(this, |
4828 | kOSKextLogErrorLevel | |
4829 | kOSKextLogLoadFlag | kOSKextLogLinkFlag, |
4830 | "Can't load kext %s - failed to create link context." , |
4831 | getIdentifierCString()); |
4832 | result = kOSKextReturnNoMemory; |
4833 | goto finish; |
4834 | } |
4835 | } |
4836 | |
4837 | /* We only need to resolve dependencies once for the whole graph, but |
4838 | * resolveDependencies will just return if there's no work to do, so it's |
4839 | * safe to call it more than once. |
4840 | */ |
4841 | if (!resolveDependencies()) { |
4842 | // xxx - check resolveDependencies() for log msg |
4843 | OSKextLog(this, |
4844 | kOSKextLogErrorLevel | |
4845 | kOSKextLogLoadFlag | kOSKextLogDependenciesFlag, |
4846 | "Can't load kext %s - failed to resolve library dependencies." , |
4847 | getIdentifierCString()); |
4848 | result = kOSKextReturnDependencies; |
4849 | goto finish; |
4850 | } |
4851 | |
4852 | /* If we are excluding just the kext being loaded now (and not its |
4853 | * dependencies), drop the exclusion level to none so dependencies |
4854 | * start and/or add their personalities. |
4855 | */ |
4856 | if (dependenciesStartOpt == kOSKextExcludeKext) { |
4857 | dependenciesStartOpt = kOSKextExcludeNone; |
4858 | } |
4859 | |
4860 | if (dependenciesStartMatchingOpt == kOSKextExcludeKext) { |
4861 | dependenciesStartMatchingOpt = kOSKextExcludeNone; |
4862 | } |
4863 | |
4864 | /* Load the dependencies, recursively. |
4865 | */ |
4866 | count = getNumDependencies(); |
4867 | for (i = 0; i < count; i++) { |
4868 | OSKext * dependency = OSDynamicCast(OSKext, |
4869 | dependencies->getObject(i)); |
4870 | if (dependency == NULL) { |
4871 | OSKextLog(this, |
4872 | kOSKextLogErrorLevel | |
4873 | kOSKextLogLoadFlag | kOSKextLogDependenciesFlag, |
4874 | "Internal error loading kext %s; dependency disappeared." , |
4875 | getIdentifierCString()); |
4876 | result = kOSKextReturnInternalError; |
4877 | goto finish; |
4878 | } |
4879 | |
4880 | /* Dependencies must be started accorting to the opt, |
4881 | * but not given the personality names of the main kext. |
4882 | */ |
4883 | result = dependency->load(dependenciesStartOpt, |
4884 | dependenciesStartMatchingOpt, |
4885 | /* personalityNames */ NULL); |
4886 | if (result != KERN_SUCCESS) { |
4887 | OSKextLog(this, |
4888 | kOSKextLogErrorLevel | |
4889 | kOSKextLogLoadFlag | kOSKextLogDependenciesFlag, |
4890 | "Dependency %s of kext %s failed to load." , |
4891 | dependency->getIdentifierCString(), |
4892 | getIdentifierCString()); |
4893 | |
4894 | OSKext::removeKext(dependency, |
4895 | /* terminateService/removePersonalities */ true); |
4896 | result = kOSKextReturnDependencyLoadError; |
4897 | |
4898 | goto finish; |
4899 | } |
4900 | } |
4901 | |
4902 | result = loadExecutable(); |
4903 | if (result != KERN_SUCCESS) { |
4904 | goto finish; |
4905 | } |
4906 | |
4907 | pendingPgoHead.next = &pendingPgoHead; |
4908 | pendingPgoHead.prev = &pendingPgoHead; |
4909 | |
4910 | // The kernel PRNG is not initialized when the first kext is |
4911 | // loaded, so use early random |
4912 | uuid_generate_early_random(instance_uuid); |
4913 | account = IONew(OSKextAccount, 1); |
4914 | if (!account) { |
4915 | result = KERN_MEMORY_ERROR; |
4916 | goto finish; |
4917 | } |
4918 | bzero(account, sizeof(*account)); |
4919 | account->loadTag = kmod_info->id; |
4920 | account->site.refcount = 0; |
4921 | account->site.flags = VM_TAG_KMOD; |
4922 | account->kext = this; |
4923 | if (gIOSurfaceIdentifier == bundleID) { |
4924 | vm_tag_alloc(&account->site); |
4925 | gIOSurfaceTag = account->site.tag; |
4926 | } |
4927 | |
4928 | flags.loaded = true; |
4929 | |
4930 | /* Add the kext to the list of loaded kexts and update the kmod_info |
4931 | * struct to point to that of the last loaded kext (which is the way |
4932 | * it's always been done, though I'd rather do them in order now). |
4933 | */ |
4934 | lastLoadedKext = OSDynamicCast(OSKext, sLoadedKexts->getLastObject()); |
4935 | sLoadedKexts->setObject(this); |
4936 | |
4937 | /* Keep the kernel itself out of the kmod list. |
4938 | */ |
4939 | if (lastLoadedKext->isKernel()) { |
4940 | lastLoadedKext = NULL; |
4941 | } |
4942 | |
4943 | if (lastLoadedKext) { |
4944 | kmod_info->next = lastLoadedKext->kmod_info; |
4945 | } |
4946 | |
4947 | notifyKextLoadObservers(this, kmod_info); |
4948 | |
4949 | /* Make the global kmod list point at the just-loaded kext. Note that the |
4950 | * __kernel__ kext isn't in this list, as it wasn't before SnowLeopard, |
4951 | * although we do report it in kextstat these days by using the newer |
4952 | * OSArray of loaded kexts, which does contain it. |
4953 | * |
4954 | * (The OSKext object representing the kernel doesn't even have a kmod_info |
4955 | * struct, though I suppose we could stick a pointer to it from the |
4956 | * static struct in OSRuntime.cpp.) |
4957 | */ |
4958 | kmod = kmod_info; |
4959 | |
4960 | /* Save the list of loaded kexts in case we panic. |
4961 | */ |
4962 | OSKext::saveLoadedKextPanicList(); |
4963 | |
4964 | if (isExecutable()) { |
4965 | OSKext::updateLoadedKextSummaries(); |
4966 | savePanicString(/* isLoading */ true); |
4967 | |
4968 | #if CONFIG_DTRACE |
4969 | registerWithDTrace(); |
4970 | #else |
4971 | jettisonLinkeditSegment(); |
4972 | #endif /* CONFIG_DTRACE */ |
4973 | |
4974 | #if !VM_MAPPED_KEXTS |
4975 | /* If there is a page (or more) worth of padding after the end |
4976 | * of the last data section but before the end of the data segment |
4977 | * then free it in the same manner the LinkeditSegment is freed |
4978 | */ |
4979 | jettisonDATASegmentPadding(); |
4980 | #endif |
4981 | } |
4982 | |
4983 | loaded: |
4984 | if (isExecutable() && !flags.started) { |
4985 | if (startOpt == kOSKextExcludeNone) { |
4986 | result = start(); |
4987 | if (result != kOSReturnSuccess) { |
4988 | OSKextLog(this, |
4989 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
4990 | "Kext %s start failed (result 0x%x)." , |
4991 | getIdentifierCString(), result); |
4992 | result = kOSKextReturnStartStopError; |
4993 | } |
4994 | } |
4995 | } |
4996 | |
4997 | /* If not excluding matching, send the personalities to the kernel. |
4998 | * This never affects the result of the load operation. |
4999 | * This is a bit of a hack, because we shouldn't be handling |
5000 | * personalities within the load function. |
5001 | */ |
5002 | if (result == kOSReturnSuccess && startMatchingOpt == kOSKextExcludeNone) { |
5003 | result = sendPersonalitiesToCatalog(true, personalityNames); |
5004 | } |
5005 | |
5006 | finish: |
5007 | |
5008 | /* More hack! If the kext doesn't declare an executable, even if we |
5009 | * "loaded" it, we have to remove any personalities naming it, or we'll |
5010 | * never see the registry go quiet. Errors here do not count for the |
5011 | * load operation itself. |
5012 | * |
5013 | * Note that in every other regard it's perfectly ok for a kext to |
5014 | * not declare an executable and serve only as a package for personalities |
5015 | * naming another kext, so we do have to allow such kexts to be "loaded" |
5016 | * so that those other personalities get added & matched. |
5017 | */ |
5018 | if (!declaresExecutable()) { |
5019 | OSKextLog(this, |
5020 | kOSKextLogStepLevel | kOSKextLogLoadFlag, |
5021 | "Kext %s has no executable; removing any personalities naming it." , |
5022 | getIdentifierCString()); |
5023 | removePersonalitiesFromCatalog(); |
5024 | } |
5025 | |
5026 | if (result != kOSReturnSuccess) { |
5027 | OSKextLog(this, |
5028 | kOSKextLogErrorLevel | |
5029 | kOSKextLogLoadFlag, |
5030 | "Kext %s failed to load (0x%x)." , |
5031 | getIdentifierCString(), (int)result); |
5032 | } else if (!alreadyLoaded) { |
5033 | OSKextLog(this, |
5034 | kOSKextLogProgressLevel | |
5035 | kOSKextLogLoadFlag, |
5036 | "Kext %s loaded." , |
5037 | getIdentifierCString()); |
5038 | |
5039 | queueKextNotification(kKextRequestPredicateLoadNotification, |
5040 | OSDynamicCast(OSString, bundleID)); |
5041 | } |
5042 | return result; |
5043 | } |
5044 | |
5045 | /********************************************************************* |
5046 | * |
5047 | *********************************************************************/ |
5048 | static char * strdup(const char * string) |
5049 | { |
5050 | char * result = NULL; |
5051 | size_t size; |
5052 | |
5053 | if (!string) { |
5054 | goto finish; |
5055 | } |
5056 | |
5057 | size = 1 + strlen(string); |
5058 | result = (char *)kalloc_tag(size, VM_KERN_MEMORY_OSKEXT); |
5059 | if (!result) { |
5060 | goto finish; |
5061 | } |
5062 | |
5063 | memcpy(result, string, size); |
5064 | |
5065 | finish: |
5066 | return result; |
5067 | } |
5068 | |
5069 | /********************************************************************* |
5070 | * |
5071 | *********************************************************************/ |
5072 | |
5073 | kernel_section_t * |
5074 | OSKext::lookupSection(const char *segname, const char *secname) |
5075 | { |
5076 | kernel_section_t * found_section = NULL; |
5077 | kernel_mach_header_t * mh = NULL; |
5078 | kernel_segment_command_t * seg = NULL; |
5079 | kernel_section_t * sec = NULL; |
5080 | |
5081 | if (!linkedExecutable) return (NULL); |
5082 | |
5083 | mh = (kernel_mach_header_t *)linkedExecutable->getBytesNoCopy(); |
5084 | |
5085 | for (seg = firstsegfromheader(mh); seg != NULL; seg = nextsegfromheader(mh, seg)) { |
5086 | |
5087 | if (0 != strcmp(seg->segname, segname)) { |
5088 | continue; |
5089 | } |
5090 | |
5091 | for (sec = firstsect(seg); sec != NULL; sec = nextsect(seg, sec)) { |
5092 | |
5093 | if (0 == strcmp(sec->sectname, secname)) { |
5094 | found_section = sec; |
5095 | goto out; |
5096 | } |
5097 | } |
5098 | } |
5099 | |
5100 | out: |
5101 | return found_section; |
5102 | } |
5103 | |
5104 | /********************************************************************* |
5105 | * |
5106 | *********************************************************************/ |
5107 | |
5108 | OSReturn |
5109 | OSKext::slidePrelinkedExecutable(bool doCoalesedSlides) |
5110 | { |
5111 | OSReturn result = kOSKextReturnBadData; |
5112 | kernel_mach_header_t * mh = NULL; |
5113 | kernel_segment_command_t * seg = NULL; |
5114 | kernel_segment_command_t * linkeditSeg = NULL; |
5115 | kernel_section_t * sec = NULL; |
5116 | char * linkeditBase = NULL; |
5117 | bool haveLinkeditBase = false; |
5118 | char * relocBase = NULL; |
5119 | bool haveRelocBase = false; |
5120 | struct dysymtab_command * dysymtab = NULL; |
5121 | struct linkedit_data_command * segmentSplitInfo = NULL; |
5122 | struct symtab_command * symtab = NULL; |
5123 | kernel_nlist_t * sym = NULL; |
5124 | struct relocation_info * reloc = NULL; |
5125 | uint32_t i = 0; |
5126 | int reloc_size; |
5127 | vm_offset_t new_kextsize; |
5128 | |
5129 | if (linkedExecutable == NULL || flags.builtin) { |
5130 | result = kOSReturnSuccess; |
5131 | goto finish; |
5132 | } |
5133 | |
5134 | mh = (kernel_mach_header_t *)linkedExecutable->getBytesNoCopy(); |
5135 | segmentSplitInfo = (struct linkedit_data_command *) getcommandfromheader(mh, LC_SEGMENT_SPLIT_INFO); |
5136 | |
5137 | for (seg = firstsegfromheader(mh); seg != NULL; seg = nextsegfromheader(mh, seg)) { |
5138 | if (!seg->vmaddr) { |
5139 | continue; |
5140 | } |
5141 | |
5142 | seg->vmaddr = ml_static_slide(seg->vmaddr); |
5143 | |
5144 | #if KASLR_KEXT_DEBUG |
5145 | IOLog("kaslr: segname %s unslid 0x%lx slid 0x%lx \n" , |
5146 | seg->segname, |
5147 | (unsigned long)ml_static_unslide(seg->vmaddr), |
5148 | (unsigned long)seg->vmaddr); |
5149 | #endif |
5150 | |
5151 | if (!haveRelocBase) { |
5152 | relocBase = (char *) seg->vmaddr; |
5153 | haveRelocBase = true; |
5154 | } |
5155 | if (!strcmp(seg->segname, "__LINKEDIT" )) { |
5156 | linkeditBase = (char *) seg->vmaddr - seg->fileoff; |
5157 | haveLinkeditBase = true; |
5158 | linkeditSeg = seg; |
5159 | } |
5160 | for (sec = firstsect(seg); sec != NULL; sec = nextsect(seg, sec)) { |
5161 | sec->addr = ml_static_slide(sec->addr); |
5162 | |
5163 | #if KASLR_KEXT_DEBUG |
5164 | IOLog("kaslr: sectname %s unslid 0x%lx slid 0x%lx \n" , |
5165 | sec->sectname, |
5166 | (unsigned long)ml_static_unslide(sec->addr), |
5167 | (unsigned long)sec->addr); |
5168 | #endif |
5169 | } |
5170 | } |
5171 | |
5172 | dysymtab = (struct dysymtab_command *) getcommandfromheader(mh, LC_DYSYMTAB); |
5173 | |
5174 | symtab = (struct symtab_command *) getcommandfromheader(mh, LC_SYMTAB); |
5175 | |
5176 | if (symtab != NULL && doCoalesedSlides == false) { |
5177 | /* Some pseudo-kexts have symbol tables without segments. |
5178 | * Ignore them. */ |
5179 | if (symtab->nsyms > 0 && haveLinkeditBase) { |
5180 | sym = (kernel_nlist_t *) (linkeditBase + symtab->symoff); |
5181 | for (i = 0; i < symtab->nsyms; i++) { |
5182 | if (sym[i].n_type & N_STAB) { |
5183 | continue; |
5184 | } |
5185 | sym[i].n_value = ml_static_slide(sym[i].n_value); |
5186 | |
5187 | #if KASLR_KEXT_DEBUG |
5188 | #define MAX_SYMS_TO_LOG 5 |
5189 | if ( i < MAX_SYMS_TO_LOG ) { |
5190 | IOLog("kaslr: LC_SYMTAB unslid 0x%lx slid 0x%lx \n" , |
5191 | (unsigned long)ml_static_unslide(sym[i].n_value), |
5192 | (unsigned long)sym[i].n_value); |
5193 | } |
5194 | #endif |
5195 | } |
5196 | } |
5197 | } |
5198 | |
5199 | if (dysymtab != NULL && doCoalesedSlides == false) { |
5200 | if (dysymtab->nextrel > 0) { |
5201 | OSKextLog(this, |
5202 | kOSKextLogErrorLevel | kOSKextLogLoadFlag | |
5203 | kOSKextLogLinkFlag, |
5204 | "Sliding kext %s: External relocations found." , |
5205 | getIdentifierCString()); |
5206 | goto finish; |
5207 | } |
5208 | |
5209 | if (dysymtab->nlocrel > 0) { |
5210 | if (!haveLinkeditBase) { |
5211 | OSKextLog(this, |
5212 | kOSKextLogErrorLevel | kOSKextLogLoadFlag | |
5213 | kOSKextLogLinkFlag, |
5214 | "Sliding kext %s: No linkedit segment." , |
5215 | getIdentifierCString()); |
5216 | goto finish; |
5217 | } |
5218 | |
5219 | if (!haveRelocBase) { |
5220 | OSKextLog(this, |
5221 | kOSKextLogErrorLevel | kOSKextLogLoadFlag | |
5222 | kOSKextLogLinkFlag, |
5223 | #if __x86_64__ |
5224 | "Sliding kext %s: No writable segments." , |
5225 | #else |
5226 | "Sliding kext %s: No segments." , |
5227 | #endif |
5228 | getIdentifierCString()); |
5229 | goto finish; |
5230 | } |
5231 | |
5232 | reloc = (struct relocation_info *) (linkeditBase + dysymtab->locreloff); |
5233 | reloc_size = dysymtab->nlocrel * sizeof(struct relocation_info); |
5234 | |
5235 | for (i = 0; i < dysymtab->nlocrel; i++) { |
5236 | if ( reloc[i].r_extern != 0 |
5237 | || reloc[i].r_type != 0 |
5238 | || reloc[i].r_length != (sizeof(void *) == 8 ? 3 : 2) |
5239 | ) { |
5240 | OSKextLog(this, |
5241 | kOSKextLogErrorLevel | kOSKextLogLoadFlag | |
5242 | kOSKextLogLinkFlag, |
5243 | "Sliding kext %s: Unexpected relocation found." , |
5244 | getIdentifierCString()); |
5245 | goto finish; |
5246 | } |
5247 | if (reloc[i].r_pcrel != 0) { |
5248 | continue; |
5249 | } |
5250 | uintptr_t *relocAddr = (uintptr_t*)(relocBase + reloc[i].r_address); |
5251 | *relocAddr = ml_static_slide(*relocAddr); |
5252 | |
5253 | #if KASLR_KEXT_DEBUG |
5254 | #define MAX_DYSYMS_TO_LOG 5 |
5255 | if ( i < MAX_DYSYMS_TO_LOG ) { |
5256 | IOLog("kaslr: LC_DYSYMTAB unslid 0x%lx slid 0x%lx \n" , |
5257 | (unsigned long)ml_static_unslide(*((uintptr_t *)(relocAddr))), |
5258 | (unsigned long)*((uintptr_t *)(relocBase + reloc[i].r_address))); |
5259 | } |
5260 | #endif |
5261 | } |
5262 | |
5263 | /* We should free these relocations, not just delete the reference to them. |
5264 | * <rdar://problem/10535549> Free relocations from PIE kexts. |
5265 | * |
5266 | * For now, we do not free LINKEDIT for kexts with split segments. |
5267 | */ |
5268 | new_kextsize = round_page(kmod_info->size - reloc_size); |
5269 | if (((kmod_info->size - new_kextsize) > PAGE_SIZE) && (!segmentSplitInfo)) { |
5270 | vm_offset_t endofkext = kmod_info->address + kmod_info->size; |
5271 | vm_offset_t new_endofkext = kmod_info->address + new_kextsize; |
5272 | vm_offset_t endofrelocInfo = (vm_offset_t) (((uint8_t *)reloc) + reloc_size); |
5273 | int bytes_remaining = endofkext - endofrelocInfo; |
5274 | OSData * new_osdata = NULL; |
5275 | |
5276 | /* fix up symbol offsets if they are after the dsymtab local relocs */ |
5277 | if (symtab) { |
5278 | if (dysymtab->locreloff < symtab->symoff){ |
5279 | symtab->symoff -= reloc_size; |
5280 | } |
5281 | if (dysymtab->locreloff < symtab->stroff) { |
5282 | symtab->stroff -= reloc_size; |
5283 | } |
5284 | } |
5285 | if (dysymtab->locreloff < dysymtab->extreloff) { |
5286 | dysymtab->extreloff -= reloc_size; |
5287 | } |
5288 | |
5289 | /* move data behind reloc info down to new offset */ |
5290 | if (endofrelocInfo < endofkext) { |
5291 | memcpy(reloc, (void *)endofrelocInfo, bytes_remaining); |
5292 | } |
5293 | |
5294 | /* Create a new OSData for the smaller kext object and reflect |
5295 | * new linkedit segment size. |
5296 | */ |
5297 | linkeditSeg->vmsize = round_page(linkeditSeg->vmsize - reloc_size); |
5298 | linkeditSeg->filesize = linkeditSeg->vmsize; |
5299 | |
5300 | new_osdata = OSData::withBytesNoCopy((void *)kmod_info->address, new_kextsize); |
5301 | if (new_osdata) { |
5302 | /* Fix up kmod info and linkedExecutable. |
5303 | */ |
5304 | kmod_info->size = new_kextsize; |
5305 | #if VM_MAPPED_KEXTS |
5306 | new_osdata->setDeallocFunction(osdata_kext_free); |
5307 | #else |
5308 | new_osdata->setDeallocFunction(osdata_phys_free); |
5309 | #endif |
5310 | linkedExecutable->setDeallocFunction(NULL); |
5311 | linkedExecutable->release(); |
5312 | linkedExecutable = new_osdata; |
5313 | |
5314 | #if VM_MAPPED_KEXTS |
5315 | kext_free(new_endofkext, (endofkext - new_endofkext)); |
5316 | #else |
5317 | ml_static_mfree(new_endofkext, (endofkext - new_endofkext)); |
5318 | #endif |
5319 | } |
5320 | } |
5321 | dysymtab->nlocrel = 0; |
5322 | dysymtab->locreloff = 0; |
5323 | } |
5324 | } |
5325 | |
5326 | result = kOSReturnSuccess; |
5327 | finish: |
5328 | return result; |
5329 | } |
5330 | |
5331 | /********************************************************************* |
5332 | * called only by load() |
5333 | *********************************************************************/ |
5334 | OSReturn |
5335 | OSKext::loadExecutable() |
5336 | { |
5337 | OSReturn result = kOSReturnError; |
5338 | kern_return_t kxldResult; |
5339 | KXLDDependency * kxlddeps = NULL; // must kfree |
5340 | uint32_t num_kxlddeps = 0; |
5341 | OSArray * linkDependencies = NULL; // must release |
5342 | uint32_t numDirectDependencies = 0; |
5343 | uint32_t num_kmod_refs = 0; |
5344 | struct mach_header ** = NULL; // do not free |
5345 | struct mach_header * = NULL; // xxx - need to free here? |
5346 | OSData * theExecutable = NULL; // do not release |
5347 | OSString * = NULL; // do not release |
5348 | const char * versCString = NULL; // do not free |
5349 | const char * string = NULL; // do not free |
5350 | unsigned int i; |
5351 | |
5352 | /* We need the version string for a variety of bits below. |
5353 | */ |
5354 | versString = OSDynamicCast(OSString, |
5355 | getPropertyForHostArch(kCFBundleVersionKey)); |
5356 | if (!versString) { |
5357 | goto finish; |
5358 | } |
5359 | versCString = versString->getCStringNoCopy(); |
5360 | |
5361 | if (isKernelComponent()) { |
5362 | if (STRING_HAS_PREFIX(versCString, KERNEL_LIB_PREFIX)) { |
5363 | |
5364 | if (strncmp(versCString, KERNEL6_VERSION, strlen(KERNEL6_VERSION))) { |
5365 | OSKextLog(this, |
5366 | kOSKextLogErrorLevel | |
5367 | kOSKextLogLoadFlag, |
5368 | "Kernel component %s has incorrect version %s; " |
5369 | "expected %s." , |
5370 | getIdentifierCString(), |
5371 | versCString, KERNEL6_VERSION); |
5372 | result = kOSKextReturnInternalError; |
5373 | goto finish; |
5374 | } else if (strcmp(versCString, osrelease)) { |
5375 | OSKextLog(this, |
5376 | kOSKextLogErrorLevel | |
5377 | kOSKextLogLoadFlag, |
5378 | "Kernel component %s has incorrect version %s; " |
5379 | "expected %s." , |
5380 | getIdentifierCString(), |
5381 | versCString, osrelease); |
5382 | result = kOSKextReturnInternalError; |
5383 | goto finish; |
5384 | } |
5385 | } |
5386 | } |
5387 | |
5388 | if (isPrelinked()) { |
5389 | goto register_kmod; |
5390 | } |
5391 | |
5392 | /* <rdar://problem/21444003> all callers must be entitled */ |
5393 | if (FALSE == IOTaskHasEntitlement(current_task(), "com.apple.rootless.kext-secure-management" )) { |
5394 | OSKextLog(this, |
5395 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
5396 | "Not entitled to link kext '%s'" , |
5397 | getIdentifierCString()); |
5398 | result = kOSKextReturnNotPrivileged; |
5399 | goto finish; |
5400 | } |
5401 | |
5402 | theExecutable = getExecutable(); |
5403 | if (!theExecutable) { |
5404 | if (declaresExecutable()) { |
5405 | OSKextLog(this, |
5406 | kOSKextLogErrorLevel | |
5407 | kOSKextLogLoadFlag, |
5408 | "Can't load kext %s - executable is missing." , |
5409 | getIdentifierCString()); |
5410 | result = kOSKextReturnValidation; |
5411 | goto finish; |
5412 | } |
5413 | goto register_kmod; |
5414 | } |
5415 | |
5416 | if (isInterface()) { |
5417 | OSData *executableCopy = OSData::withData(theExecutable); |
5418 | setLinkedExecutable(executableCopy); |
5419 | executableCopy->release(); |
5420 | goto register_kmod; |
5421 | } |
5422 | |
5423 | numDirectDependencies = getNumDependencies(); |
5424 | |
5425 | if (flags.hasBleedthrough) { |
5426 | linkDependencies = dependencies; |
5427 | linkDependencies->retain(); |
5428 | } else { |
5429 | linkDependencies = OSArray::withArray(dependencies); |
5430 | if (!linkDependencies) { |
5431 | OSKextLog(this, |
5432 | kOSKextLogErrorLevel | |
5433 | kOSKextLogLoadFlag | kOSKextLogLinkFlag, |
5434 | "Can't allocate link dependencies to load kext %s." , |
5435 | getIdentifierCString()); |
5436 | goto finish; |
5437 | } |
5438 | |
5439 | for (i = 0; i < numDirectDependencies; ++i) { |
5440 | OSKext * dependencyKext = OSDynamicCast(OSKext, |
5441 | dependencies->getObject(i)); |
5442 | dependencyKext->addBleedthroughDependencies(linkDependencies); |
5443 | } |
5444 | } |
5445 | |
5446 | num_kxlddeps = linkDependencies->getCount(); |
5447 | if (!num_kxlddeps) { |
5448 | OSKextLog(this, |
5449 | kOSKextLogErrorLevel | |
5450 | kOSKextLogLoadFlag | kOSKextLogDependenciesFlag, |
5451 | "Can't load kext %s - it has no library dependencies." , |
5452 | getIdentifierCString()); |
5453 | goto finish; |
5454 | } |
5455 | |
5456 | kxlddeps = (KXLDDependency *)kalloc_tag(num_kxlddeps * sizeof(*kxlddeps), VM_KERN_MEMORY_OSKEXT); |
5457 | if (!kxlddeps) { |
5458 | OSKextLog(this, |
5459 | kOSKextLogErrorLevel | |
5460 | kOSKextLogLoadFlag | kOSKextLogLinkFlag, |
5461 | "Can't allocate link context to load kext %s." , |
5462 | getIdentifierCString()); |
5463 | goto finish; |
5464 | } |
5465 | bzero(kxlddeps, num_kxlddeps * sizeof(*kxlddeps)); |
5466 | |
5467 | for (i = 0; i < num_kxlddeps; ++i ) { |
5468 | OSKext * dependency = OSDynamicCast(OSKext, linkDependencies->getObject(i)); |
5469 | |
5470 | if (dependency->isInterface()) { |
5471 | OSKext *interfaceTargetKext = NULL; |
5472 | OSData * interfaceTarget = NULL; |
5473 | |
5474 | if (dependency->isKernelComponent()) { |
5475 | interfaceTargetKext = sKernelKext; |
5476 | interfaceTarget = sKernelKext->linkedExecutable; |
5477 | } else { |
5478 | interfaceTargetKext = OSDynamicCast(OSKext, |
5479 | dependency->dependencies->getObject(0)); |
5480 | |
5481 | interfaceTarget = interfaceTargetKext->linkedExecutable; |
5482 | } |
5483 | |
5484 | if (!interfaceTarget) { |
5485 | // panic? |
5486 | goto finish; |
5487 | } |
5488 | |
5489 | /* The names set here aren't actually logged yet <rdar://problem/7941514>, |
5490 | * it will be useful to have them in the debugger. |
5491 | * strdup() failing isn't critical right here so we don't check that. |
5492 | */ |
5493 | kxlddeps[i].kext = (u_char *) interfaceTarget->getBytesNoCopy(); |
5494 | kxlddeps[i].kext_size = interfaceTarget->getLength(); |
5495 | kxlddeps[i].kext_name = strdup(interfaceTargetKext->getIdentifierCString()); |
5496 | |
5497 | kxlddeps[i].interface = (u_char *) dependency->linkedExecutable->getBytesNoCopy(); |
5498 | kxlddeps[i].interface_size = dependency->linkedExecutable->getLength(); |
5499 | kxlddeps[i].interface_name = strdup(dependency->getIdentifierCString()); |
5500 | } else { |
5501 | kxlddeps[i].kext = (u_char *) dependency->linkedExecutable->getBytesNoCopy(); |
5502 | kxlddeps[i].kext_size = dependency->linkedExecutable->getLength(); |
5503 | kxlddeps[i].kext_name = strdup(dependency->getIdentifierCString()); |
5504 | } |
5505 | |
5506 | kxlddeps[i].is_direct_dependency = (i < numDirectDependencies); |
5507 | } |
5508 | |
5509 | kxldHeaderPtr = &kxld_header; |
5510 | |
5511 | #if DEBUG |
5512 | OSKextLog(this, |
5513 | kOSKextLogExplicitLevel | |
5514 | kOSKextLogLoadFlag | kOSKextLogLinkFlag, |
5515 | "Kext %s - calling kxld_link_file:\n" |
5516 | " kxld_context: %p\n" |
5517 | " executable: %p executable_length: %d\n" |
5518 | " user_data: %p\n" |
5519 | " kxld_dependencies: %p num_dependencies: %d\n" |
5520 | " kxld_header_ptr: %p kmod_info_ptr: %p\n" , |
5521 | getIdentifierCString(), sKxldContext, |
5522 | theExecutable->getBytesNoCopy(), theExecutable->getLength(), |
5523 | this, kxlddeps, num_kxlddeps, |
5524 | kxldHeaderPtr, &kmod_info); |
5525 | #endif |
5526 | |
5527 | /* After this call, the linkedExecutable instance variable |
5528 | * should exist. |
5529 | */ |
5530 | kxldResult = kxld_link_file(sKxldContext, |
5531 | (u_char *)theExecutable->getBytesNoCopy(), |
5532 | theExecutable->getLength(), |
5533 | getIdentifierCString(), this, kxlddeps, num_kxlddeps, |
5534 | (u_char **)kxldHeaderPtr, (kxld_addr_t *)&kmod_info); |
5535 | |
5536 | if (kxldResult != KERN_SUCCESS) { |
5537 | // xxx - add kxldResult here? |
5538 | OSKextLog(this, |
5539 | kOSKextLogErrorLevel | |
5540 | kOSKextLogLoadFlag, |
5541 | "Can't load kext %s - link failed." , |
5542 | getIdentifierCString()); |
5543 | result = kOSKextReturnLinkError; |
5544 | goto finish; |
5545 | } |
5546 | |
5547 | /* We've written data & instructions into kernel memory, so flush the data |
5548 | * cache and invalidate the instruction cache. |
5549 | * I/D caches are coherent on x86 |
5550 | */ |
5551 | #if !defined(__i386__) && !defined(__x86_64__) |
5552 | flush_dcache(kmod_info->address, kmod_info->size, false); |
5553 | invalidate_icache(kmod_info->address, kmod_info->size, false); |
5554 | #endif |
5555 | register_kmod: |
5556 | |
5557 | if (isInterface()) { |
5558 | |
5559 | /* Whip up a fake kmod_info entry for the interface kext. |
5560 | */ |
5561 | kmod_info = (kmod_info_t *)kalloc_tag(sizeof(kmod_info_t), VM_KERN_MEMORY_OSKEXT); |
5562 | if (!kmod_info) { |
5563 | result = KERN_MEMORY_ERROR; |
5564 | goto finish; |
5565 | } |
5566 | |
5567 | /* A pseudokext has almost nothing in its kmod_info struct. |
5568 | */ |
5569 | bzero(kmod_info, sizeof(kmod_info_t)); |
5570 | |
5571 | kmod_info->info_version = KMOD_INFO_VERSION; |
5572 | |
5573 | /* An interface kext doesn't have a linkedExecutable, so save a |
5574 | * copy of the UUID out of the original executable via copyUUID() |
5575 | * while we still have the original executable. |
5576 | */ |
5577 | interfaceUUID = copyUUID(); |
5578 | } |
5579 | |
5580 | kmod_info->id = loadTag = sNextLoadTag++; |
5581 | kmod_info->reference_count = 0; // KMOD_DECL... sets it to -1 (invalid). |
5582 | |
5583 | /* Stamp the bundle ID and version from the OSKext over anything |
5584 | * resident inside the kmod_info. |
5585 | */ |
5586 | string = getIdentifierCString(); |
5587 | strlcpy(kmod_info->name, string, sizeof(kmod_info->name)); |
5588 | |
5589 | string = versCString; |
5590 | strlcpy(kmod_info->version, string, sizeof(kmod_info->version)); |
5591 | |
5592 | /* Add the dependencies' kmod_info structs as kmod_references. |
5593 | */ |
5594 | num_kmod_refs = getNumDependencies(); |
5595 | if (num_kmod_refs) { |
5596 | kmod_info->reference_list = (kmod_reference_t *)kalloc_tag( |
5597 | num_kmod_refs * sizeof(kmod_reference_t), VM_KERN_MEMORY_OSKEXT); |
5598 | if (!kmod_info->reference_list) { |
5599 | result = KERN_MEMORY_ERROR; |
5600 | goto finish; |
5601 | } |
5602 | bzero(kmod_info->reference_list, |
5603 | num_kmod_refs * sizeof(kmod_reference_t)); |
5604 | for (uint32_t refIndex = 0; refIndex < num_kmod_refs; refIndex++) { |
5605 | kmod_reference_t * ref = &(kmod_info->reference_list[refIndex]); |
5606 | OSKext * refKext = OSDynamicCast(OSKext, dependencies->getObject(refIndex)); |
5607 | ref->info = refKext->kmod_info; |
5608 | ref->info->reference_count++; |
5609 | |
5610 | if (refIndex + 1 < num_kmod_refs) { |
5611 | ref->next = kmod_info->reference_list + refIndex + 1; |
5612 | } |
5613 | } |
5614 | } |
5615 | |
5616 | if (!isInterface() && linkedExecutable) { |
5617 | OSKextLog(this, |
5618 | kOSKextLogProgressLevel | |
5619 | kOSKextLogLoadFlag, |
5620 | "Kext %s executable loaded; %u pages at 0x%lx (load tag %u)." , |
5621 | kmod_info->name, |
5622 | (unsigned)kmod_info->size / PAGE_SIZE, |
5623 | (unsigned long)ml_static_unslide(kmod_info->address), |
5624 | (unsigned)kmod_info->id); |
5625 | } |
5626 | |
5627 | /* if prelinked, VM protections are already set */ |
5628 | result = setVMAttributes(!isPrelinked(), true); |
5629 | if (result != KERN_SUCCESS) { |
5630 | goto finish; |
5631 | } |
5632 | |
5633 | #if KASAN |
5634 | if (linkedExecutable) { |
5635 | kasan_load_kext((vm_offset_t)linkedExecutable->getBytesNoCopy(), |
5636 | linkedExecutable->getLength(), getIdentifierCString()); |
5637 | } |
5638 | #else |
5639 | if (lookupSection(KASAN_GLOBAL_SEGNAME, KASAN_GLOBAL_SECTNAME)) { |
5640 | OSKextLog(this, |
5641 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
5642 | "KASAN: cannot load KASAN-ified kext %s on a non-KASAN kernel\n" , |
5643 | getIdentifierCString() |
5644 | ); |
5645 | result = KERN_FAILURE; |
5646 | goto finish; |
5647 | } |
5648 | #endif |
5649 | |
5650 | result = kOSReturnSuccess; |
5651 | |
5652 | finish: |
5653 | OSSafeReleaseNULL(linkDependencies); |
5654 | |
5655 | /* Clear up locally allocated dependency info. |
5656 | */ |
5657 | for (i = 0; i < num_kxlddeps; ++i ) { |
5658 | size_t size; |
5659 | |
5660 | if (kxlddeps[i].kext_name) { |
5661 | size = 1 + strlen(kxlddeps[i].kext_name); |
5662 | kfree(kxlddeps[i].kext_name, size); |
5663 | } |
5664 | if (kxlddeps[i].interface_name) { |
5665 | size = 1 + strlen(kxlddeps[i].interface_name); |
5666 | kfree(kxlddeps[i].interface_name, size); |
5667 | } |
5668 | } |
5669 | if (kxlddeps) kfree(kxlddeps, (num_kxlddeps * sizeof(*kxlddeps))); |
5670 | |
5671 | /* We no longer need the unrelocated executable (which the linker |
5672 | * has altered anyhow). |
5673 | */ |
5674 | setExecutable(NULL); |
5675 | |
5676 | if (result != kOSReturnSuccess) { |
5677 | OSKextLog(this, |
5678 | kOSKextLogErrorLevel | |
5679 | kOSKextLogLoadFlag, |
5680 | "Failed to load executable for kext %s." , |
5681 | getIdentifierCString()); |
5682 | |
5683 | if (kmod_info && kmod_info->reference_list) { |
5684 | kfree(kmod_info->reference_list, |
5685 | num_kmod_refs * sizeof(kmod_reference_t)); |
5686 | } |
5687 | if (isInterface()) { |
5688 | kfree(kmod_info, sizeof(kmod_info_t)); |
5689 | } |
5690 | kmod_info = NULL; |
5691 | if (linkedExecutable) { |
5692 | linkedExecutable->release(); |
5693 | linkedExecutable = NULL; |
5694 | } |
5695 | } |
5696 | |
5697 | return result; |
5698 | } |
5699 | |
5700 | /********************************************************************* |
5701 | * The linkedit segment is used by the kext linker for dependency |
5702 | * resolution, and by dtrace for probe initialization. We can free it |
5703 | * for non-library kexts, since no kexts depend on non-library kexts |
5704 | * by definition, once dtrace has been initialized. |
5705 | *********************************************************************/ |
5706 | void |
5707 | OSKext::jettisonLinkeditSegment(void) |
5708 | { |
5709 | kernel_mach_header_t * machhdr = (kernel_mach_header_t *)kmod_info->address; |
5710 | kernel_segment_command_t * linkedit = NULL; |
5711 | vm_offset_t start; |
5712 | vm_size_t linkeditsize, kextsize; |
5713 | OSData * data = NULL; |
5714 | |
5715 | #if NO_KEXTD |
5716 | /* We can free symbol tables for all embedded kexts because we don't |
5717 | * support runtime kext linking. |
5718 | */ |
5719 | if (sKeepSymbols || !isExecutable() || !linkedExecutable || flags.jettisonLinkeditSeg) { |
5720 | #else |
5721 | if (sKeepSymbols || isLibrary() || !isExecutable() || !linkedExecutable || flags.jettisonLinkeditSeg) { |
5722 | #endif |
5723 | goto finish; |
5724 | } |
5725 | |
5726 | /* Find the linkedit segment. If it's not the last segment, then freeing |
5727 | * it will fragment the kext into multiple VM regions, which OSKext is not |
5728 | * designed to handle, so we'll have to skip it. |
5729 | */ |
5730 | linkedit = getsegbynamefromheader(machhdr, SEG_LINKEDIT); |
5731 | if (!linkedit) { |
5732 | goto finish; |
5733 | } |
5734 | |
5735 | if (round_page(kmod_info->address + kmod_info->size) != |
5736 | round_page(linkedit->vmaddr + linkedit->vmsize)) |
5737 | { |
5738 | goto finish; |
5739 | } |
5740 | |
5741 | /* Create a new OSData for the smaller kext object. |
5742 | */ |
5743 | linkeditsize = round_page(linkedit->vmsize); |
5744 | kextsize = kmod_info->size - linkeditsize; |
5745 | start = linkedit->vmaddr; |
5746 | |
5747 | data = OSData::withBytesNoCopy((void *)kmod_info->address, kextsize); |
5748 | if (!data) { |
5749 | goto finish; |
5750 | } |
5751 | |
5752 | /* Fix the kmod info and linkedExecutable. |
5753 | */ |
5754 | kmod_info->size = kextsize; |
5755 | |
5756 | #if VM_MAPPED_KEXTS |
5757 | data->setDeallocFunction(osdata_kext_free); |
5758 | #else |
5759 | data->setDeallocFunction(osdata_phys_free); |
5760 | #endif |
5761 | linkedExecutable->setDeallocFunction(NULL); |
5762 | linkedExecutable->release(); |
5763 | linkedExecutable = data; |
5764 | flags.jettisonLinkeditSeg = 1; |
5765 | |
5766 | /* Free the linkedit segment. |
5767 | */ |
5768 | #if VM_MAPPED_KEXTS |
5769 | kext_free(start, linkeditsize); |
5770 | #else |
5771 | ml_static_mfree(start, linkeditsize); |
5772 | #endif |
5773 | |
5774 | finish: |
5775 | return; |
5776 | } |
5777 | |
5778 | /********************************************************************* |
5779 | * If there are whole pages that are unused betweem the last section |
5780 | * of the DATA segment and the end of the DATA segment then we can free |
5781 | * them |
5782 | *********************************************************************/ |
5783 | void |
5784 | OSKext::jettisonDATASegmentPadding(void) |
5785 | { |
5786 | kernel_mach_header_t * mh; |
5787 | kernel_segment_command_t * dataSeg; |
5788 | kernel_section_t * sec, * lastSec; |
5789 | vm_offset_t dataSegEnd, lastSecEnd; |
5790 | vm_size_t padSize; |
5791 | |
5792 | if (flags.builtin) return; |
5793 | mh = (kernel_mach_header_t *)kmod_info->address; |
5794 | |
5795 | dataSeg = getsegbynamefromheader(mh, SEG_DATA); |
5796 | if (dataSeg == NULL) { |
5797 | return; |
5798 | } |
5799 | |
5800 | lastSec = NULL; |
5801 | sec = firstsect(dataSeg); |
5802 | while (sec != NULL) { |
5803 | lastSec = sec; |
5804 | sec = nextsect(dataSeg, sec); |
5805 | } |
5806 | |
5807 | if (lastSec == NULL) { |
5808 | return; |
5809 | } |
5810 | |
5811 | if ((dataSeg->vmaddr != round_page(dataSeg->vmaddr)) || |
5812 | (dataSeg->vmsize != round_page(dataSeg->vmsize))) { |
5813 | return; |
5814 | } |
5815 | |
5816 | dataSegEnd = dataSeg->vmaddr + dataSeg->vmsize; |
5817 | lastSecEnd = round_page(lastSec->addr + lastSec->size); |
5818 | |
5819 | if (dataSegEnd <= lastSecEnd) { |
5820 | return; |
5821 | } |
5822 | |
5823 | padSize = dataSegEnd - lastSecEnd; |
5824 | |
5825 | if (padSize >= PAGE_SIZE) { |
5826 | #if VM_MAPPED_KEXTS |
5827 | kext_free(lastSecEnd, padSize); |
5828 | #else |
5829 | ml_static_mfree(lastSecEnd, padSize); |
5830 | #endif |
5831 | } |
5832 | } |
5833 | |
5834 | /********************************************************************* |
5835 | *********************************************************************/ |
5836 | void |
5837 | OSKext::setLinkedExecutable(OSData * anExecutable) |
5838 | { |
5839 | if (linkedExecutable) { |
5840 | panic("Attempt to set linked executable on kext " |
5841 | "that already has one (%s).\n" , |
5842 | getIdentifierCString()); |
5843 | } |
5844 | linkedExecutable = anExecutable; |
5845 | linkedExecutable->retain(); |
5846 | return; |
5847 | } |
5848 | |
5849 | #if CONFIG_DTRACE |
5850 | /********************************************************************* |
5851 | * Go through all loaded kexts and tell them to register with dtrace. |
5852 | * The instance method only registers if necessary. |
5853 | *********************************************************************/ |
5854 | /* static */ |
5855 | void |
5856 | OSKext::registerKextsWithDTrace(void) |
5857 | { |
5858 | uint32_t count = sLoadedKexts->getCount(); |
5859 | uint32_t i; |
5860 | |
5861 | IORecursiveLockLock(sKextLock); |
5862 | |
5863 | for (i = 0; i < count; i++) { |
5864 | OSKext * thisKext = NULL; // do not release |
5865 | |
5866 | thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
5867 | if (!thisKext || !thisKext->isExecutable()) { |
5868 | continue; |
5869 | } |
5870 | |
5871 | thisKext->registerWithDTrace(); |
5872 | } |
5873 | |
5874 | IORecursiveLockUnlock(sKextLock); |
5875 | |
5876 | return; |
5877 | } |
5878 | |
5879 | extern "C" { |
5880 | extern int (*dtrace_modload)(struct kmod_info *, uint32_t); |
5881 | extern int (*dtrace_modunload)(struct kmod_info *); |
5882 | }; |
5883 | |
5884 | /********************************************************************* |
5885 | *********************************************************************/ |
5886 | void |
5887 | OSKext::registerWithDTrace(void) |
5888 | { |
5889 | /* Register kext with dtrace. A dtrace_modload failure should not |
5890 | * prevent a kext from loading, so we ignore the return code. |
5891 | */ |
5892 | if (!flags.dtraceInitialized && (dtrace_modload != NULL)) { |
5893 | uint32_t modflag = 0; |
5894 | OSObject * forceInit = getPropertyForHostArch("OSBundleForceDTraceInit" ); |
5895 | if (forceInit == kOSBooleanTrue) { |
5896 | modflag |= KMOD_DTRACE_FORCE_INIT; |
5897 | } |
5898 | if (flags.builtin) { |
5899 | modflag |= KMOD_DTRACE_STATIC_KEXT; |
5900 | } |
5901 | |
5902 | (void)(*dtrace_modload)(kmod_info, modflag); |
5903 | flags.dtraceInitialized = true; |
5904 | jettisonLinkeditSegment(); |
5905 | } |
5906 | return; |
5907 | } |
5908 | /********************************************************************* |
5909 | *********************************************************************/ |
5910 | void |
5911 | OSKext::unregisterWithDTrace(void) |
5912 | { |
5913 | /* Unregister kext with dtrace. A dtrace_modunload failure should not |
5914 | * prevent a kext from loading, so we ignore the return code. |
5915 | */ |
5916 | if (flags.dtraceInitialized && (dtrace_modunload != NULL)) { |
5917 | (void)(*dtrace_modunload)(kmod_info); |
5918 | flags.dtraceInitialized = false; |
5919 | } |
5920 | return; |
5921 | } |
5922 | #endif /* CONFIG_DTRACE */ |
5923 | |
5924 | |
5925 | /********************************************************************* |
5926 | * called only by loadExecutable() |
5927 | *********************************************************************/ |
5928 | #if !VM_MAPPED_KEXTS |
5929 | #if defined(__arm__) || defined(__arm64__) |
5930 | static inline kern_return_t |
5931 | OSKext_protect( |
5932 | vm_map_t map, |
5933 | vm_map_offset_t start, |
5934 | vm_map_offset_t end, |
5935 | vm_prot_t new_prot, |
5936 | boolean_t set_max) |
5937 | { |
5938 | #pragma unused(map) |
5939 | assert(map == kernel_map); // we can handle KEXTs arising from the PRELINK segment and no others |
5940 | assert(start <= end); |
5941 | if (start >= end) |
5942 | return KERN_SUCCESS; // Punt segments of length zero (e.g., headers) or less (i.e., blunders) |
5943 | else if (set_max) |
5944 | return KERN_SUCCESS; // Punt set_max, as there's no mechanism to record that state |
5945 | else |
5946 | return ml_static_protect(start, end - start, new_prot); |
5947 | } |
5948 | |
5949 | static inline kern_return_t |
5950 | OSKext_wire( |
5951 | vm_map_t map, |
5952 | vm_map_offset_t start, |
5953 | vm_map_offset_t end, |
5954 | vm_prot_t access_type, |
5955 | boolean_t user_wire) |
5956 | { |
5957 | #pragma unused(map,start,end,access_type,user_wire) |
5958 | return KERN_SUCCESS; // No-op as PRELINK kexts are cemented into physical memory at boot |
5959 | } |
5960 | #else |
5961 | #error Unrecognized architecture |
5962 | #endif |
5963 | #else |
5964 | static inline kern_return_t |
5965 | OSKext_protect( |
5966 | vm_map_t map, |
5967 | vm_map_offset_t start, |
5968 | vm_map_offset_t end, |
5969 | vm_prot_t new_prot, |
5970 | boolean_t set_max) |
5971 | { |
5972 | if (start == end) { // 10538581 |
5973 | return(KERN_SUCCESS); |
5974 | } |
5975 | return vm_map_protect(map, start, end, new_prot, set_max); |
5976 | } |
5977 | |
5978 | static inline kern_return_t |
5979 | OSKext_wire( |
5980 | vm_map_t map, |
5981 | vm_map_offset_t start, |
5982 | vm_map_offset_t end, |
5983 | vm_prot_t access_type, |
5984 | boolean_t user_wire) |
5985 | { |
5986 | return vm_map_wire_kernel(map, start, end, access_type, VM_KERN_MEMORY_KEXT, user_wire); |
5987 | } |
5988 | #endif |
5989 | |
5990 | OSReturn |
5991 | OSKext::setVMAttributes(bool protect, bool wire) |
5992 | { |
5993 | vm_map_t kext_map = NULL; |
5994 | kernel_segment_command_t * seg = NULL; |
5995 | vm_map_offset_t start = 0; |
5996 | vm_map_offset_t end = 0; |
5997 | OSReturn result = kOSReturnError; |
5998 | |
5999 | if (isInterface() || !declaresExecutable() || flags.builtin) { |
6000 | result = kOSReturnSuccess; |
6001 | goto finish; |
6002 | } |
6003 | |
6004 | /* Get the kext's vm map */ |
6005 | kext_map = kext_get_vm_map(kmod_info); |
6006 | if (!kext_map) { |
6007 | result = KERN_MEMORY_ERROR; |
6008 | goto finish; |
6009 | } |
6010 | |
6011 | #if !VM_MAPPED_KEXTS |
6012 | if (getcommandfromheader((kernel_mach_header_t *)kmod_info->address, LC_SEGMENT_SPLIT_INFO)) { |
6013 | /* This is a split kext in a prelinked kernelcache; we'll let the |
6014 | * platform code take care of protecting it. It is already wired. |
6015 | */ |
6016 | /* TODO: Should this still allow protections for the first segment |
6017 | * to go through, in the event that we have a mix of split and |
6018 | * unsplit kexts? |
6019 | */ |
6020 | result = KERN_SUCCESS; |
6021 | goto finish; |
6022 | } |
6023 | #endif |
6024 | |
6025 | /* Protect the headers as read-only; they do not need to be wired */ |
6026 | result = (protect) ? OSKext_protect(kext_map, kmod_info->address, |
6027 | kmod_info->address + kmod_info->hdr_size, VM_PROT_READ, TRUE) |
6028 | : KERN_SUCCESS; |
6029 | if (result != KERN_SUCCESS) { |
6030 | goto finish; |
6031 | } |
6032 | |
6033 | /* Set the VM protections and wire down each of the segments */ |
6034 | seg = firstsegfromheader((kernel_mach_header_t *)kmod_info->address); |
6035 | while (seg) { |
6036 | |
6037 | #if __arm__ |
6038 | /* We build all ARM kexts, so we can ensure they are aligned */ |
6039 | assert((seg->vmaddr & PAGE_MASK) == 0); |
6040 | assert((seg->vmsize & PAGE_MASK) == 0); |
6041 | #endif |
6042 | |
6043 | start = round_page(seg->vmaddr); |
6044 | end = trunc_page(seg->vmaddr + seg->vmsize); |
6045 | |
6046 | if (protect) { |
6047 | result = OSKext_protect(kext_map, start, end, seg->maxprot, TRUE); |
6048 | if (result != KERN_SUCCESS) { |
6049 | OSKextLog(this, |
6050 | kOSKextLogErrorLevel | |
6051 | kOSKextLogLoadFlag, |
6052 | "Kext %s failed to set maximum VM protections " |
6053 | "for segment %s - 0x%x." , |
6054 | getIdentifierCString(), seg->segname, (int)result); |
6055 | goto finish; |
6056 | } |
6057 | |
6058 | result = OSKext_protect(kext_map, start, end, seg->initprot, FALSE); |
6059 | if (result != KERN_SUCCESS) { |
6060 | OSKextLog(this, |
6061 | kOSKextLogErrorLevel | |
6062 | kOSKextLogLoadFlag, |
6063 | "Kext %s failed to set initial VM protections " |
6064 | "for segment %s - 0x%x." , |
6065 | getIdentifierCString(), seg->segname, (int)result); |
6066 | goto finish; |
6067 | } |
6068 | } |
6069 | |
6070 | if (segmentShouldBeWired(seg) && wire) { |
6071 | result = OSKext_wire(kext_map, start, end, seg->initprot, FALSE); |
6072 | if (result != KERN_SUCCESS) { |
6073 | goto finish; |
6074 | } |
6075 | } |
6076 | |
6077 | seg = nextsegfromheader((kernel_mach_header_t *) kmod_info->address, seg); |
6078 | } |
6079 | |
6080 | finish: |
6081 | return result; |
6082 | } |
6083 | |
6084 | /********************************************************************* |
6085 | *********************************************************************/ |
6086 | boolean_t |
6087 | OSKext::segmentShouldBeWired(kernel_segment_command_t *seg) |
6088 | { |
6089 | return (sKeepSymbols || strncmp(seg->segname, SEG_LINKEDIT, sizeof(seg->segname))); |
6090 | } |
6091 | |
6092 | /********************************************************************* |
6093 | *********************************************************************/ |
6094 | OSReturn |
6095 | OSKext::validateKextMapping(bool startFlag) |
6096 | { |
6097 | OSReturn result = kOSReturnError; |
6098 | const char * whichOp = startFlag ? "start" : "stop" ; |
6099 | kern_return_t kern_result = 0; |
6100 | vm_map_t kext_map = NULL; |
6101 | kernel_segment_command_t * seg = NULL; |
6102 | mach_vm_address_t address = 0; |
6103 | mach_vm_size_t size = 0; |
6104 | uint32_t depth = 0; |
6105 | mach_msg_type_number_t count; |
6106 | vm_region_submap_short_info_data_64_t info; |
6107 | |
6108 | if (flags.builtin) return (kOSReturnSuccess); |
6109 | |
6110 | count = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64; |
6111 | bzero(&info, sizeof(info)); |
6112 | |
6113 | // xxx - do we need a distinct OSReturn value for these or is "bad data" |
6114 | // xxx - sufficient? |
6115 | |
6116 | /* Verify that the kmod_info and start/stop pointers are non-NULL. |
6117 | */ |
6118 | if (!kmod_info) { |
6119 | OSKextLog(this, |
6120 | kOSKextLogErrorLevel | |
6121 | kOSKextLogLoadFlag, |
6122 | "Kext %s - NULL kmod_info pointer." , |
6123 | getIdentifierCString()); |
6124 | result = kOSKextReturnBadData; |
6125 | goto finish; |
6126 | } |
6127 | |
6128 | if (startFlag) { |
6129 | address = (mach_vm_address_t)kmod_info->start; |
6130 | } else { |
6131 | address = (mach_vm_address_t)kmod_info->stop; |
6132 | } |
6133 | |
6134 | if (!address) { |
6135 | OSKextLog(this, |
6136 | kOSKextLogErrorLevel | |
6137 | kOSKextLogLoadFlag, |
6138 | "Kext %s - NULL module %s pointer." , |
6139 | getIdentifierCString(), whichOp); |
6140 | result = kOSKextReturnBadData; |
6141 | goto finish; |
6142 | } |
6143 | |
6144 | kext_map = kext_get_vm_map(kmod_info); |
6145 | depth = (kernel_map == kext_map) ? 1 : 2; |
6146 | |
6147 | /* Verify that the start/stop function lies within the kext's address range. |
6148 | */ |
6149 | if (getcommandfromheader((kernel_mach_header_t *)kmod_info->address, LC_SEGMENT_SPLIT_INFO)) { |
6150 | /* This will likely be how we deal with split kexts; walk the segments to |
6151 | * check that the function lies inside one of the segments of this kext. |
6152 | */ |
6153 | for (seg = firstsegfromheader((kernel_mach_header_t *)kmod_info->address); |
6154 | seg != NULL; |
6155 | seg = nextsegfromheader((kernel_mach_header_t *)kmod_info->address, seg)) { |
6156 | if ((address >= seg->vmaddr) && address < (seg->vmaddr + seg->vmsize)) { |
6157 | break; |
6158 | } |
6159 | } |
6160 | |
6161 | if (!seg) { |
6162 | OSKextLog(this, |
6163 | kOSKextLogErrorLevel | |
6164 | kOSKextLogLoadFlag, |
6165 | "Kext %s module %s pointer is outside of kext range " |
6166 | "(%s %p - kext starts at %p)." , |
6167 | getIdentifierCString(), |
6168 | whichOp, |
6169 | whichOp, |
6170 | (void *)ml_static_unslide(address), |
6171 | (void *)ml_static_unslide(kmod_info->address)); |
6172 | result = kOSKextReturnBadData; |
6173 | goto finish; |
6174 | } |
6175 | |
6176 | seg = NULL; |
6177 | } else { |
6178 | if (address < kmod_info->address + kmod_info->hdr_size || |
6179 | kmod_info->address + kmod_info->size <= address) |
6180 | { |
6181 | OSKextLog(this, |
6182 | kOSKextLogErrorLevel | |
6183 | kOSKextLogLoadFlag, |
6184 | "Kext %s module %s pointer is outside of kext range " |
6185 | "(%s %p - kext at %p-%p)." , |
6186 | getIdentifierCString(), |
6187 | whichOp, |
6188 | whichOp, |
6189 | (void *)ml_static_unslide(address), |
6190 | (void *)ml_static_unslide(kmod_info->address), |
6191 | (void *)(ml_static_unslide(kmod_info->address) + kmod_info->size)); |
6192 | result = kOSKextReturnBadData; |
6193 | goto finish; |
6194 | } |
6195 | } |
6196 | |
6197 | /* Only do these checks before calling the start function; |
6198 | * If anything goes wrong with the mapping while the kext is running, |
6199 | * we'll likely have panicked well before any attempt to stop the kext. |
6200 | */ |
6201 | if (startFlag) { |
6202 | |
6203 | /* Verify that the start/stop function is executable. |
6204 | */ |
6205 | kern_result = mach_vm_region_recurse(kernel_map, &address, &size, &depth, |
6206 | (vm_region_recurse_info_t)&info, &count); |
6207 | if (kern_result != KERN_SUCCESS) { |
6208 | OSKextLog(this, |
6209 | kOSKextLogErrorLevel | |
6210 | kOSKextLogLoadFlag, |
6211 | "Kext %s - bad %s pointer %p." , |
6212 | getIdentifierCString(), |
6213 | whichOp, (void *)ml_static_unslide(address)); |
6214 | result = kOSKextReturnBadData; |
6215 | goto finish; |
6216 | } |
6217 | |
6218 | #if VM_MAPPED_KEXTS |
6219 | if (!(info.protection & VM_PROT_EXECUTE)) { |
6220 | OSKextLog(this, |
6221 | kOSKextLogErrorLevel | |
6222 | kOSKextLogLoadFlag, |
6223 | "Kext %s - memory region containing module %s function " |
6224 | "is not executable." , |
6225 | getIdentifierCString(), whichOp); |
6226 | result = kOSKextReturnBadData; |
6227 | goto finish; |
6228 | } |
6229 | #endif |
6230 | |
6231 | /* Verify that the kext's segments are backed by physical memory. |
6232 | */ |
6233 | seg = firstsegfromheader((kernel_mach_header_t *)kmod_info->address); |
6234 | while (seg) { |
6235 | if (!verifySegmentMapping(seg)) { |
6236 | result = kOSKextReturnBadData; |
6237 | goto finish; |
6238 | } |
6239 | |
6240 | seg = nextsegfromheader((kernel_mach_header_t *) kmod_info->address, seg); |
6241 | } |
6242 | |
6243 | } |
6244 | |
6245 | result = kOSReturnSuccess; |
6246 | finish: |
6247 | return result; |
6248 | } |
6249 | |
6250 | /********************************************************************* |
6251 | *********************************************************************/ |
6252 | boolean_t |
6253 | OSKext::verifySegmentMapping(kernel_segment_command_t *seg) |
6254 | { |
6255 | mach_vm_address_t address = 0; |
6256 | |
6257 | if (!segmentShouldBeWired(seg)) return true; |
6258 | |
6259 | for (address = seg->vmaddr; |
6260 | address < round_page(seg->vmaddr + seg->vmsize); |
6261 | address += PAGE_SIZE) |
6262 | { |
6263 | if (!pmap_find_phys(kernel_pmap, (vm_offset_t)address)) { |
6264 | OSKextLog(this, |
6265 | kOSKextLogErrorLevel | |
6266 | kOSKextLogLoadFlag, |
6267 | "Kext %s - page %p is not backed by physical memory." , |
6268 | getIdentifierCString(), |
6269 | (void *)address); |
6270 | return false; |
6271 | } |
6272 | } |
6273 | |
6274 | return true; |
6275 | } |
6276 | |
6277 | /********************************************************************* |
6278 | *********************************************************************/ |
6279 | static void |
6280 | OSKextLogKextInfo(OSKext *aKext, uint64_t address, uint64_t size, firehose_tracepoint_code_t code) |
6281 | { |
6282 | |
6283 | uint64_t stamp = 0; |
6284 | firehose_tracepoint_id_u trace_id; |
6285 | struct firehose_trace_uuid_info_s uuid_info_s; |
6286 | firehose_trace_uuid_info_t uuid_info = &uuid_info_s; |
6287 | size_t uuid_info_len = sizeof(struct firehose_trace_uuid_info_s); |
6288 | OSData *uuid_data; |
6289 | |
6290 | stamp = firehose_tracepoint_time(firehose_activity_flags_default); |
6291 | trace_id.ftid_value = FIREHOSE_TRACE_ID_MAKE(firehose_tracepoint_namespace_metadata, _firehose_tracepoint_type_metadata_kext, (firehose_tracepoint_flags_t)0, code); |
6292 | |
6293 | uuid_data = aKext->copyTextUUID(); |
6294 | if (uuid_data) { |
6295 | memcpy(uuid_info->ftui_uuid, uuid_data->getBytesNoCopy(), sizeof(uuid_info->ftui_uuid)); |
6296 | OSSafeReleaseNULL(uuid_data); |
6297 | } |
6298 | |
6299 | uuid_info->ftui_size = size; |
6300 | uuid_info->ftui_address = ml_static_unslide(address); |
6301 | |
6302 | firehose_trace_metadata(firehose_stream_metadata, trace_id, stamp, uuid_info, uuid_info_len); |
6303 | return; |
6304 | } |
6305 | |
6306 | /********************************************************************* |
6307 | *********************************************************************/ |
6308 | OSReturn |
6309 | OSKext::start(bool startDependenciesFlag) |
6310 | { |
6311 | OSReturn result = kOSReturnError; |
6312 | kern_return_t (* startfunc)(kmod_info_t *, void *); |
6313 | unsigned int i, count; |
6314 | void * kmodStartData = NULL; |
6315 | |
6316 | if (isStarted() || isInterface() || isKernelComponent()) { |
6317 | result = kOSReturnSuccess; |
6318 | goto finish; |
6319 | } |
6320 | |
6321 | if (!isLoaded()) { |
6322 | OSKextLog(this, |
6323 | kOSKextLogErrorLevel | |
6324 | kOSKextLogLoadFlag, |
6325 | "Attempt to start nonloaded kext %s." , |
6326 | getIdentifierCString()); |
6327 | result = kOSKextReturnInvalidArgument; |
6328 | goto finish; |
6329 | } |
6330 | |
6331 | if (!sLoadEnabled) { |
6332 | OSKextLog(this, |
6333 | kOSKextLogErrorLevel | |
6334 | kOSKextLogLoadFlag, |
6335 | "Kext loading is disabled (attempt to start kext %s)." , |
6336 | getIdentifierCString()); |
6337 | result = kOSKextReturnDisabled; |
6338 | goto finish; |
6339 | } |
6340 | |
6341 | result = validateKextMapping(/* start? */ true); |
6342 | if (result != kOSReturnSuccess) { |
6343 | goto finish; |
6344 | } |
6345 | |
6346 | startfunc = kmod_info->start; |
6347 | |
6348 | count = getNumDependencies(); |
6349 | for (i = 0; i < count; i++) { |
6350 | OSKext * dependency = OSDynamicCast(OSKext, dependencies->getObject(i)); |
6351 | if (dependency == NULL) { |
6352 | OSKextLog(this, |
6353 | kOSKextLogErrorLevel | |
6354 | kOSKextLogLoadFlag, |
6355 | "Kext %s start - internal error, dependency disappeared." , |
6356 | getIdentifierCString()); |
6357 | goto finish; |
6358 | } |
6359 | if (!dependency->isStarted()) { |
6360 | if (startDependenciesFlag) { |
6361 | OSReturn dependencyResult = |
6362 | dependency->start(startDependenciesFlag); |
6363 | if (dependencyResult != KERN_SUCCESS) { |
6364 | OSKextLog(this, |
6365 | kOSKextLogErrorLevel | |
6366 | kOSKextLogLoadFlag, |
6367 | "Kext %s start - dependency %s failed to start (error 0x%x)." , |
6368 | getIdentifierCString(), |
6369 | dependency->getIdentifierCString(), |
6370 | dependencyResult); |
6371 | goto finish; |
6372 | } |
6373 | } else { |
6374 | OSKextLog(this, |
6375 | kOSKextLogErrorLevel | |
6376 | kOSKextLogLoadFlag, |
6377 | "Not starting %s - dependency %s not started yet." , |
6378 | getIdentifierCString(), |
6379 | dependency->getIdentifierCString()); |
6380 | result = kOSKextReturnStartStopError; // xxx - make new return? |
6381 | goto finish; |
6382 | } |
6383 | } |
6384 | } |
6385 | |
6386 | OSKextLog(this, |
6387 | kOSKextLogDetailLevel | |
6388 | kOSKextLogLoadFlag, |
6389 | "Kext %s calling module start function." , |
6390 | getIdentifierCString()); |
6391 | |
6392 | flags.starting = 1; |
6393 | |
6394 | // Drop a log message so logd can grab the needed information to decode this kext |
6395 | OSKextLogKextInfo(this, kmod_info->address, kmod_info->size, firehose_tracepoint_code_load); |
6396 | result = OSRuntimeInitializeCPP(this); |
6397 | if (result == KERN_SUCCESS) { |
6398 | result = startfunc(kmod_info, kmodStartData); |
6399 | } |
6400 | |
6401 | flags.starting = 0; |
6402 | |
6403 | /* On success overlap the setting of started/starting. On failure just |
6404 | * clear starting. |
6405 | */ |
6406 | if (result == KERN_SUCCESS) { |
6407 | flags.started = 1; |
6408 | |
6409 | // xxx - log start error from kernel? |
6410 | OSKextLog(this, |
6411 | kOSKextLogProgressLevel | |
6412 | kOSKextLogLoadFlag, |
6413 | "Kext %s is now started." , |
6414 | getIdentifierCString()); |
6415 | } else { |
6416 | invokeOrCancelRequestCallbacks( |
6417 | /* result not actually used */ kOSKextReturnStartStopError, |
6418 | /* invokeFlag */ false); |
6419 | OSKextLog(this, |
6420 | kOSKextLogProgressLevel | |
6421 | kOSKextLogLoadFlag, |
6422 | "Kext %s did not start (return code 0x%x)." , |
6423 | getIdentifierCString(), result); |
6424 | } |
6425 | |
6426 | finish: |
6427 | return result; |
6428 | } |
6429 | |
6430 | /********************************************************************* |
6431 | *********************************************************************/ |
6432 | /* static */ |
6433 | bool OSKext::canUnloadKextWithIdentifier( |
6434 | OSString * kextIdentifier, |
6435 | bool checkClassesFlag) |
6436 | { |
6437 | bool result = false; |
6438 | OSKext * aKext = NULL; // do not release |
6439 | |
6440 | IORecursiveLockLock(sKextLock); |
6441 | |
6442 | aKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextIdentifier)); |
6443 | |
6444 | if (!aKext) { |
6445 | goto finish; // can't unload what's not loaded |
6446 | } |
6447 | |
6448 | if (aKext->isLoaded()) { |
6449 | if (aKext->getRetainCount() > kOSKextMinLoadedRetainCount) { |
6450 | goto finish; |
6451 | } |
6452 | if (checkClassesFlag && aKext->hasOSMetaClassInstances()) { |
6453 | goto finish; |
6454 | } |
6455 | } |
6456 | |
6457 | result = true; |
6458 | |
6459 | finish: |
6460 | IORecursiveLockUnlock(sKextLock); |
6461 | return result; |
6462 | } |
6463 | |
6464 | /********************************************************************* |
6465 | *********************************************************************/ |
6466 | OSReturn |
6467 | OSKext::stop(void) |
6468 | { |
6469 | OSReturn result = kOSReturnError; |
6470 | kern_return_t (*stopfunc)(kmod_info_t *, void *); |
6471 | |
6472 | if (!isStarted() || isInterface()) { |
6473 | result = kOSReturnSuccess; |
6474 | goto finish; |
6475 | } |
6476 | |
6477 | if (!isLoaded()) { |
6478 | OSKextLog(this, |
6479 | kOSKextLogErrorLevel | |
6480 | kOSKextLogLoadFlag, |
6481 | "Attempt to stop nonloaded kext %s." , |
6482 | getIdentifierCString()); |
6483 | result = kOSKextReturnInvalidArgument; |
6484 | goto finish; |
6485 | } |
6486 | |
6487 | /* Refuse to stop if we have clients or instances. It is up to |
6488 | * the caller to make sure those aren't true. |
6489 | */ |
6490 | if (getRetainCount() > kOSKextMinLoadedRetainCount) { |
6491 | OSKextLog(this, |
6492 | kOSKextLogErrorLevel | |
6493 | kOSKextLogLoadFlag, |
6494 | "Kext %s - C++ instances; can't stop." , |
6495 | getIdentifierCString()); |
6496 | result = kOSKextReturnInUse; |
6497 | goto finish; |
6498 | } |
6499 | |
6500 | if (getRetainCount() > kOSKextMinLoadedRetainCount) { |
6501 | |
6502 | OSKextLog(this, |
6503 | kOSKextLogErrorLevel | |
6504 | kOSKextLogLoadFlag, |
6505 | "Kext %s - has references (linkage or tracking object); " |
6506 | "can't stop." , |
6507 | getIdentifierCString()); |
6508 | result = kOSKextReturnInUse; |
6509 | goto finish; |
6510 | } |
6511 | |
6512 | /* Note: If validateKextMapping fails on the stop & unload path, |
6513 | * we are in serious trouble and a kernel panic is likely whether |
6514 | * we stop & unload the kext or not. |
6515 | */ |
6516 | result = validateKextMapping(/* start? */ false); |
6517 | if (result != kOSReturnSuccess) { |
6518 | goto finish; |
6519 | } |
6520 | |
6521 | stopfunc = kmod_info->stop; |
6522 | if (stopfunc) { |
6523 | OSKextLog(this, |
6524 | kOSKextLogDetailLevel | |
6525 | kOSKextLogLoadFlag, |
6526 | "Kext %s calling module stop function." , |
6527 | getIdentifierCString()); |
6528 | |
6529 | flags.stopping = 1; |
6530 | |
6531 | result = stopfunc(kmod_info, /* userData */ NULL); |
6532 | if (result == KERN_SUCCESS) { |
6533 | result = OSRuntimeFinalizeCPP(this); |
6534 | } |
6535 | |
6536 | flags.stopping = 0; |
6537 | |
6538 | if (result == KERN_SUCCESS) { |
6539 | flags.started = 0; |
6540 | |
6541 | OSKextLog(this, |
6542 | kOSKextLogDetailLevel | |
6543 | kOSKextLogLoadFlag, |
6544 | "Kext %s is now stopped and ready to unload." , |
6545 | getIdentifierCString()); |
6546 | } else { |
6547 | OSKextLog(this, |
6548 | kOSKextLogErrorLevel | |
6549 | kOSKextLogLoadFlag, |
6550 | "Kext %s did not stop (return code 0x%x)." , |
6551 | getIdentifierCString(), result); |
6552 | result = kOSKextReturnStartStopError; |
6553 | } |
6554 | } |
6555 | |
6556 | finish: |
6557 | // Drop a log message so logd can update this kext's metadata |
6558 | OSKextLogKextInfo(this, kmod_info->address, kmod_info->size, firehose_tracepoint_code_unload); |
6559 | return result; |
6560 | } |
6561 | |
6562 | /********************************************************************* |
6563 | *********************************************************************/ |
6564 | OSReturn |
6565 | OSKext::unload(void) |
6566 | { |
6567 | OSReturn result = kOSReturnError; |
6568 | unsigned int index; |
6569 | uint32_t num_kmod_refs = 0; |
6570 | OSKextAccount * freeAccount; |
6571 | |
6572 | if (!sUnloadEnabled) { |
6573 | OSKextLog(this, |
6574 | kOSKextLogErrorLevel | |
6575 | kOSKextLogLoadFlag, |
6576 | "Kext unloading is disabled (%s)." , |
6577 | this->getIdentifierCString()); |
6578 | |
6579 | result = kOSKextReturnDisabled; |
6580 | goto finish; |
6581 | } |
6582 | |
6583 | /* Refuse to unload if we have clients or instances. It is up to |
6584 | * the caller to make sure those aren't true. |
6585 | */ |
6586 | if (getRetainCount() > kOSKextMinLoadedRetainCount) { |
6587 | // xxx - Don't log under errors? this is more of an info thing |
6588 | OSKextLog(this, |
6589 | kOSKextLogErrorLevel | |
6590 | kOSKextLogKextBookkeepingFlag, |
6591 | "Can't unload kext %s; outstanding references (linkage or tracking object)." , |
6592 | getIdentifierCString()); |
6593 | result = kOSKextReturnInUse; |
6594 | goto finish; |
6595 | } |
6596 | |
6597 | if (!isLoaded()) { |
6598 | result = kOSReturnSuccess; |
6599 | goto finish; |
6600 | } |
6601 | |
6602 | if (isKernelComponent()) { |
6603 | result = kOSKextReturnInvalidArgument; |
6604 | goto finish; |
6605 | } |
6606 | |
6607 | if (metaClasses && !OSMetaClass::removeClasses(metaClasses)) { |
6608 | OSKextLog(this, |
6609 | kOSKextLogErrorLevel | |
6610 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
6611 | "Can't unload kext %s; classes have instances:" , |
6612 | getIdentifierCString()); |
6613 | reportOSMetaClassInstances(kOSKextLogErrorLevel | |
6614 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag); |
6615 | result = kOSKextReturnInUse; |
6616 | goto finish; |
6617 | } |
6618 | |
6619 | /* Note that the kext is unloading before running any code that |
6620 | * might be in the kext (request callbacks, module stop function). |
6621 | * We will deny certain requests made against a kext in the process |
6622 | * of unloading. |
6623 | */ |
6624 | flags.unloading = 1; |
6625 | |
6626 | /* Update the string describing the last kext to unload in case we panic. |
6627 | */ |
6628 | savePanicString(/* isLoading */ false); |
6629 | |
6630 | if (isStarted()) { |
6631 | result = stop(); |
6632 | if (result != KERN_SUCCESS) { |
6633 | OSKextLog(this, |
6634 | kOSKextLogErrorLevel | |
6635 | kOSKextLogLoadFlag, |
6636 | "Kext %s can't unload - module stop returned 0x%x." , |
6637 | getIdentifierCString(), (unsigned)result); |
6638 | result = kOSKextReturnStartStopError; |
6639 | goto finish; |
6640 | } |
6641 | } |
6642 | |
6643 | OSKextLog(this, |
6644 | kOSKextLogProgressLevel | |
6645 | kOSKextLogLoadFlag, |
6646 | "Kext %s unloading." , |
6647 | getIdentifierCString()); |
6648 | |
6649 | { |
6650 | struct list_head *p; |
6651 | struct list_head *prev; |
6652 | struct list_head *next; |
6653 | for (p = pendingPgoHead.next; p != &pendingPgoHead; p = next) { |
6654 | OSKextGrabPgoStruct *s = container_of(p, OSKextGrabPgoStruct, list_head); |
6655 | s->err = OSKextGrabPgoDataLocked(this, s->metadata, instance_uuid, s->pSize, s->pBuffer, s->bufferSize); |
6656 | prev = p->prev; |
6657 | next = p->next; |
6658 | prev->next = next; |
6659 | next->prev = prev; |
6660 | p->prev = p; |
6661 | p->next = p; |
6662 | IORecursiveLockWakeup(sKextLock, s, false); |
6663 | } |
6664 | } |
6665 | |
6666 | |
6667 | /* Even if we don't call the stop function, we want to be sure we |
6668 | * have no OSMetaClass references before unloading the kext executable |
6669 | * from memory. OSMetaClasses may have pointers into the kext executable |
6670 | * and that would cause a panic on OSKext::free() when metaClasses is freed. |
6671 | */ |
6672 | if (metaClasses) { |
6673 | metaClasses->flushCollection(); |
6674 | } |
6675 | (void) OSRuntimeFinalizeCPP(this); |
6676 | |
6677 | /* Remove the kext from the list of loaded kexts, patch the gap |
6678 | * in the kmod_info_t linked list, and reset "kmod" to point to the |
6679 | * last loaded kext that isn't the fake kernel kext (sKernelKext). |
6680 | */ |
6681 | index = sLoadedKexts->getNextIndexOfObject(this, 0); |
6682 | if (index != (unsigned int)-1) { |
6683 | |
6684 | sLoadedKexts->removeObject(index); |
6685 | |
6686 | OSKext * nextKext = OSDynamicCast(OSKext, |
6687 | sLoadedKexts->getObject(index)); |
6688 | |
6689 | if (nextKext) { |
6690 | if (index > 0) { |
6691 | OSKext * gapKext = OSDynamicCast(OSKext, |
6692 | sLoadedKexts->getObject(index - 1)); |
6693 | |
6694 | nextKext->kmod_info->next = gapKext->kmod_info; |
6695 | |
6696 | } else /* index == 0 */ { |
6697 | nextKext->kmod_info->next = NULL; |
6698 | } |
6699 | } |
6700 | |
6701 | OSKext * lastKext = OSDynamicCast(OSKext, sLoadedKexts->getLastObject()); |
6702 | if (lastKext && !lastKext->isKernel()) { |
6703 | kmod = lastKext->kmod_info; |
6704 | } else { |
6705 | kmod = NULL; // clear the global kmod variable |
6706 | } |
6707 | } |
6708 | |
6709 | /* Clear out the kmod references that we're keeping for compatibility |
6710 | * with current panic backtrace code & kgmacros. |
6711 | * xxx - will want to update those bits sometime and remove this. |
6712 | */ |
6713 | num_kmod_refs = getNumDependencies(); |
6714 | if (num_kmod_refs && kmod_info && kmod_info->reference_list) { |
6715 | for (uint32_t refIndex = 0; refIndex < num_kmod_refs; refIndex++) { |
6716 | kmod_reference_t * ref = &(kmod_info->reference_list[refIndex]); |
6717 | ref->info->reference_count--; |
6718 | } |
6719 | kfree(kmod_info->reference_list, |
6720 | num_kmod_refs * sizeof(kmod_reference_t)); |
6721 | } |
6722 | |
6723 | #if CONFIG_DTRACE |
6724 | unregisterWithDTrace(); |
6725 | #endif /* CONFIG_DTRACE */ |
6726 | |
6727 | notifyKextUnloadObservers(this); |
6728 | |
6729 | freeAccount = NULL; |
6730 | IOSimpleLockLock(sKextAccountsLock); |
6731 | account->kext = NULL; |
6732 | if (account->site.tag) account->site.flags |= VM_TAG_UNLOAD; |
6733 | else freeAccount = account; |
6734 | IOSimpleLockUnlock(sKextAccountsLock); |
6735 | if (freeAccount) IODelete(freeAccount, OSKextAccount, 1); |
6736 | |
6737 | /* Unwire and free the linked executable. |
6738 | */ |
6739 | if (linkedExecutable) { |
6740 | #if KASAN |
6741 | kasan_unload_kext((vm_offset_t)linkedExecutable->getBytesNoCopy(), linkedExecutable->getLength()); |
6742 | #endif |
6743 | |
6744 | #if VM_MAPPED_KEXTS |
6745 | if (!isInterface()) { |
6746 | kernel_segment_command_t *seg = NULL; |
6747 | vm_map_t kext_map = kext_get_vm_map(kmod_info); |
6748 | |
6749 | if (!kext_map) { |
6750 | OSKextLog(this, |
6751 | kOSKextLogErrorLevel | |
6752 | kOSKextLogLoadFlag, |
6753 | "Failed to free kext %s; couldn't find the kext map." , |
6754 | getIdentifierCString()); |
6755 | result = kOSKextReturnInternalError; |
6756 | goto finish; |
6757 | } |
6758 | |
6759 | OSKextLog(this, |
6760 | kOSKextLogProgressLevel | |
6761 | kOSKextLogLoadFlag, |
6762 | "Kext %s unwiring and unmapping linked executable." , |
6763 | getIdentifierCString()); |
6764 | |
6765 | seg = firstsegfromheader((kernel_mach_header_t *)kmod_info->address); |
6766 | while (seg) { |
6767 | if (segmentShouldBeWired(seg)) { |
6768 | result = vm_map_unwire(kext_map, seg->vmaddr, |
6769 | seg->vmaddr + seg->vmsize, FALSE); |
6770 | if (result != KERN_SUCCESS) { |
6771 | OSKextLog(this, |
6772 | kOSKextLogErrorLevel | |
6773 | kOSKextLogLoadFlag, |
6774 | "Failed to unwire kext %s." , |
6775 | getIdentifierCString()); |
6776 | result = kOSKextReturnInternalError; |
6777 | goto finish; |
6778 | } |
6779 | } |
6780 | |
6781 | seg = nextsegfromheader((kernel_mach_header_t *) kmod_info->address, seg); |
6782 | } |
6783 | } |
6784 | #endif |
6785 | OSSafeReleaseNULL(linkedExecutable); |
6786 | } |
6787 | |
6788 | /* An interface kext has a fake kmod_info that was allocated, |
6789 | * so we have to free it. |
6790 | */ |
6791 | if (isInterface()) { |
6792 | kfree(kmod_info, sizeof(kmod_info_t)); |
6793 | } |
6794 | |
6795 | kmod_info = NULL; |
6796 | |
6797 | flags.loaded = false; |
6798 | flushDependencies(); |
6799 | |
6800 | /* save a copy of the bundle ID for us to check when deciding to |
6801 | * rebuild the kernel cache file. If a kext was already in the kernel |
6802 | * cache and unloaded then later loaded we do not need to rebuild the |
6803 | * kernel cache. 9055303 |
6804 | */ |
6805 | if (isPrelinked()) { |
6806 | if (!_OSKextInUnloadedPrelinkedKexts(bundleID)) { |
6807 | IORecursiveLockLock(sKextLock); |
6808 | if (sUnloadedPrelinkedKexts) { |
6809 | sUnloadedPrelinkedKexts->setObject(bundleID); |
6810 | } |
6811 | IORecursiveLockUnlock(sKextLock); |
6812 | } |
6813 | } |
6814 | |
6815 | OSKextLog(this, |
6816 | kOSKextLogProgressLevel | kOSKextLogLoadFlag, |
6817 | "Kext %s unloaded." , getIdentifierCString()); |
6818 | |
6819 | queueKextNotification(kKextRequestPredicateUnloadNotification, |
6820 | OSDynamicCast(OSString, bundleID)); |
6821 | |
6822 | finish: |
6823 | OSKext::saveLoadedKextPanicList(); |
6824 | OSKext::updateLoadedKextSummaries(); |
6825 | |
6826 | flags.unloading = 0; |
6827 | return result; |
6828 | } |
6829 | |
6830 | /********************************************************************* |
6831 | * Assumes sKextLock is held. |
6832 | *********************************************************************/ |
6833 | /* static */ |
6834 | OSReturn |
6835 | OSKext::queueKextNotification( |
6836 | const char * notificationName, |
6837 | OSString * kextIdentifier) |
6838 | { |
6839 | OSReturn result = kOSReturnError; |
6840 | OSDictionary * loadRequest = NULL; // must release |
6841 | |
6842 | if (!kextIdentifier) { |
6843 | result = kOSKextReturnInvalidArgument; |
6844 | goto finish; |
6845 | } |
6846 | |
6847 | /* Create a new request unless one is already sitting |
6848 | * in sKernelRequests for this bundle identifier |
6849 | */ |
6850 | result = _OSKextCreateRequest(notificationName, &loadRequest); |
6851 | if (result != kOSReturnSuccess) { |
6852 | goto finish; |
6853 | } |
6854 | if (!_OSKextSetRequestArgument(loadRequest, |
6855 | kKextRequestArgumentBundleIdentifierKey, kextIdentifier)) { |
6856 | |
6857 | result = kOSKextReturnNoMemory; |
6858 | goto finish; |
6859 | } |
6860 | if (!sKernelRequests->setObject(loadRequest)) { |
6861 | result = kOSKextReturnNoMemory; |
6862 | goto finish; |
6863 | } |
6864 | |
6865 | /* We might want to only queue the notification if kextd is active, |
6866 | * but that wouldn't work for embedded. Note that we don't care if |
6867 | * the ping immediately succeeds here so don't do anything with the |
6868 | * result of this call. |
6869 | */ |
6870 | OSKext::pingKextd(); |
6871 | |
6872 | result = kOSReturnSuccess; |
6873 | |
6874 | finish: |
6875 | OSSafeReleaseNULL(loadRequest); |
6876 | |
6877 | return result; |
6878 | } |
6879 | |
6880 | /********************************************************************* |
6881 | *********************************************************************/ |
6882 | static void |
6883 | _OSKextConsiderDestroyingLinkContext( |
6884 | __unused thread_call_param_t p0, |
6885 | __unused thread_call_param_t p1) |
6886 | { |
6887 | /* Take multiple locks in the correct order. |
6888 | */ |
6889 | IORecursiveLockLock(sKextLock); |
6890 | IORecursiveLockLock(sKextInnerLock); |
6891 | |
6892 | /* The first time we destroy the kxldContext is in the first |
6893 | * OSKext::considerUnloads() call, which sets sConsiderUnloadsCalled |
6894 | * before calling this function. Thereafter any call to this function |
6895 | * will actually destroy the context. |
6896 | */ |
6897 | if (sConsiderUnloadsCalled && sKxldContext) { |
6898 | kxld_destroy_context(sKxldContext); |
6899 | sKxldContext = NULL; |
6900 | } |
6901 | |
6902 | /* Free the thread_call that was allocated to execute this function. |
6903 | */ |
6904 | if (sDestroyLinkContextThread) { |
6905 | if (!thread_call_free(sDestroyLinkContextThread)) { |
6906 | OSKextLog(/* kext */ NULL, |
6907 | kOSKextLogErrorLevel | |
6908 | kOSKextLogGeneralFlag, |
6909 | "thread_call_free() failed for kext link context." ); |
6910 | } |
6911 | sDestroyLinkContextThread = 0; |
6912 | } |
6913 | |
6914 | IORecursiveLockUnlock(sKextInnerLock); |
6915 | IORecursiveLockUnlock(sKextLock); |
6916 | |
6917 | return; |
6918 | } |
6919 | |
6920 | /********************************************************************* |
6921 | * Destroying the kxldContext requires checking variables under both |
6922 | * sKextInnerLock and sKextLock, so we do it on a separate thread |
6923 | * to avoid deadlocks with IOService, with which OSKext has a reciprocal |
6924 | * call relationship. |
6925 | * |
6926 | * This function must be invoked with sKextInnerLock held. |
6927 | * Do not call any function that takes sKextLock here! |
6928 | *********************************************************************/ |
6929 | /* static */ |
6930 | void |
6931 | OSKext::considerDestroyingLinkContext(void) |
6932 | { |
6933 | IORecursiveLockLock(sKextInnerLock); |
6934 | |
6935 | /* If we have already queued a thread to destroy the link context, |
6936 | * don't bother resetting; that thread will take care of it. |
6937 | */ |
6938 | if (sDestroyLinkContextThread) { |
6939 | goto finish; |
6940 | } |
6941 | |
6942 | /* The function to be invoked in the thread will deallocate |
6943 | * this thread_call, so don't share it around. |
6944 | */ |
6945 | sDestroyLinkContextThread = thread_call_allocate( |
6946 | &_OSKextConsiderDestroyingLinkContext, 0); |
6947 | if (!sDestroyLinkContextThread) { |
6948 | OSKextLog(/* kext */ NULL, |
6949 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag | kOSKextLogLinkFlag, |
6950 | "Can't create thread to destroy kext link context." ); |
6951 | goto finish; |
6952 | } |
6953 | |
6954 | thread_call_enter(sDestroyLinkContextThread); |
6955 | |
6956 | finish: |
6957 | IORecursiveLockUnlock(sKextInnerLock); |
6958 | return; |
6959 | } |
6960 | |
6961 | #if PRAGMA_MARK |
6962 | #pragma mark Autounload |
6963 | #endif |
6964 | /********************************************************************* |
6965 | * This is a static method because the kext will be deallocated if it |
6966 | * does unload! |
6967 | *********************************************************************/ |
6968 | /* static */ |
6969 | OSReturn |
6970 | OSKext::autounloadKext(OSKext * aKext) |
6971 | { |
6972 | OSReturn result = kOSKextReturnInUse; |
6973 | |
6974 | /* Check for external references to this kext (usu. dependents), |
6975 | * instances of defined classes (or classes derived from them), |
6976 | * outstanding requests. |
6977 | */ |
6978 | if ((aKext->getRetainCount() > kOSKextMinLoadedRetainCount) || |
6979 | !aKext->flags.autounloadEnabled || |
6980 | aKext->isKernelComponent()) { |
6981 | |
6982 | goto finish; |
6983 | } |
6984 | |
6985 | /* Skip a delay-autounload kext, once. |
6986 | */ |
6987 | if (aKext->flags.delayAutounload) { |
6988 | OSKextLog(aKext, |
6989 | kOSKextLogProgressLevel | |
6990 | kOSKextLogLoadFlag | kOSKextLogKextBookkeepingFlag, |
6991 | "Kext %s has delayed autounload set; skipping and clearing flag." , |
6992 | aKext->getIdentifierCString()); |
6993 | aKext->flags.delayAutounload = 0; |
6994 | goto finish; |
6995 | } |
6996 | |
6997 | if (aKext->hasOSMetaClassInstances() || |
6998 | aKext->countRequestCallbacks()) { |
6999 | goto finish; |
7000 | } |
7001 | |
7002 | result = OSKext::removeKext(aKext); |
7003 | |
7004 | finish: |
7005 | return result; |
7006 | } |
7007 | |
7008 | /********************************************************************* |
7009 | *********************************************************************/ |
7010 | void |
7011 | _OSKextConsiderUnloads( |
7012 | __unused thread_call_param_t p0, |
7013 | __unused thread_call_param_t p1) |
7014 | { |
7015 | bool didUnload = false; |
7016 | unsigned int count, i; |
7017 | |
7018 | /* Take multiple locks in the correct order |
7019 | * (note also sKextSummaries lock further down). |
7020 | */ |
7021 | IORecursiveLockLock(sKextLock); |
7022 | IORecursiveLockLock(sKextInnerLock); |
7023 | |
7024 | OSKext::flushNonloadedKexts(/* flushPrelinkedKexts */ true); |
7025 | |
7026 | /* If the system is powering down, don't try to unload anything. |
7027 | */ |
7028 | if (sSystemSleep) { |
7029 | goto finish; |
7030 | } |
7031 | |
7032 | OSKextLog(/* kext */ NULL, |
7033 | kOSKextLogProgressLevel | kOSKextLogLoadFlag, |
7034 | "Checking for unused kexts to autounload." ); |
7035 | |
7036 | /***** |
7037 | * Remove any request callbacks marked as stale, |
7038 | * and mark as stale any currently in flight. |
7039 | */ |
7040 | count = sRequestCallbackRecords->getCount(); |
7041 | if (count) { |
7042 | i = count - 1; |
7043 | do { |
7044 | OSDictionary * callbackRecord = OSDynamicCast(OSDictionary, |
7045 | sRequestCallbackRecords->getObject(i)); |
7046 | OSBoolean * stale = OSDynamicCast(OSBoolean, |
7047 | callbackRecord->getObject(kKextRequestStaleKey)); |
7048 | |
7049 | if (stale == kOSBooleanTrue) { |
7050 | OSKext::invokeRequestCallback(callbackRecord, |
7051 | kOSKextReturnTimeout); |
7052 | } else { |
7053 | callbackRecord->setObject(kKextRequestStaleKey, |
7054 | kOSBooleanTrue); |
7055 | } |
7056 | } while (i--); |
7057 | } |
7058 | |
7059 | /***** |
7060 | * Make multiple passes through the array of loaded kexts until |
7061 | * we don't unload any. This handles unwinding of dependency |
7062 | * chains. We have to go *backwards* through the array because |
7063 | * kexts are removed from it when unloaded, and we cannot make |
7064 | * a copy or we'll mess up the retain counts we rely on to |
7065 | * check whether a kext will unload. If only we could have |
7066 | * nonretaining collections like CF has.... |
7067 | */ |
7068 | do { |
7069 | didUnload = false; |
7070 | |
7071 | count = sLoadedKexts->getCount(); |
7072 | if (count) { |
7073 | i = count - 1; |
7074 | do { |
7075 | OSKext * thisKext = OSDynamicCast(OSKext, |
7076 | sLoadedKexts->getObject(i)); |
7077 | didUnload |= (kOSReturnSuccess == OSKext::autounloadKext(thisKext)); |
7078 | } while (i--); |
7079 | } |
7080 | } while (didUnload); |
7081 | |
7082 | finish: |
7083 | sConsiderUnloadsPending = false; |
7084 | sConsiderUnloadsExecuted = true; |
7085 | |
7086 | (void) OSKext::considerRebuildOfPrelinkedKernel(); |
7087 | |
7088 | IORecursiveLockUnlock(sKextInnerLock); |
7089 | IORecursiveLockUnlock(sKextLock); |
7090 | |
7091 | return; |
7092 | } |
7093 | |
7094 | /********************************************************************* |
7095 | * Do not call any function that takes sKextLock here! |
7096 | *********************************************************************/ |
7097 | void OSKext::considerUnloads(Boolean rescheduleOnlyFlag) |
7098 | { |
7099 | AbsoluteTime when; |
7100 | |
7101 | IORecursiveLockLock(sKextInnerLock); |
7102 | |
7103 | if (!sUnloadCallout) { |
7104 | sUnloadCallout = thread_call_allocate(&_OSKextConsiderUnloads, 0); |
7105 | } |
7106 | |
7107 | /* we only reset delay value for unloading if we already have something |
7108 | * pending. rescheduleOnlyFlag should not start the count down. |
7109 | */ |
7110 | if (rescheduleOnlyFlag && !sConsiderUnloadsPending) { |
7111 | goto finish; |
7112 | } |
7113 | |
7114 | thread_call_cancel(sUnloadCallout); |
7115 | if (OSKext::getAutounloadEnabled() && !sSystemSleep) { |
7116 | clock_interval_to_deadline(sConsiderUnloadDelay, |
7117 | 1000 * 1000 * 1000, &when); |
7118 | |
7119 | OSKextLog(/* kext */ NULL, |
7120 | kOSKextLogProgressLevel | |
7121 | kOSKextLogLoadFlag, |
7122 | "%scheduling %sscan for unused kexts in %lu seconds." , |
7123 | sConsiderUnloadsPending ? "Res" : "S" , |
7124 | sConsiderUnloadsCalled ? "" : "initial " , |
7125 | (unsigned long)sConsiderUnloadDelay); |
7126 | |
7127 | sConsiderUnloadsPending = true; |
7128 | thread_call_enter_delayed(sUnloadCallout, when); |
7129 | } |
7130 | |
7131 | finish: |
7132 | /* The kxld context should be reused throughout boot. We mark the end of |
7133 | * period as the first time considerUnloads() is called, and we destroy |
7134 | * the first kxld context in that function. Afterwards, it will be |
7135 | * destroyed in flushNonloadedKexts. |
7136 | */ |
7137 | if (!sConsiderUnloadsCalled) { |
7138 | sConsiderUnloadsCalled = true; |
7139 | OSKext::considerDestroyingLinkContext(); |
7140 | } |
7141 | |
7142 | IORecursiveLockUnlock(sKextInnerLock); |
7143 | return; |
7144 | } |
7145 | |
7146 | /********************************************************************* |
7147 | * Do not call any function that takes sKextLock here! |
7148 | *********************************************************************/ |
7149 | extern "C" { |
7150 | |
7151 | IOReturn OSKextSystemSleepOrWake(UInt32 messageType); |
7152 | IOReturn OSKextSystemSleepOrWake(UInt32 messageType) |
7153 | { |
7154 | IORecursiveLockLock(sKextInnerLock); |
7155 | |
7156 | /* If the system is going to sleep, cancel the reaper thread timer, |
7157 | * and note that we're in a sleep state in case it just fired but hasn't |
7158 | * taken the lock yet. If we are coming back from sleep, just |
7159 | * clear the sleep flag; IOService's normal operation will cause |
7160 | * unloads to be considered soon enough. |
7161 | */ |
7162 | if (messageType == kIOMessageSystemWillSleep) { |
7163 | if (sUnloadCallout) { |
7164 | thread_call_cancel(sUnloadCallout); |
7165 | } |
7166 | sSystemSleep = true; |
7167 | AbsoluteTime_to_scalar(&sLastWakeTime) = 0; |
7168 | } else if (messageType == kIOMessageSystemHasPoweredOn) { |
7169 | sSystemSleep = false; |
7170 | clock_get_uptime(&sLastWakeTime); |
7171 | } |
7172 | IORecursiveLockUnlock(sKextInnerLock); |
7173 | |
7174 | return kIOReturnSuccess; |
7175 | } |
7176 | |
7177 | }; |
7178 | |
7179 | |
7180 | #if PRAGMA_MARK |
7181 | #pragma mark Prelinked Kernel |
7182 | #endif |
7183 | /********************************************************************* |
7184 | * Do not access sConsiderUnloads... variables other than |
7185 | * sConsiderUnloadsExecuted in this function. They are guarded by a |
7186 | * different lock. |
7187 | *********************************************************************/ |
7188 | /* static */ |
7189 | void |
7190 | OSKext::considerRebuildOfPrelinkedKernel(void) |
7191 | { |
7192 | static bool requestedPrelink = false; |
7193 | OSReturn checkResult = kOSReturnError; |
7194 | OSDictionary * prelinkRequest = NULL; // must release |
7195 | OSCollectionIterator * kextIterator = NULL; // must release |
7196 | const OSSymbol * thisID = NULL; // do not release |
7197 | bool doRebuild = false; |
7198 | AbsoluteTime my_abstime; |
7199 | UInt64 my_ns; |
7200 | SInt32 delta_secs; |
7201 | |
7202 | /* Only one auto rebuild per boot and only on boot from prelinked kernel */ |
7203 | if (requestedPrelink || !sPrelinkBoot) { |
7204 | return; |
7205 | } |
7206 | |
7207 | /* no direct return from this point */ |
7208 | IORecursiveLockLock(sKextLock); |
7209 | |
7210 | /* We need to wait for kextd to get up and running with unloads already done |
7211 | * and any new startup kexts loaded. |
7212 | */ |
7213 | if (!sConsiderUnloadsExecuted || |
7214 | !sDeferredLoadSucceeded) { |
7215 | goto finish; |
7216 | } |
7217 | |
7218 | /* we really only care about boot / system start up related kexts so bail |
7219 | * if we're here after REBUILD_MAX_TIME. |
7220 | */ |
7221 | if (!_OSKextInPrelinkRebuildWindow()) { |
7222 | OSKextLog(/* kext */ NULL, |
7223 | kOSKextLogArchiveFlag, |
7224 | "%s prebuild rebuild has expired" , |
7225 | __FUNCTION__); |
7226 | requestedPrelink = true; |
7227 | goto finish; |
7228 | } |
7229 | |
7230 | /* we do not want to trigger a rebuild if we get here too close to waking |
7231 | * up. (see radar 10233768) |
7232 | */ |
7233 | IORecursiveLockLock(sKextInnerLock); |
7234 | |
7235 | clock_get_uptime(&my_abstime); |
7236 | delta_secs = MINIMUM_WAKEUP_SECONDS + 1; |
7237 | if (AbsoluteTime_to_scalar(&sLastWakeTime) != 0) { |
7238 | SUB_ABSOLUTETIME(&my_abstime, &sLastWakeTime); |
7239 | absolutetime_to_nanoseconds(my_abstime, &my_ns); |
7240 | delta_secs = (SInt32)(my_ns / NSEC_PER_SEC); |
7241 | } |
7242 | IORecursiveLockUnlock(sKextInnerLock); |
7243 | |
7244 | if (delta_secs < MINIMUM_WAKEUP_SECONDS) { |
7245 | /* too close to time of last wake from sleep */ |
7246 | goto finish; |
7247 | } |
7248 | requestedPrelink = true; |
7249 | |
7250 | /* Now it's time to see if we have a reason to rebuild. We may have done |
7251 | * some loads and unloads but the kernel cache didn't actually change. |
7252 | * We will rebuild if any kext is not marked prelinked AND is not in our |
7253 | * list of prelinked kexts that got unloaded. (see radar 9055303) |
7254 | */ |
7255 | kextIterator = OSCollectionIterator::withCollection(sKextsByID); |
7256 | if (!kextIterator) { |
7257 | goto finish; |
7258 | } |
7259 | |
7260 | while ((thisID = OSDynamicCast(OSSymbol, kextIterator->getNextObject()))) { |
7261 | OSKext * thisKext; // do not release |
7262 | |
7263 | thisKext = OSDynamicCast(OSKext, sKextsByID->getObject(thisID)); |
7264 | if (!thisKext || thisKext->isPrelinked() || thisKext->isKernel()) { |
7265 | continue; |
7266 | } |
7267 | |
7268 | if (_OSKextInUnloadedPrelinkedKexts(thisKext->bundleID)) { |
7269 | continue; |
7270 | } |
7271 | /* kext is loaded and was not in current kernel cache so let's rebuild |
7272 | */ |
7273 | doRebuild = true; |
7274 | OSKextLog(/* kext */ NULL, |
7275 | kOSKextLogArchiveFlag, |
7276 | "considerRebuildOfPrelinkedKernel %s triggered rebuild" , |
7277 | thisKext->bundleID->getCStringNoCopy()); |
7278 | break; |
7279 | } |
7280 | sUnloadedPrelinkedKexts->flushCollection(); |
7281 | |
7282 | if (!doRebuild) { |
7283 | goto finish; |
7284 | } |
7285 | |
7286 | checkResult = _OSKextCreateRequest(kKextRequestPredicateRequestPrelink, |
7287 | &prelinkRequest); |
7288 | if (checkResult != kOSReturnSuccess) { |
7289 | goto finish; |
7290 | } |
7291 | |
7292 | if (!sKernelRequests->setObject(prelinkRequest)) { |
7293 | goto finish; |
7294 | } |
7295 | |
7296 | OSKext::pingKextd(); |
7297 | |
7298 | finish: |
7299 | IORecursiveLockUnlock(sKextLock); |
7300 | OSSafeReleaseNULL(prelinkRequest); |
7301 | OSSafeReleaseNULL(kextIterator); |
7302 | |
7303 | return; |
7304 | } |
7305 | |
7306 | #if PRAGMA_MARK |
7307 | #pragma mark Dependencies |
7308 | #endif |
7309 | /********************************************************************* |
7310 | *********************************************************************/ |
7311 | bool |
7312 | OSKext::resolveDependencies( |
7313 | OSArray * loopStack) |
7314 | { |
7315 | bool result = false; |
7316 | OSArray * localLoopStack = NULL; // must release |
7317 | bool addedToLoopStack = false; |
7318 | OSDictionary * libraries = NULL; // do not release |
7319 | OSCollectionIterator * libraryIterator = NULL; // must release |
7320 | OSString * libraryID = NULL; // do not release |
7321 | OSString * infoString = NULL; // do not release |
7322 | OSString * readableString = NULL; // do not release |
7323 | OSKext * libraryKext = NULL; // do not release |
7324 | bool hasRawKernelDependency = false; |
7325 | bool hasKernelDependency = false; |
7326 | bool hasKPIDependency = false; |
7327 | bool hasPrivateKPIDependency = false; |
7328 | unsigned int count; |
7329 | |
7330 | /* A kernel component will automatically have this flag set, |
7331 | * and a loaded kext should also have it set (as should all its |
7332 | * loaded dependencies). |
7333 | */ |
7334 | if (flags.hasAllDependencies) { |
7335 | result = true; |
7336 | goto finish; |
7337 | } |
7338 | |
7339 | /* Check for loops in the dependency graph. |
7340 | */ |
7341 | if (loopStack) { |
7342 | if (loopStack->getNextIndexOfObject(this, 0) != (unsigned int)-1) { |
7343 | OSKextLog(this, |
7344 | kOSKextLogErrorLevel | |
7345 | kOSKextLogDependenciesFlag, |
7346 | "Kext %s has a dependency loop; can't resolve dependencies." , |
7347 | getIdentifierCString()); |
7348 | goto finish; |
7349 | } |
7350 | } else { |
7351 | OSKextLog(this, |
7352 | kOSKextLogStepLevel | |
7353 | kOSKextLogDependenciesFlag, |
7354 | "Kext %s resolving dependencies." , |
7355 | getIdentifierCString()); |
7356 | |
7357 | loopStack = OSArray::withCapacity(6); // any small capacity will do |
7358 | if (!loopStack) { |
7359 | OSKextLog(this, |
7360 | kOSKextLogErrorLevel | |
7361 | kOSKextLogDependenciesFlag, |
7362 | "Kext %s can't create bookkeeping stack to resolve dependencies." , |
7363 | getIdentifierCString()); |
7364 | goto finish; |
7365 | } |
7366 | localLoopStack = loopStack; |
7367 | } |
7368 | if (!loopStack->setObject(this)) { |
7369 | OSKextLog(this, |
7370 | kOSKextLogErrorLevel | |
7371 | kOSKextLogDependenciesFlag, |
7372 | "Kext %s - internal error resolving dependencies." , |
7373 | getIdentifierCString()); |
7374 | goto finish; |
7375 | } |
7376 | addedToLoopStack = true; |
7377 | |
7378 | /* Purge any existing kexts in the dependency list and start over. |
7379 | */ |
7380 | flushDependencies(); |
7381 | if (dependencies) { |
7382 | OSKextLog(this, |
7383 | kOSKextLogErrorLevel | |
7384 | kOSKextLogDependenciesFlag, |
7385 | "Kext %s - internal error resolving dependencies." , |
7386 | getIdentifierCString()); |
7387 | } |
7388 | |
7389 | libraries = OSDynamicCast(OSDictionary, |
7390 | getPropertyForHostArch(kOSBundleLibrariesKey)); |
7391 | if (libraries == NULL || libraries->getCount() == 0) { |
7392 | OSKextLog(this, |
7393 | kOSKextLogErrorLevel | |
7394 | kOSKextLogValidationFlag | kOSKextLogDependenciesFlag, |
7395 | "Kext %s - can't resolve dependencies; %s missing/invalid type." , |
7396 | getIdentifierCString(), kOSBundleLibrariesKey); |
7397 | goto finish; |
7398 | } |
7399 | |
7400 | /* Make a new array to hold the dependencies (flush freed the old one). |
7401 | */ |
7402 | dependencies = OSArray::withCapacity(libraries->getCount()); |
7403 | if (!dependencies) { |
7404 | OSKextLog(this, |
7405 | kOSKextLogErrorLevel | |
7406 | kOSKextLogDependenciesFlag, |
7407 | "Kext %s - can't allocate dependencies array." , |
7408 | getIdentifierCString()); |
7409 | goto finish; |
7410 | } |
7411 | |
7412 | // xxx - compat: We used to add an implicit dependency on kernel 6.0 |
7413 | // xxx - compat: if none were declared. |
7414 | |
7415 | libraryIterator = OSCollectionIterator::withCollection(libraries); |
7416 | if (!libraryIterator) { |
7417 | OSKextLog(this, |
7418 | kOSKextLogErrorLevel | |
7419 | kOSKextLogDependenciesFlag, |
7420 | "Kext %s - can't allocate dependencies iterator." , |
7421 | getIdentifierCString()); |
7422 | goto finish; |
7423 | } |
7424 | |
7425 | while ((libraryID = OSDynamicCast(OSString, |
7426 | libraryIterator->getNextObject()))) { |
7427 | |
7428 | const char * library_id = libraryID->getCStringNoCopy(); |
7429 | |
7430 | OSString * libraryVersion = OSDynamicCast(OSString, |
7431 | libraries->getObject(libraryID)); |
7432 | if (libraryVersion == NULL) { |
7433 | OSKextLog(this, |
7434 | kOSKextLogErrorLevel | |
7435 | kOSKextLogValidationFlag | kOSKextLogDependenciesFlag, |
7436 | "Kext %s - illegal type in OSBundleLibraries." , |
7437 | getIdentifierCString()); |
7438 | goto finish; |
7439 | } |
7440 | |
7441 | OSKextVersion libraryVers = |
7442 | OSKextParseVersionString(libraryVersion->getCStringNoCopy()); |
7443 | if (libraryVers == -1) { |
7444 | OSKextLog(this, |
7445 | kOSKextLogErrorLevel | |
7446 | kOSKextLogValidationFlag | kOSKextLogDependenciesFlag, |
7447 | "Kext %s - invalid library version %s." , |
7448 | getIdentifierCString(), |
7449 | libraryVersion->getCStringNoCopy()); |
7450 | goto finish; |
7451 | } |
7452 | |
7453 | libraryKext = OSDynamicCast(OSKext, sKextsByID->getObject(libraryID)); |
7454 | if (libraryKext == NULL) { |
7455 | OSKextLog(this, |
7456 | kOSKextLogErrorLevel | |
7457 | kOSKextLogDependenciesFlag, |
7458 | "Kext %s - library kext %s not found." , |
7459 | getIdentifierCString(), library_id); |
7460 | goto finish; |
7461 | } |
7462 | |
7463 | if (!libraryKext->isCompatibleWithVersion(libraryVers)) { |
7464 | OSKextLog(this, |
7465 | kOSKextLogErrorLevel | |
7466 | kOSKextLogDependenciesFlag, |
7467 | "Kext %s - library kext %s not compatible " |
7468 | "with requested version %s." , |
7469 | getIdentifierCString(), library_id, |
7470 | libraryVersion->getCStringNoCopy()); |
7471 | goto finish; |
7472 | } |
7473 | |
7474 | /* If a nonprelinked library somehow got into the mix for a |
7475 | * prelinked kext, at any point in the chain, we must fail |
7476 | * because the prelinked relocs for the library will be all wrong. |
7477 | */ |
7478 | if (this->isPrelinked() && |
7479 | libraryKext->declaresExecutable() && |
7480 | !libraryKext->isPrelinked()) { |
7481 | |
7482 | OSKextLog(this, |
7483 | kOSKextLogErrorLevel | |
7484 | kOSKextLogDependenciesFlag, |
7485 | "Kext %s (prelinked) - library kext %s (v%s) not prelinked." , |
7486 | getIdentifierCString(), library_id, |
7487 | libraryVersion->getCStringNoCopy()); |
7488 | goto finish; |
7489 | } |
7490 | |
7491 | if (!libraryKext->resolveDependencies(loopStack)) { |
7492 | goto finish; |
7493 | } |
7494 | |
7495 | /* Add the library directly only if it has an executable to link. |
7496 | * Otherwise it's just used to collect other dependencies, so put |
7497 | * *its* dependencies on the list for this kext. |
7498 | */ |
7499 | // xxx - We are losing info here; would like to make fake entries or |
7500 | // xxx - keep these in the dependency graph for loaded kexts. |
7501 | // xxx - I really want to make kernel components not a special case! |
7502 | if (libraryKext->declaresExecutable() || |
7503 | libraryKext->isInterface()) { |
7504 | |
7505 | if (dependencies->getNextIndexOfObject(libraryKext, 0) == (unsigned)-1) { |
7506 | dependencies->setObject(libraryKext); |
7507 | |
7508 | OSKextLog(this, |
7509 | kOSKextLogDetailLevel | |
7510 | kOSKextLogDependenciesFlag, |
7511 | "Kext %s added dependency %s." , |
7512 | getIdentifierCString(), |
7513 | libraryKext->getIdentifierCString()); |
7514 | } |
7515 | } else { |
7516 | int numLibDependencies = libraryKext->getNumDependencies(); |
7517 | OSArray * libraryDependencies = libraryKext->getDependencies(); |
7518 | int index; |
7519 | |
7520 | if (numLibDependencies) { |
7521 | // xxx - this msg level should be 1 lower than the per-kext one |
7522 | OSKextLog(this, |
7523 | kOSKextLogDetailLevel | |
7524 | kOSKextLogDependenciesFlag, |
7525 | "Kext %s pulling %d dependencies from codeless library %s." , |
7526 | getIdentifierCString(), |
7527 | numLibDependencies, |
7528 | libraryKext->getIdentifierCString()); |
7529 | } |
7530 | for (index = 0; index < numLibDependencies; index++) { |
7531 | OSKext * thisLibDependency = OSDynamicCast(OSKext, |
7532 | libraryDependencies->getObject(index)); |
7533 | if (dependencies->getNextIndexOfObject(thisLibDependency, 0) == (unsigned)-1) { |
7534 | dependencies->setObject(thisLibDependency); |
7535 | OSKextLog(this, |
7536 | kOSKextLogDetailLevel | |
7537 | kOSKextLogDependenciesFlag, |
7538 | "Kext %s added dependency %s from codeless library %s." , |
7539 | getIdentifierCString(), |
7540 | thisLibDependency->getIdentifierCString(), |
7541 | libraryKext->getIdentifierCString()); |
7542 | } |
7543 | } |
7544 | } |
7545 | |
7546 | if ((strlen(library_id) == strlen(KERNEL_LIB)) && |
7547 | 0 == strncmp(library_id, KERNEL_LIB, sizeof(KERNEL_LIB)-1)) { |
7548 | |
7549 | hasRawKernelDependency = true; |
7550 | } else if (STRING_HAS_PREFIX(library_id, KERNEL_LIB_PREFIX)) { |
7551 | hasKernelDependency = true; |
7552 | } else if (STRING_HAS_PREFIX(library_id, KPI_LIB_PREFIX)) { |
7553 | hasKPIDependency = true; |
7554 | if (!strncmp(library_id, PRIVATE_KPI, sizeof(PRIVATE_KPI)-1)) { |
7555 | hasPrivateKPIDependency = true; |
7556 | } |
7557 | } |
7558 | } |
7559 | |
7560 | if (hasRawKernelDependency) { |
7561 | OSKextLog(this, |
7562 | kOSKextLogErrorLevel | |
7563 | kOSKextLogValidationFlag | kOSKextLogDependenciesFlag, |
7564 | "Error - kext %s declares a dependency on %s, which is not permitted." , |
7565 | getIdentifierCString(), KERNEL_LIB); |
7566 | goto finish; |
7567 | } |
7568 | #if __LP64__ |
7569 | if (hasKernelDependency) { |
7570 | OSKextLog(this, |
7571 | kOSKextLogErrorLevel | |
7572 | kOSKextLogValidationFlag | kOSKextLogDependenciesFlag, |
7573 | "Error - kext %s declares %s dependencies. " |
7574 | "Only %s* dependencies are supported for 64-bit kexts." , |
7575 | getIdentifierCString(), KERNEL_LIB, KPI_LIB_PREFIX); |
7576 | goto finish; |
7577 | } |
7578 | if (!hasKPIDependency) { |
7579 | OSKextLog(this, |
7580 | kOSKextLogWarningLevel | |
7581 | kOSKextLogDependenciesFlag, |
7582 | "Warning - kext %s declares no %s* dependencies. " |
7583 | "If it uses any KPIs, the link may fail with undefined symbols." , |
7584 | getIdentifierCString(), KPI_LIB_PREFIX); |
7585 | } |
7586 | #else /* __LP64__ */ |
7587 | // xxx - will change to flatly disallow "kernel" dependencies at some point |
7588 | // xxx - is it invalid to do both "com.apple.kernel" and any |
7589 | // xxx - "com.apple.kernel.*"? |
7590 | |
7591 | if (hasKernelDependency && hasKPIDependency) { |
7592 | OSKextLog(this, |
7593 | kOSKextLogWarningLevel | |
7594 | kOSKextLogDependenciesFlag, |
7595 | "Warning - kext %s has immediate dependencies on both " |
7596 | "%s* and %s* components; use only one style." , |
7597 | getIdentifierCString(), KERNEL_LIB, KPI_LIB_PREFIX); |
7598 | } |
7599 | |
7600 | if (!hasKernelDependency && !hasKPIDependency) { |
7601 | // xxx - do we want to use validation flag for these too? |
7602 | OSKextLog(this, |
7603 | kOSKextLogWarningLevel | |
7604 | kOSKextLogDependenciesFlag, |
7605 | "Warning - %s declares no kernel dependencies; using %s." , |
7606 | getIdentifierCString(), KERNEL6_LIB); |
7607 | OSKext * kernelKext = OSDynamicCast(OSKext, |
7608 | sKextsByID->getObject(KERNEL6_LIB)); |
7609 | if (kernelKext) { |
7610 | dependencies->setObject(kernelKext); |
7611 | } else { |
7612 | OSKextLog(this, |
7613 | kOSKextLogErrorLevel | |
7614 | kOSKextLogDependenciesFlag, |
7615 | "Error - Library %s not found for %s." , |
7616 | KERNEL6_LIB, getIdentifierCString()); |
7617 | } |
7618 | } |
7619 | |
7620 | /* If the kext doesn't have a raw kernel or KPI dependency, then add all of |
7621 | * its indirect dependencies to simulate old-style linking. XXX - Should |
7622 | * check for duplicates. |
7623 | */ |
7624 | if (!hasKPIDependency) { |
7625 | unsigned int i; |
7626 | |
7627 | flags.hasBleedthrough = true; |
7628 | |
7629 | count = getNumDependencies(); |
7630 | |
7631 | /* We add to the dependencies array in this loop, but do not iterate |
7632 | * past its original count. |
7633 | */ |
7634 | for (i = 0; i < count; i++) { |
7635 | OSKext * dependencyKext = OSDynamicCast(OSKext, |
7636 | dependencies->getObject(i)); |
7637 | dependencyKext->addBleedthroughDependencies(dependencies); |
7638 | } |
7639 | } |
7640 | #endif /* __LP64__ */ |
7641 | |
7642 | if (hasPrivateKPIDependency) { |
7643 | bool hasApplePrefix = false; |
7644 | bool infoCopyrightIsValid = false; |
7645 | bool readableCopyrightIsValid = false; |
7646 | |
7647 | hasApplePrefix = STRING_HAS_PREFIX(getIdentifierCString(), |
7648 | APPLE_KEXT_PREFIX); |
7649 | |
7650 | infoString = OSDynamicCast(OSString, |
7651 | getPropertyForHostArch("CFBundleGetInfoString" )); |
7652 | if (infoString) { |
7653 | infoCopyrightIsValid = |
7654 | kxld_validate_copyright_string(infoString->getCStringNoCopy()); |
7655 | } |
7656 | |
7657 | readableString = OSDynamicCast(OSString, |
7658 | getPropertyForHostArch("NSHumanReadableCopyright" )); |
7659 | if (readableString) { |
7660 | readableCopyrightIsValid = |
7661 | kxld_validate_copyright_string(readableString->getCStringNoCopy()); |
7662 | } |
7663 | |
7664 | if (!hasApplePrefix || (!infoCopyrightIsValid && !readableCopyrightIsValid)) { |
7665 | OSKextLog(this, |
7666 | kOSKextLogErrorLevel | |
7667 | kOSKextLogDependenciesFlag, |
7668 | "Error - kext %s declares a dependency on %s. " |
7669 | "Only Apple kexts may declare a dependency on %s." , |
7670 | getIdentifierCString(), PRIVATE_KPI, PRIVATE_KPI); |
7671 | goto finish; |
7672 | } |
7673 | } |
7674 | |
7675 | result = true; |
7676 | flags.hasAllDependencies = 1; |
7677 | |
7678 | finish: |
7679 | |
7680 | if (addedToLoopStack) { |
7681 | count = loopStack->getCount(); |
7682 | if (count > 0 && (this == loopStack->getObject(count - 1))) { |
7683 | loopStack->removeObject(count - 1); |
7684 | } else { |
7685 | OSKextLog(this, |
7686 | kOSKextLogErrorLevel | |
7687 | kOSKextLogDependenciesFlag, |
7688 | "Kext %s - internal error resolving dependencies." , |
7689 | getIdentifierCString()); |
7690 | } |
7691 | } |
7692 | |
7693 | if (result && localLoopStack) { |
7694 | OSKextLog(this, |
7695 | kOSKextLogStepLevel | |
7696 | kOSKextLogDependenciesFlag, |
7697 | "Kext %s successfully resolved dependencies." , |
7698 | getIdentifierCString()); |
7699 | } |
7700 | |
7701 | OSSafeReleaseNULL(localLoopStack); |
7702 | OSSafeReleaseNULL(libraryIterator); |
7703 | |
7704 | return result; |
7705 | } |
7706 | |
7707 | /********************************************************************* |
7708 | *********************************************************************/ |
7709 | bool |
7710 | OSKext::addBleedthroughDependencies(OSArray * anArray) |
7711 | { |
7712 | bool result = false; |
7713 | unsigned int dependencyIndex, dependencyCount; |
7714 | |
7715 | dependencyCount = getNumDependencies(); |
7716 | |
7717 | for (dependencyIndex = 0; |
7718 | dependencyIndex < dependencyCount; |
7719 | dependencyIndex++) { |
7720 | |
7721 | OSKext * dependency = OSDynamicCast(OSKext, |
7722 | dependencies->getObject(dependencyIndex)); |
7723 | if (!dependency) { |
7724 | OSKextLog(this, |
7725 | kOSKextLogErrorLevel | |
7726 | kOSKextLogDependenciesFlag, |
7727 | "Kext %s - internal error propagating compatibility dependencies." , |
7728 | getIdentifierCString()); |
7729 | goto finish; |
7730 | } |
7731 | if (anArray->getNextIndexOfObject(dependency, 0) == (unsigned int)-1) { |
7732 | anArray->setObject(dependency); |
7733 | } |
7734 | dependency->addBleedthroughDependencies(anArray); |
7735 | } |
7736 | |
7737 | result = true; |
7738 | |
7739 | finish: |
7740 | return result; |
7741 | } |
7742 | |
7743 | /********************************************************************* |
7744 | *********************************************************************/ |
7745 | bool |
7746 | OSKext::flushDependencies(bool forceFlag) |
7747 | { |
7748 | bool result = false; |
7749 | |
7750 | /* Only clear the dependencies if the kext isn't loaded; |
7751 | * we need the info for loaded kexts to track references. |
7752 | */ |
7753 | if (!isLoaded() || forceFlag) { |
7754 | if (dependencies) { |
7755 | // xxx - check level |
7756 | OSKextLog(this, |
7757 | kOSKextLogProgressLevel | |
7758 | kOSKextLogDependenciesFlag, |
7759 | "Kext %s flushing dependencies." , |
7760 | getIdentifierCString()); |
7761 | OSSafeReleaseNULL(dependencies); |
7762 | |
7763 | } |
7764 | if (!isKernelComponent()) { |
7765 | flags.hasAllDependencies = 0; |
7766 | } |
7767 | result = true; |
7768 | } |
7769 | |
7770 | return result; |
7771 | } |
7772 | |
7773 | /********************************************************************* |
7774 | *********************************************************************/ |
7775 | uint32_t |
7776 | OSKext::getNumDependencies(void) |
7777 | { |
7778 | if (!dependencies) { |
7779 | return 0; |
7780 | } |
7781 | return dependencies->getCount(); |
7782 | } |
7783 | |
7784 | /********************************************************************* |
7785 | *********************************************************************/ |
7786 | OSArray * |
7787 | OSKext::getDependencies(void) |
7788 | { |
7789 | return dependencies; |
7790 | } |
7791 | |
7792 | #if PRAGMA_MARK |
7793 | #pragma mark OSMetaClass Support |
7794 | #endif |
7795 | /********************************************************************* |
7796 | *********************************************************************/ |
7797 | OSReturn |
7798 | OSKext::addClass( |
7799 | OSMetaClass * aClass, |
7800 | uint32_t numClasses) |
7801 | { |
7802 | OSReturn result = kOSMetaClassNoInsKModSet; |
7803 | |
7804 | if (!metaClasses) { |
7805 | metaClasses = OSSet::withCapacity(numClasses); |
7806 | if (!metaClasses) { |
7807 | goto finish; |
7808 | } |
7809 | } |
7810 | |
7811 | if (metaClasses->containsObject(aClass)) { |
7812 | OSKextLog(this, |
7813 | kOSKextLogWarningLevel | |
7814 | kOSKextLogLoadFlag, |
7815 | "Notice - kext %s has already registered class %s." , |
7816 | getIdentifierCString(), |
7817 | aClass->getClassName()); |
7818 | result = kOSReturnSuccess; |
7819 | goto finish; |
7820 | } |
7821 | |
7822 | if (!metaClasses->setObject(aClass)) { |
7823 | goto finish; |
7824 | } else { |
7825 | OSKextLog(this, |
7826 | kOSKextLogDetailLevel | |
7827 | kOSKextLogLoadFlag, |
7828 | "Kext %s registered class %s." , |
7829 | getIdentifierCString(), |
7830 | aClass->getClassName()); |
7831 | } |
7832 | |
7833 | if (!flags.autounloadEnabled) { |
7834 | const OSMetaClass * metaScan = NULL; // do not release |
7835 | |
7836 | for (metaScan = aClass; metaScan; metaScan = metaScan->getSuperClass()) { |
7837 | if (metaScan == OSTypeID(IOService)) { |
7838 | |
7839 | OSKextLog(this, |
7840 | kOSKextLogProgressLevel | |
7841 | kOSKextLogLoadFlag, |
7842 | "Kext %s has IOService subclass %s; enabling autounload." , |
7843 | getIdentifierCString(), |
7844 | aClass->getClassName()); |
7845 | |
7846 | flags.autounloadEnabled = 1; |
7847 | break; |
7848 | } |
7849 | } |
7850 | } |
7851 | |
7852 | notifyAddClassObservers(this, aClass, flags); |
7853 | |
7854 | result = kOSReturnSuccess; |
7855 | |
7856 | finish: |
7857 | if (result != kOSReturnSuccess) { |
7858 | OSKextLog(this, |
7859 | kOSKextLogErrorLevel | |
7860 | kOSKextLogLoadFlag, |
7861 | "Kext %s failed to register class %s." , |
7862 | getIdentifierCString(), |
7863 | aClass->getClassName()); |
7864 | } |
7865 | |
7866 | return result; |
7867 | } |
7868 | |
7869 | /********************************************************************* |
7870 | *********************************************************************/ |
7871 | OSReturn |
7872 | OSKext::removeClass( |
7873 | OSMetaClass * aClass) |
7874 | { |
7875 | OSReturn result = kOSMetaClassNoKModSet; |
7876 | |
7877 | if (!metaClasses) { |
7878 | goto finish; |
7879 | } |
7880 | |
7881 | if (!metaClasses->containsObject(aClass)) { |
7882 | OSKextLog(this, |
7883 | kOSKextLogWarningLevel | |
7884 | kOSKextLogLoadFlag, |
7885 | "Notice - kext %s asked to unregister unknown class %s." , |
7886 | getIdentifierCString(), |
7887 | aClass->getClassName()); |
7888 | result = kOSReturnSuccess; |
7889 | goto finish; |
7890 | } |
7891 | |
7892 | OSKextLog(this, |
7893 | kOSKextLogDetailLevel | |
7894 | kOSKextLogLoadFlag, |
7895 | "Kext %s unregistering class %s." , |
7896 | getIdentifierCString(), |
7897 | aClass->getClassName()); |
7898 | |
7899 | metaClasses->removeObject(aClass); |
7900 | |
7901 | notifyRemoveClassObservers(this, aClass, flags); |
7902 | |
7903 | result = kOSReturnSuccess; |
7904 | |
7905 | finish: |
7906 | if (result != kOSReturnSuccess) { |
7907 | OSKextLog(this, |
7908 | kOSKextLogErrorLevel | |
7909 | kOSKextLogLoadFlag, |
7910 | "Failed to unregister kext %s class %s." , |
7911 | getIdentifierCString(), |
7912 | aClass->getClassName()); |
7913 | } |
7914 | return result; |
7915 | } |
7916 | |
7917 | /********************************************************************* |
7918 | *********************************************************************/ |
7919 | OSSet * |
7920 | OSKext::getMetaClasses(void) |
7921 | { |
7922 | return metaClasses; |
7923 | } |
7924 | |
7925 | /********************************************************************* |
7926 | *********************************************************************/ |
7927 | bool |
7928 | OSKext::hasOSMetaClassInstances(void) |
7929 | { |
7930 | bool result = false; |
7931 | OSCollectionIterator * classIterator = NULL; // must release |
7932 | OSMetaClass * checkClass = NULL; // do not release |
7933 | |
7934 | if (!metaClasses) { |
7935 | goto finish; |
7936 | } |
7937 | |
7938 | classIterator = OSCollectionIterator::withCollection(metaClasses); |
7939 | if (!classIterator) { |
7940 | // xxx - log alloc failure? |
7941 | goto finish; |
7942 | } |
7943 | while ((checkClass = (OSMetaClass *)classIterator->getNextObject())) { |
7944 | if (checkClass->getInstanceCount()) { |
7945 | result = true; |
7946 | goto finish; |
7947 | } |
7948 | } |
7949 | |
7950 | finish: |
7951 | |
7952 | OSSafeReleaseNULL(classIterator); |
7953 | return result; |
7954 | } |
7955 | |
7956 | /********************************************************************* |
7957 | *********************************************************************/ |
7958 | /* static */ |
7959 | void |
7960 | OSKext::reportOSMetaClassInstances( |
7961 | const char * kextIdentifier, |
7962 | OSKextLogSpec msgLogSpec) |
7963 | { |
7964 | OSKext * theKext = NULL; // must release |
7965 | |
7966 | theKext = OSKext::lookupKextWithIdentifier(kextIdentifier); |
7967 | if (!theKext) { |
7968 | goto finish; |
7969 | } |
7970 | |
7971 | theKext->reportOSMetaClassInstances(msgLogSpec); |
7972 | finish: |
7973 | OSSafeReleaseNULL(theKext); |
7974 | return; |
7975 | } |
7976 | |
7977 | /********************************************************************* |
7978 | *********************************************************************/ |
7979 | void |
7980 | OSKext::reportOSMetaClassInstances(OSKextLogSpec msgLogSpec) |
7981 | { |
7982 | OSCollectionIterator * classIterator = NULL; // must release |
7983 | OSMetaClass * checkClass = NULL; // do not release |
7984 | |
7985 | if (!metaClasses) { |
7986 | goto finish; |
7987 | } |
7988 | |
7989 | classIterator = OSCollectionIterator::withCollection(metaClasses); |
7990 | if (!classIterator) { |
7991 | goto finish; |
7992 | } |
7993 | while ((checkClass = (OSMetaClass *)classIterator->getNextObject())) { |
7994 | if (checkClass->getInstanceCount()) { |
7995 | OSKextLog(this, |
7996 | msgLogSpec, |
7997 | " Kext %s class %s has %d instance%s." , |
7998 | getIdentifierCString(), |
7999 | checkClass->getClassName(), |
8000 | checkClass->getInstanceCount(), |
8001 | checkClass->getInstanceCount() == 1 ? "" : "s" ); |
8002 | } |
8003 | } |
8004 | |
8005 | finish: |
8006 | OSSafeReleaseNULL(classIterator); |
8007 | return; |
8008 | } |
8009 | |
8010 | #if PRAGMA_MARK |
8011 | #pragma mark User-Space Requests |
8012 | #endif |
8013 | /********************************************************************* |
8014 | * XXX - this function is a big ugly mess |
8015 | *********************************************************************/ |
8016 | /* static */ |
8017 | OSReturn |
8018 | OSKext::handleRequest( |
8019 | host_priv_t hostPriv, |
8020 | OSKextLogSpec clientLogFilter, |
8021 | char * requestBuffer, |
8022 | uint32_t requestLength, |
8023 | char ** responseOut, |
8024 | uint32_t * responseLengthOut, |
8025 | char ** logInfoOut, |
8026 | uint32_t * logInfoLengthOut) |
8027 | { |
8028 | OSReturn result = kOSReturnError; |
8029 | kern_return_t kmem_result = KERN_FAILURE; |
8030 | |
8031 | char * response = NULL; // returned by reference |
8032 | uint32_t responseLength = 0; |
8033 | |
8034 | OSObject * parsedXML = NULL; // must release |
8035 | OSDictionary * requestDict = NULL; // do not release |
8036 | OSString * errorString = NULL; // must release |
8037 | |
8038 | OSObject * responseObject = NULL; // must release |
8039 | |
8040 | OSSerialize * serializer = NULL; // must release |
8041 | |
8042 | OSArray * logInfoArray = NULL; // must release |
8043 | |
8044 | OSString * predicate = NULL; // do not release |
8045 | OSString * kextIdentifier = NULL; // do not release |
8046 | OSArray * kextIdentifiers = NULL; // do not release |
8047 | OSKext * theKext = NULL; // do not release |
8048 | OSBoolean * boolArg = NULL; // do not release |
8049 | |
8050 | IORecursiveLockLock(sKextLock); |
8051 | |
8052 | if (responseOut) { |
8053 | *responseOut = NULL; |
8054 | *responseLengthOut = 0; |
8055 | } |
8056 | if (logInfoOut) { |
8057 | *logInfoOut = NULL; |
8058 | *logInfoLengthOut = 0; |
8059 | } |
8060 | |
8061 | OSKext::setUserSpaceLogFilter(clientLogFilter, logInfoOut ? true : false); |
8062 | |
8063 | /* XML must be nul-terminated. |
8064 | */ |
8065 | if (requestBuffer[requestLength - 1] != '\0') { |
8066 | OSKextLog(/* kext */ NULL, |
8067 | kOSKextLogErrorLevel | |
8068 | kOSKextLogIPCFlag, |
8069 | "Invalid request from user space (not nul-terminated)." ); |
8070 | result = kOSKextReturnBadData; |
8071 | goto finish; |
8072 | } |
8073 | parsedXML = OSUnserializeXML((const char *)requestBuffer, &errorString); |
8074 | if (parsedXML) { |
8075 | requestDict = OSDynamicCast(OSDictionary, parsedXML); |
8076 | } |
8077 | if (!requestDict) { |
8078 | const char * errorCString = "(unknown error)" ; |
8079 | |
8080 | if (errorString && errorString->getCStringNoCopy()) { |
8081 | errorCString = errorString->getCStringNoCopy(); |
8082 | } else if (parsedXML) { |
8083 | errorCString = "not a dictionary" ; |
8084 | } |
8085 | OSKextLog(/* kext */ NULL, |
8086 | kOSKextLogErrorLevel | |
8087 | kOSKextLogIPCFlag, |
8088 | "Error unserializing request from user space: %s." , |
8089 | errorCString); |
8090 | result = kOSKextReturnSerialization; |
8091 | goto finish; |
8092 | } |
8093 | |
8094 | predicate = _OSKextGetRequestPredicate(requestDict); |
8095 | if (!predicate) { |
8096 | OSKextLog(/* kext */ NULL, |
8097 | kOSKextLogErrorLevel | |
8098 | kOSKextLogIPCFlag, |
8099 | "Recieved kext request from user space with no predicate." ); |
8100 | result = kOSKextReturnInvalidArgument; |
8101 | goto finish; |
8102 | } |
8103 | |
8104 | OSKextLog(/* kext */ NULL, |
8105 | kOSKextLogDebugLevel | |
8106 | kOSKextLogIPCFlag, |
8107 | "Received '%s' request from user space." , |
8108 | predicate->getCStringNoCopy()); |
8109 | |
8110 | result = kOSKextReturnNotPrivileged; |
8111 | if (hostPriv == HOST_PRIV_NULL) { |
8112 | /* must be root to use these kext requests */ |
8113 | if (predicate->isEqualTo(kKextRequestPredicateUnload) || |
8114 | predicate->isEqualTo(kKextRequestPredicateStart) || |
8115 | predicate->isEqualTo(kKextRequestPredicateStop) || |
8116 | predicate->isEqualTo(kKextRequestPredicateGetKernelRequests) || |
8117 | predicate->isEqualTo(kKextRequestPredicateSendResource) ) { |
8118 | OSKextLog(/* kext */ NULL, |
8119 | kOSKextLogErrorLevel | |
8120 | kOSKextLogIPCFlag, |
8121 | "Access Failure - must be root user." ); |
8122 | goto finish; |
8123 | } |
8124 | } |
8125 | |
8126 | /* Get common args in anticipation of use. |
8127 | */ |
8128 | kextIdentifier = OSDynamicCast(OSString, _OSKextGetRequestArgument( |
8129 | requestDict, kKextRequestArgumentBundleIdentifierKey)); |
8130 | kextIdentifiers = OSDynamicCast(OSArray, _OSKextGetRequestArgument( |
8131 | requestDict, kKextRequestArgumentBundleIdentifierKey)); |
8132 | if (kextIdentifier) { |
8133 | theKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextIdentifier)); |
8134 | } |
8135 | boolArg = OSDynamicCast(OSBoolean, _OSKextGetRequestArgument( |
8136 | requestDict, kKextRequestArgumentValueKey)); |
8137 | |
8138 | result = kOSKextReturnInvalidArgument; |
8139 | |
8140 | if (predicate->isEqualTo(kKextRequestPredicateStart)) { |
8141 | if (!kextIdentifier) { |
8142 | OSKextLog(/* kext */ NULL, |
8143 | kOSKextLogErrorLevel | |
8144 | kOSKextLogIPCFlag, |
8145 | "Invalid arguments to kext start request." ); |
8146 | } else if (!theKext) { |
8147 | OSKextLog(/* kext */ NULL, |
8148 | kOSKextLogErrorLevel | |
8149 | kOSKextLogIPCFlag, |
8150 | "Kext %s not found for start request." , |
8151 | kextIdentifier->getCStringNoCopy()); |
8152 | result = kOSKextReturnNotFound; |
8153 | } else { |
8154 | result = theKext->start(); |
8155 | } |
8156 | |
8157 | } else if (predicate->isEqualTo(kKextRequestPredicateStop)) { |
8158 | if (!kextIdentifier) { |
8159 | OSKextLog(/* kext */ NULL, |
8160 | kOSKextLogErrorLevel | |
8161 | kOSKextLogIPCFlag, |
8162 | "Invalid arguments to kext stop request." ); |
8163 | } else if (!theKext) { |
8164 | OSKextLog(/* kext */ NULL, |
8165 | kOSKextLogErrorLevel | |
8166 | kOSKextLogIPCFlag, |
8167 | "Kext %s not found for stop request." , |
8168 | kextIdentifier->getCStringNoCopy()); |
8169 | result = kOSKextReturnNotFound; |
8170 | } else { |
8171 | result = theKext->stop(); |
8172 | } |
8173 | |
8174 | } else if (predicate->isEqualTo(kKextRequestPredicateUnload)) { |
8175 | if (!kextIdentifier) { |
8176 | OSKextLog(/* kext */ NULL, |
8177 | kOSKextLogErrorLevel | |
8178 | kOSKextLogIPCFlag, |
8179 | "Invalid arguments to kext unload request." ); |
8180 | } else if (!theKext) { |
8181 | OSKextLog(/* kext */ NULL, |
8182 | kOSKextLogErrorLevel | |
8183 | kOSKextLogIPCFlag, |
8184 | "Kext %s not found for unload request." , |
8185 | kextIdentifier->getCStringNoCopy()); |
8186 | result = kOSKextReturnNotFound; |
8187 | } else { |
8188 | OSBoolean * terminateFlag = OSDynamicCast(OSBoolean, |
8189 | _OSKextGetRequestArgument(requestDict, |
8190 | kKextRequestArgumentTerminateIOServicesKey)); |
8191 | result = OSKext::removeKext(theKext, terminateFlag == kOSBooleanTrue); |
8192 | } |
8193 | |
8194 | } else if (predicate->isEqualTo(kKextRequestPredicateSendResource)) { |
8195 | result = OSKext::dispatchResource(requestDict); |
8196 | |
8197 | } else if (predicate->isEqualTo(kKextRequestPredicateGetUUIDByAddress)) { |
8198 | |
8199 | OSNumber *lookupNum = NULL; |
8200 | lookupNum = OSDynamicCast(OSNumber, |
8201 | _OSKextGetRequestArgument(requestDict, |
8202 | kKextRequestArgumentLookupAddressKey)); |
8203 | |
8204 | responseObject = OSKext::copyKextUUIDForAddress(lookupNum); |
8205 | if (responseObject) { |
8206 | result = kOSReturnSuccess; |
8207 | } else { |
8208 | goto finish; |
8209 | } |
8210 | |
8211 | } else if (predicate->isEqualTo(kKextRequestPredicateGetLoaded) || |
8212 | predicate->isEqualTo(kKextRequestPredicateGetLoadedByUUID)) { |
8213 | OSBoolean * delayAutounloadBool = NULL; |
8214 | OSObject * infoKeysRaw = NULL; |
8215 | OSArray * infoKeys = NULL; |
8216 | uint32_t infoKeysCount = 0; |
8217 | |
8218 | delayAutounloadBool = OSDynamicCast(OSBoolean, |
8219 | _OSKextGetRequestArgument(requestDict, |
8220 | kKextRequestArgumentDelayAutounloadKey)); |
8221 | |
8222 | /* If asked to delay autounload, reset the timer if it's currently set. |
8223 | * (That is, don't schedule an unload if one isn't already pending. |
8224 | */ |
8225 | if (delayAutounloadBool == kOSBooleanTrue) { |
8226 | OSKext::considerUnloads(/* rescheduleOnly? */ true); |
8227 | } |
8228 | |
8229 | infoKeysRaw = _OSKextGetRequestArgument(requestDict, |
8230 | kKextRequestArgumentInfoKeysKey); |
8231 | infoKeys = OSDynamicCast(OSArray, infoKeysRaw); |
8232 | if (infoKeysRaw && !infoKeys) { |
8233 | OSKextLog(/* kext */ NULL, |
8234 | kOSKextLogErrorLevel | |
8235 | kOSKextLogIPCFlag, |
8236 | "Invalid arguments to kext info request." ); |
8237 | goto finish; |
8238 | } |
8239 | |
8240 | if (infoKeys) { |
8241 | infoKeysCount = infoKeys->getCount(); |
8242 | for (uint32_t i = 0; i < infoKeysCount; i++) { |
8243 | if (!OSDynamicCast(OSString, infoKeys->getObject(i))) { |
8244 | OSKextLog(/* kext */ NULL, |
8245 | kOSKextLogErrorLevel | |
8246 | kOSKextLogIPCFlag, |
8247 | "Invalid arguments to kext info request." ); |
8248 | goto finish; |
8249 | } |
8250 | } |
8251 | } |
8252 | |
8253 | if (predicate->isEqualTo(kKextRequestPredicateGetLoaded)) { |
8254 | responseObject = OSKext::copyLoadedKextInfo(kextIdentifiers, infoKeys); |
8255 | } |
8256 | else if (predicate->isEqualTo(kKextRequestPredicateGetLoadedByUUID)) { |
8257 | responseObject = OSKext::copyLoadedKextInfoByUUID(kextIdentifiers, infoKeys); |
8258 | } |
8259 | if (!responseObject) { |
8260 | result = kOSKextReturnInternalError; |
8261 | } else { |
8262 | OSKextLog(/* kext */ NULL, |
8263 | kOSKextLogDebugLevel | |
8264 | kOSKextLogIPCFlag, |
8265 | "Returning loaded kext info." ); |
8266 | result = kOSReturnSuccess; |
8267 | } |
8268 | } else if (predicate->isEqualTo(kKextRequestPredicateGetKernelRequests)) { |
8269 | |
8270 | /* Hand the current sKernelRequests array to the caller |
8271 | * (who must release it), and make a new one. |
8272 | */ |
8273 | responseObject = sKernelRequests; |
8274 | sKernelRequests = OSArray::withCapacity(0); |
8275 | sPostedKextLoadIdentifiers->flushCollection(); |
8276 | OSKextLog(/* kext */ NULL, |
8277 | kOSKextLogDebugLevel | |
8278 | kOSKextLogIPCFlag, |
8279 | "Returning kernel requests." ); |
8280 | result = kOSReturnSuccess; |
8281 | |
8282 | } else if (predicate->isEqualTo(kKextRequestPredicateGetAllLoadRequests)) { |
8283 | |
8284 | /* Return the set of all requested bundle identifiers */ |
8285 | responseObject = sAllKextLoadIdentifiers; |
8286 | responseObject->retain(); |
8287 | OSKextLog(/* kext */ NULL, |
8288 | kOSKextLogDebugLevel | |
8289 | kOSKextLogIPCFlag, |
8290 | "Returning load requests." ); |
8291 | result = kOSReturnSuccess; |
8292 | } |
8293 | else { |
8294 | OSKextLog(/* kext */ NULL, |
8295 | kOSKextLogDebugLevel | |
8296 | kOSKextLogIPCFlag, |
8297 | "Received '%s' invalid request from user space." , |
8298 | predicate->getCStringNoCopy()); |
8299 | goto finish; |
8300 | } |
8301 | |
8302 | /********** |
8303 | * Now we have handle the request, or not. Gather up the response & logging |
8304 | * info to ship to user space. |
8305 | *********/ |
8306 | |
8307 | /* Note: Nothing in OSKext is supposed to retain requestDict, |
8308 | * but you never know.... |
8309 | */ |
8310 | if (requestDict->getRetainCount() > 1) { |
8311 | OSKextLog(/* kext */ NULL, |
8312 | kOSKextLogWarningLevel | |
8313 | kOSKextLogIPCFlag, |
8314 | "Request from user space still retained by a kext; " |
8315 | "probable memory leak." ); |
8316 | } |
8317 | |
8318 | if (responseOut && responseObject) { |
8319 | serializer = OSSerialize::withCapacity(0); |
8320 | if (!serializer) { |
8321 | result = kOSKextReturnNoMemory; |
8322 | goto finish; |
8323 | } |
8324 | |
8325 | if (!responseObject->serialize(serializer)) { |
8326 | OSKextLog(/* kext */ NULL, |
8327 | kOSKextLogGeneralFlag | kOSKextLogErrorLevel, |
8328 | "Failed to serialize response to request from user space." ); |
8329 | result = kOSKextReturnSerialization; |
8330 | goto finish; |
8331 | } |
8332 | |
8333 | response = (char *)serializer->text(); |
8334 | responseLength = serializer->getLength(); |
8335 | } |
8336 | |
8337 | if (responseOut && response) { |
8338 | char * buffer; |
8339 | |
8340 | /* This kmem_alloc sets the return value of the function. |
8341 | */ |
8342 | kmem_result = kmem_alloc(kernel_map, (vm_offset_t *)&buffer, |
8343 | round_page(responseLength), VM_KERN_MEMORY_OSKEXT); |
8344 | if (kmem_result != KERN_SUCCESS) { |
8345 | OSKextLog(/* kext */ NULL, |
8346 | kOSKextLogErrorLevel | |
8347 | kOSKextLogIPCFlag, |
8348 | "Failed to copy response to request from user space." ); |
8349 | result = kmem_result; |
8350 | goto finish; |
8351 | } else { |
8352 | /* 11981737 - clear uninitialized data in last page */ |
8353 | bzero((void *)(buffer + responseLength), |
8354 | (round_page(responseLength) - responseLength)); |
8355 | memcpy(buffer, response, responseLength); |
8356 | *responseOut = buffer; |
8357 | *responseLengthOut = responseLength; |
8358 | } |
8359 | } |
8360 | |
8361 | finish: |
8362 | |
8363 | /* Gather up the collected log messages for user space. Any messages |
8364 | * messages past this call will not make it up as log messages but |
8365 | * will be in the system log. Note that we ignore the return of the |
8366 | * serialize; it has no bearing on the operation at hand even if we |
8367 | * fail to get the log messages. |
8368 | */ |
8369 | logInfoArray = OSKext::clearUserSpaceLogFilter(); |
8370 | |
8371 | if (logInfoArray && logInfoOut && logInfoLengthOut) { |
8372 | (void)OSKext::serializeLogInfo(logInfoArray, |
8373 | logInfoOut, logInfoLengthOut); |
8374 | } |
8375 | |
8376 | IORecursiveLockUnlock(sKextLock); |
8377 | |
8378 | OSSafeReleaseNULL(parsedXML); |
8379 | OSSafeReleaseNULL(errorString); |
8380 | OSSafeReleaseNULL(responseObject); |
8381 | OSSafeReleaseNULL(serializer); |
8382 | OSSafeReleaseNULL(logInfoArray); |
8383 | |
8384 | return result; |
8385 | } |
8386 | |
8387 | |
8388 | // #include <InstrProfiling.h> |
8389 | extern "C" { |
8390 | |
8391 | uint64_t __llvm_profile_get_size_for_buffer_internal(const char *DataBegin, |
8392 | const char *DataEnd, |
8393 | const char *CountersBegin, |
8394 | const char *CountersEnd , |
8395 | const char *NamesBegin, |
8396 | const char *NamesEnd); |
8397 | int __llvm_profile_write_buffer_internal(char *Buffer, |
8398 | const char *DataBegin, |
8399 | const char *DataEnd, |
8400 | const char *CountersBegin, |
8401 | const char *CountersEnd , |
8402 | const char *NamesBegin, |
8403 | const char *NamesEnd); |
8404 | } |
8405 | |
8406 | |
8407 | static |
8408 | void OSKextPgoMetadataPut(char *pBuffer, |
8409 | size_t *position, |
8410 | size_t bufferSize, |
8411 | uint32_t *num_pairs, |
8412 | const char *key, |
8413 | const char *value) |
8414 | { |
8415 | size_t strlen_key = strlen(key); |
8416 | size_t strlen_value = strlen(value); |
8417 | size_t len = strlen(key) + 1 + strlen(value) + 1; |
8418 | char *pos = pBuffer + *position; |
8419 | *position += len; |
8420 | if (pBuffer && bufferSize && *position <= bufferSize) { |
8421 | memcpy(pos, key, strlen_key); pos += strlen_key; |
8422 | *(pos++) = '='; |
8423 | memcpy(pos, value, strlen_value); pos += strlen_value; |
8424 | *(pos++) = 0; |
8425 | if (num_pairs) { |
8426 | (*num_pairs)++; |
8427 | } |
8428 | } |
8429 | } |
8430 | |
8431 | |
8432 | static |
8433 | void OSKextPgoMetadataPutMax(size_t *position, const char *key, size_t value_max) |
8434 | { |
8435 | *position += strlen(key) + 1 + value_max + 1; |
8436 | } |
8437 | |
8438 | |
8439 | static |
8440 | void OSKextPgoMetadataPutAll(OSKext *kext, |
8441 | uuid_t instance_uuid, |
8442 | char *pBuffer, |
8443 | size_t *position, |
8444 | size_t bufferSize, |
8445 | uint32_t *num_pairs) |
8446 | { |
8447 | _static_assert_1_arg(sizeof(clock_sec_t) % 2 == 0); |
8448 | //log_10 2^16 ≈ 4.82 |
8449 | const size_t max_secs_string_size = 5 * sizeof(clock_sec_t)/2; |
8450 | const size_t max_timestamp_string_size = max_secs_string_size + 1 + 6; |
8451 | |
8452 | if (!pBuffer) { |
8453 | OSKextPgoMetadataPutMax(position, "INSTANCE" , 36); |
8454 | OSKextPgoMetadataPutMax(position, "UUID" , 36); |
8455 | OSKextPgoMetadataPutMax(position, "TIMESTAMP" , max_timestamp_string_size); |
8456 | } else { |
8457 | uuid_string_t instance_uuid_string; |
8458 | uuid_unparse(instance_uuid, instance_uuid_string); |
8459 | OSKextPgoMetadataPut(pBuffer, position, bufferSize, num_pairs, |
8460 | "INSTANCE" , instance_uuid_string); |
8461 | |
8462 | OSData *uuid_data; |
8463 | uuid_t uuid; |
8464 | uuid_string_t uuid_string; |
8465 | uuid_data = kext->copyUUID(); |
8466 | if (uuid_data) { |
8467 | memcpy(uuid, uuid_data->getBytesNoCopy(), sizeof(uuid)); |
8468 | OSSafeReleaseNULL(uuid_data); |
8469 | uuid_unparse(uuid, uuid_string); |
8470 | OSKextPgoMetadataPut(pBuffer, position, bufferSize, num_pairs, |
8471 | "UUID" , uuid_string); |
8472 | } |
8473 | |
8474 | clock_sec_t secs; |
8475 | clock_usec_t usecs; |
8476 | clock_get_calendar_microtime(&secs, &usecs); |
8477 | assert(usecs < 1000000); |
8478 | char timestamp[max_timestamp_string_size + 1]; |
8479 | _static_assert_1_arg(sizeof(long) >= sizeof(clock_sec_t)); |
8480 | snprintf(timestamp, sizeof(timestamp), "%lu.%06d" , (unsigned long)secs, (int)usecs); |
8481 | OSKextPgoMetadataPut(pBuffer, position, bufferSize, num_pairs, |
8482 | "TIMESTAMP" , timestamp); |
8483 | } |
8484 | |
8485 | OSKextPgoMetadataPut(pBuffer, position, bufferSize, num_pairs, |
8486 | "NAME" , kext->getIdentifierCString()); |
8487 | |
8488 | char versionCString[kOSKextVersionMaxLength]; |
8489 | OSKextVersionGetString(kext->getVersion(), versionCString, kOSKextVersionMaxLength); |
8490 | OSKextPgoMetadataPut(pBuffer, position, bufferSize, num_pairs, |
8491 | "VERSION" , versionCString); |
8492 | |
8493 | } |
8494 | |
8495 | static |
8496 | size_t OSKextPgoMetadataSize(OSKext *kext) |
8497 | { |
8498 | size_t position = 0; |
8499 | uuid_t fakeuuid = {}; |
8500 | OSKextPgoMetadataPutAll(kext, fakeuuid, NULL, &position, 0, NULL); |
8501 | return position; |
8502 | } |
8503 | |
8504 | int OSKextGrabPgoDataLocked(OSKext *kext, |
8505 | bool metadata, |
8506 | uuid_t instance_uuid, |
8507 | uint64_t *pSize, |
8508 | char *pBuffer, |
8509 | uint64_t bufferSize) |
8510 | { |
8511 | int err = 0; |
8512 | |
8513 | kernel_section_t *sect_prf_data = NULL; |
8514 | kernel_section_t *sect_prf_name = NULL; |
8515 | kernel_section_t *sect_prf_cnts = NULL; |
8516 | uint64_t size; |
8517 | size_t metadata_size = 0; |
8518 | |
8519 | sect_prf_data = kext->lookupSection("__DATA" , "__llvm_prf_data" ); |
8520 | sect_prf_name = kext->lookupSection("__DATA" , "__llvm_prf_name" ); |
8521 | sect_prf_cnts = kext->lookupSection("__DATA" , "__llvm_prf_cnts" ); |
8522 | |
8523 | if (!sect_prf_data || !sect_prf_name || !sect_prf_cnts) { |
8524 | err = ENOTSUP; |
8525 | goto out; |
8526 | } |
8527 | |
8528 | size = __llvm_profile_get_size_for_buffer_internal( |
8529 | (const char*) sect_prf_data->addr, (const char*) sect_prf_data->addr + sect_prf_data->size, |
8530 | (const char*) sect_prf_cnts->addr, (const char*) sect_prf_cnts->addr + sect_prf_cnts->size, |
8531 | (const char*) sect_prf_name->addr, (const char*) sect_prf_name->addr + sect_prf_name->size); |
8532 | |
8533 | if (metadata) { |
8534 | metadata_size = OSKextPgoMetadataSize(kext); |
8535 | size += metadata_size; |
8536 | size += sizeof(pgo_metadata_footer); |
8537 | } |
8538 | |
8539 | |
8540 | if (pSize) { |
8541 | *pSize = size; |
8542 | } |
8543 | |
8544 | if (pBuffer && bufferSize) { |
8545 | if (bufferSize < size) { |
8546 | err = ERANGE; |
8547 | goto out; |
8548 | } |
8549 | |
8550 | err = __llvm_profile_write_buffer_internal( |
8551 | pBuffer, |
8552 | (const char*) sect_prf_data->addr, (const char*) sect_prf_data->addr + sect_prf_data->size, |
8553 | (const char*) sect_prf_cnts->addr, (const char*) sect_prf_cnts->addr + sect_prf_cnts->size, |
8554 | (const char*) sect_prf_name->addr, (const char*) sect_prf_name->addr + sect_prf_name->size); |
8555 | |
8556 | if (err) { |
8557 | err = EIO; |
8558 | goto out; |
8559 | } |
8560 | |
8561 | if (metadata) { |
8562 | char *end_of_buffer = pBuffer + size; |
8563 | struct pgo_metadata_footer * = (struct pgo_metadata_footer *) (end_of_buffer - sizeof(struct pgo_metadata_footer)); |
8564 | char *metadata_buffer = end_of_buffer - (sizeof(struct pgo_metadata_footer) + metadata_size); |
8565 | |
8566 | size_t metadata_position = 0; |
8567 | uint32_t num_pairs = 0; |
8568 | OSKextPgoMetadataPutAll(kext, instance_uuid, metadata_buffer, &metadata_position, metadata_size, &num_pairs); |
8569 | while (metadata_position < metadata_size) { |
8570 | metadata_buffer[metadata_position++] = 0; |
8571 | } |
8572 | |
8573 | struct pgo_metadata_footer ; |
8574 | footer.magic = htonl(0x6d657461); |
8575 | footer.number_of_pairs = htonl( num_pairs ); |
8576 | footer.offset_to_pairs = htonl( sizeof(struct pgo_metadata_footer) + metadata_size ); |
8577 | memcpy(footerp, &footer, sizeof(footer)); |
8578 | } |
8579 | |
8580 | } |
8581 | |
8582 | out: |
8583 | return err; |
8584 | } |
8585 | |
8586 | |
8587 | int |
8588 | OSKextGrabPgoData(uuid_t uuid, |
8589 | uint64_t *pSize, |
8590 | char *pBuffer, |
8591 | uint64_t bufferSize, |
8592 | int wait_for_unload, |
8593 | int metadata) |
8594 | { |
8595 | int err = 0; |
8596 | OSKext *kext = NULL; |
8597 | |
8598 | |
8599 | IORecursiveLockLock(sKextLock); |
8600 | |
8601 | kext = OSKext::lookupKextWithUUID(uuid); |
8602 | if (!kext) { |
8603 | err = ENOENT; |
8604 | goto out; |
8605 | } |
8606 | |
8607 | if (wait_for_unload) { |
8608 | OSKextGrabPgoStruct s; |
8609 | |
8610 | s.metadata = metadata; |
8611 | s.pSize = pSize; |
8612 | s.pBuffer = pBuffer; |
8613 | s.bufferSize = bufferSize; |
8614 | s.err = EINTR; |
8615 | |
8616 | struct list_head *prev = &kext->pendingPgoHead; |
8617 | struct list_head *next = kext->pendingPgoHead.next; |
8618 | |
8619 | s.list_head.prev = prev; |
8620 | s.list_head.next = next; |
8621 | |
8622 | prev->next = &s.list_head; |
8623 | next->prev = &s.list_head; |
8624 | |
8625 | kext->release(); |
8626 | kext = NULL; |
8627 | |
8628 | IORecursiveLockSleep(sKextLock, &s, THREAD_ABORTSAFE); |
8629 | |
8630 | prev = s.list_head.prev; |
8631 | next = s.list_head.next; |
8632 | |
8633 | prev->next = next; |
8634 | next->prev = prev; |
8635 | |
8636 | err = s.err; |
8637 | |
8638 | } else { |
8639 | err = OSKextGrabPgoDataLocked(kext, metadata, kext->instance_uuid, pSize, pBuffer, bufferSize); |
8640 | } |
8641 | |
8642 | out: |
8643 | if (kext) { |
8644 | kext->release(); |
8645 | } |
8646 | |
8647 | IORecursiveLockUnlock(sKextLock); |
8648 | |
8649 | return err; |
8650 | } |
8651 | |
8652 | void |
8653 | OSKextResetPgoCountersLock() |
8654 | { |
8655 | IORecursiveLockLock(sKextLock); |
8656 | } |
8657 | |
8658 | void |
8659 | OSKextResetPgoCountersUnlock() |
8660 | { |
8661 | IORecursiveLockUnlock(sKextLock); |
8662 | } |
8663 | |
8664 | |
8665 | extern unsigned int not_in_kdp; |
8666 | |
8667 | void |
8668 | OSKextResetPgoCounters() |
8669 | { |
8670 | assert(!not_in_kdp); |
8671 | uint32_t count = sLoadedKexts->getCount(); |
8672 | for (uint32_t i = 0; i < count; i++) { |
8673 | OSKext *kext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
8674 | kernel_section_t *sect_prf_cnts = kext->lookupSection("__DATA" , "__llvm_prf_cnts" ); |
8675 | if (!sect_prf_cnts) { |
8676 | continue; |
8677 | } |
8678 | memset((void*)sect_prf_cnts->addr, 0, sect_prf_cnts->size); |
8679 | } |
8680 | } |
8681 | |
8682 | OSDictionary * |
8683 | OSKext::copyLoadedKextInfoByUUID( |
8684 | OSArray * kextIdentifiers, |
8685 | OSArray * infoKeys) |
8686 | { |
8687 | OSDictionary * result = NULL; |
8688 | OSDictionary * kextInfo = NULL; // must release |
8689 | uint32_t count, i; |
8690 | uint32_t idCount = 0; |
8691 | uint32_t idIndex = 0; |
8692 | |
8693 | IORecursiveLockLock(sKextLock); |
8694 | |
8695 | #if CONFIG_MACF |
8696 | /* Is the calling process allowed to query kext info? */ |
8697 | if (current_task() != kernel_task) { |
8698 | int macCheckResult = 0; |
8699 | kauth_cred_t cred = NULL; |
8700 | |
8701 | cred = kauth_cred_get_with_ref(); |
8702 | macCheckResult = mac_kext_check_query(cred); |
8703 | kauth_cred_unref(&cred); |
8704 | |
8705 | if (macCheckResult != 0) { |
8706 | OSKextLog(/* kext */ NULL, |
8707 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
8708 | "Failed to query kext info (MAC policy error 0x%x)." , |
8709 | macCheckResult); |
8710 | goto finish; |
8711 | } |
8712 | } |
8713 | #endif |
8714 | |
8715 | /* Empty list of UUIDs is equivalent to no list (get all). |
8716 | */ |
8717 | if (kextIdentifiers && !kextIdentifiers->getCount()) { |
8718 | kextIdentifiers = NULL; |
8719 | } else if (kextIdentifiers) { |
8720 | idCount = kextIdentifiers->getCount(); |
8721 | } |
8722 | |
8723 | /* Same for keys. |
8724 | */ |
8725 | if (infoKeys && !infoKeys->getCount()) { |
8726 | infoKeys = NULL; |
8727 | } |
8728 | |
8729 | count = sLoadedKexts->getCount(); |
8730 | result = OSDictionary::withCapacity(count); |
8731 | if (!result) { |
8732 | goto finish; |
8733 | } |
8734 | |
8735 | for (i = 0; i < count; i++) { |
8736 | OSKext *thisKext = NULL; // do not release |
8737 | Boolean includeThis = true; |
8738 | uuid_t thisKextUUID; |
8739 | uuid_t thisKextTextUUID; |
8740 | OSData *uuid_data; |
8741 | uuid_string_t uuid_key; |
8742 | |
8743 | thisKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
8744 | if (!thisKext) { |
8745 | continue; |
8746 | } |
8747 | |
8748 | uuid_data = thisKext->copyUUID(); |
8749 | if (!uuid_data) { |
8750 | continue; |
8751 | } |
8752 | |
8753 | memcpy(&thisKextUUID, uuid_data->getBytesNoCopy(), sizeof(thisKextUUID)); |
8754 | OSSafeReleaseNULL(uuid_data); |
8755 | |
8756 | uuid_unparse(thisKextUUID, uuid_key); |
8757 | |
8758 | uuid_data = thisKext->copyTextUUID(); |
8759 | if (!uuid_data) { |
8760 | continue; |
8761 | } |
8762 | memcpy(&thisKextTextUUID, uuid_data->getBytesNoCopy(), sizeof(thisKextTextUUID)); |
8763 | OSSafeReleaseNULL(uuid_data); |
8764 | |
8765 | /* Skip current kext if we have a list of UUIDs and |
8766 | * it isn't in the list. |
8767 | */ |
8768 | if (kextIdentifiers) { |
8769 | includeThis = false; |
8770 | |
8771 | for (idIndex = 0; idIndex < idCount; idIndex++) { |
8772 | const OSString* wantedUUID = OSDynamicCast(OSString, |
8773 | kextIdentifiers->getObject(idIndex)); |
8774 | |
8775 | uuid_t uuid; |
8776 | uuid_parse(wantedUUID->getCStringNoCopy(), uuid); |
8777 | |
8778 | if ((0 == uuid_compare(uuid, thisKextUUID)) |
8779 | || (0 == uuid_compare(uuid, thisKextTextUUID))) { |
8780 | includeThis = true; |
8781 | /* Only need to find the first kext if multiple match, |
8782 | * ie. asking for the kernel uuid does not need to find |
8783 | * interface kexts or builtin static kexts. |
8784 | */ |
8785 | kextIdentifiers->removeObject(idIndex); |
8786 | uuid_unparse(uuid, uuid_key); |
8787 | break; |
8788 | } |
8789 | |
8790 | } |
8791 | } |
8792 | |
8793 | if (!includeThis) { |
8794 | continue; |
8795 | } |
8796 | |
8797 | kextInfo = thisKext->copyInfo(infoKeys); |
8798 | if (kextInfo) { |
8799 | result->setObject(uuid_key, kextInfo); |
8800 | kextInfo->release(); |
8801 | } |
8802 | |
8803 | if (kextIdentifiers && !kextIdentifiers->getCount()) { |
8804 | break; |
8805 | } |
8806 | } |
8807 | |
8808 | finish: |
8809 | IORecursiveLockUnlock(sKextLock); |
8810 | |
8811 | return result; |
8812 | } |
8813 | |
8814 | /********************************************************************* |
8815 | *********************************************************************/ |
8816 | /* static */ |
8817 | OSDictionary * |
8818 | OSKext::copyLoadedKextInfo( |
8819 | OSArray * kextIdentifiers, |
8820 | OSArray * infoKeys) |
8821 | { |
8822 | OSDictionary * result = NULL; |
8823 | uint32_t idCount = 0; |
8824 | bool onlyLoaded; |
8825 | |
8826 | IORecursiveLockLock(sKextLock); |
8827 | |
8828 | #if CONFIG_MACF |
8829 | /* Is the calling process allowed to query kext info? */ |
8830 | if (current_task() != kernel_task) { |
8831 | int macCheckResult = 0; |
8832 | kauth_cred_t cred = NULL; |
8833 | |
8834 | cred = kauth_cred_get_with_ref(); |
8835 | macCheckResult = mac_kext_check_query(cred); |
8836 | kauth_cred_unref(&cred); |
8837 | |
8838 | if (macCheckResult != 0) { |
8839 | OSKextLog(/* kext */ NULL, |
8840 | kOSKextLogErrorLevel | kOSKextLogLoadFlag, |
8841 | "Failed to query kext info (MAC policy error 0x%x)." , |
8842 | macCheckResult); |
8843 | goto finish; |
8844 | } |
8845 | } |
8846 | #endif |
8847 | |
8848 | /* Empty list of bundle ids is equivalent to no list (get all). |
8849 | */ |
8850 | if (kextIdentifiers && !kextIdentifiers->getCount()) { |
8851 | kextIdentifiers = NULL; |
8852 | } else if (kextIdentifiers) { |
8853 | idCount = kextIdentifiers->getCount(); |
8854 | } |
8855 | |
8856 | /* Same for keys. |
8857 | */ |
8858 | if (infoKeys && !infoKeys->getCount()) { |
8859 | infoKeys = NULL; |
8860 | } |
8861 | |
8862 | onlyLoaded = (!infoKeys || !_OSArrayContainsCString(infoKeys, kOSBundleAllPrelinkedKey)); |
8863 | |
8864 | result = OSDictionary::withCapacity(128); |
8865 | if (!result) { |
8866 | goto finish; |
8867 | } |
8868 | |
8869 | #if 0 |
8870 | OSKextLog(/* kext */ NULL, |
8871 | kOSKextLogErrorLevel | |
8872 | kOSKextLogGeneralFlag, |
8873 | "kaslr: vm_kernel_slide 0x%lx \n" , |
8874 | vm_kernel_slide); |
8875 | OSKextLog(/* kext */ NULL, |
8876 | kOSKextLogErrorLevel | |
8877 | kOSKextLogGeneralFlag, |
8878 | "kaslr: vm_kernel_stext 0x%lx vm_kernel_etext 0x%lx \n" , |
8879 | vm_kernel_stext, vm_kernel_etext); |
8880 | OSKextLog(/* kext */ NULL, |
8881 | kOSKextLogErrorLevel | |
8882 | kOSKextLogGeneralFlag, |
8883 | "kaslr: vm_kernel_base 0x%lx vm_kernel_top 0x%lx \n" , |
8884 | vm_kernel_base, vm_kernel_top); |
8885 | OSKextLog(/* kext */ NULL, |
8886 | kOSKextLogErrorLevel | |
8887 | kOSKextLogGeneralFlag, |
8888 | "kaslr: vm_kext_base 0x%lx vm_kext_top 0x%lx \n" , |
8889 | vm_kext_base, vm_kext_top); |
8890 | OSKextLog(/* kext */ NULL, |
8891 | kOSKextLogErrorLevel | |
8892 | kOSKextLogGeneralFlag, |
8893 | "kaslr: vm_prelink_stext 0x%lx vm_prelink_etext 0x%lx \n" , |
8894 | vm_prelink_stext, vm_prelink_etext); |
8895 | OSKextLog(/* kext */ NULL, |
8896 | kOSKextLogErrorLevel | |
8897 | kOSKextLogGeneralFlag, |
8898 | "kaslr: vm_prelink_sinfo 0x%lx vm_prelink_einfo 0x%lx \n" , |
8899 | vm_prelink_sinfo, vm_prelink_einfo); |
8900 | OSKextLog(/* kext */ NULL, |
8901 | kOSKextLogErrorLevel | |
8902 | kOSKextLogGeneralFlag, |
8903 | "kaslr: vm_slinkedit 0x%lx vm_elinkedit 0x%lx \n" , |
8904 | vm_slinkedit, vm_elinkedit); |
8905 | #endif |
8906 | |
8907 | sKextsByID->iterateObjects(^bool(const OSSymbol * thisKextID, OSObject * obj) |
8908 | { |
8909 | OSKext * thisKext = NULL; // do not release |
8910 | Boolean includeThis = true; |
8911 | OSDictionary * kextInfo = NULL; // must release |
8912 | |
8913 | thisKext = OSDynamicCast(OSKext, obj); |
8914 | if (!thisKext) { |
8915 | return (false);; |
8916 | } |
8917 | |
8918 | /* Skip current kext if not yet started and caller didn't request all. |
8919 | */ |
8920 | if (onlyLoaded && (-1U == sLoadedKexts->getNextIndexOfObject(thisKext, 0))) { |
8921 | return (false);; |
8922 | } |
8923 | |
8924 | /* Skip current kext if we have a list of bundle IDs and |
8925 | * it isn't in the list. |
8926 | */ |
8927 | if (kextIdentifiers) { |
8928 | |
8929 | includeThis = false; |
8930 | |
8931 | for (uint32_t idIndex = 0; idIndex < idCount; idIndex++) { |
8932 | const OSString * thisRequestID = OSDynamicCast(OSString, |
8933 | kextIdentifiers->getObject(idIndex)); |
8934 | if (thisKextID->isEqualTo(thisRequestID)) { |
8935 | includeThis = true; |
8936 | break; |
8937 | } |
8938 | } |
8939 | } |
8940 | |
8941 | if (!includeThis) { |
8942 | return (false); |
8943 | } |
8944 | |
8945 | kextInfo = thisKext->copyInfo(infoKeys); |
8946 | if (kextInfo) { |
8947 | result->setObject(thisKext->getIdentifier(), kextInfo); |
8948 | kextInfo->release(); |
8949 | } |
8950 | return (false); |
8951 | }); |
8952 | |
8953 | finish: |
8954 | IORecursiveLockUnlock(sKextLock); |
8955 | |
8956 | return result; |
8957 | } |
8958 | |
8959 | /********************************************************************* |
8960 | * Any info that needs to do allocations must goto finish on alloc |
8961 | * failure. Info that is just a lookup should just not set the object |
8962 | * if the info does not exist. |
8963 | *********************************************************************/ |
8964 | #define _OSKextLoadInfoDictCapacity (12) |
8965 | |
8966 | OSDictionary * |
8967 | OSKext::copyInfo(OSArray * infoKeys) |
8968 | { |
8969 | OSDictionary * result = NULL; |
8970 | bool success = false; |
8971 | OSData * = NULL; // must release |
8972 | OSData * logData = NULL; // must release |
8973 | OSNumber * cpuTypeNumber = NULL; // must release |
8974 | OSNumber * cpuSubtypeNumber = NULL; // must release |
8975 | OSString * versionString = NULL; // do not release |
8976 | uint32_t executablePathCStringSize = 0; |
8977 | char * executablePathCString = NULL; // must release |
8978 | OSString * executablePathString = NULL; // must release |
8979 | OSData * uuid = NULL; // must release |
8980 | OSNumber * scratchNumber = NULL; // must release |
8981 | OSArray * dependencyLoadTags = NULL; // must release |
8982 | OSCollectionIterator * metaClassIterator = NULL; // must release |
8983 | OSArray * metaClassInfo = NULL; // must release |
8984 | OSDictionary * metaClassDict = NULL; // must release |
8985 | OSMetaClass * thisMetaClass = NULL; // do not release |
8986 | OSString * metaClassName = NULL; // must release |
8987 | OSString * superclassName = NULL; // must release |
8988 | uint32_t count, i; |
8989 | |
8990 | result = OSDictionary::withCapacity(_OSKextLoadInfoDictCapacity); |
8991 | if (!result) { |
8992 | goto finish; |
8993 | } |
8994 | |
8995 | |
8996 | /* Empty keys means no keys, but NULL is quicker to check. |
8997 | */ |
8998 | if (infoKeys && !infoKeys->getCount()) { |
8999 | infoKeys = NULL; |
9000 | } |
9001 | |
9002 | /* Headers, CPU type, and CPU subtype. |
9003 | */ |
9004 | if (!infoKeys || |
9005 | _OSArrayContainsCString(infoKeys, kOSBundleMachOHeadersKey) || |
9006 | _OSArrayContainsCString(infoKeys, kOSBundleLogStringsKey) || |
9007 | _OSArrayContainsCString(infoKeys, kOSBundleCPUTypeKey) || |
9008 | _OSArrayContainsCString(infoKeys, kOSBundleCPUSubtypeKey)) |
9009 | { |
9010 | |
9011 | if (linkedExecutable && !isInterface()) { |
9012 | |
9013 | kernel_mach_header_t *kext_mach_hdr = (kernel_mach_header_t *) |
9014 | linkedExecutable->getBytesNoCopy(); |
9015 | |
9016 | #if !SECURE_KERNEL |
9017 | // do not return macho header info on shipping iOS - 19095897 |
9018 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleMachOHeadersKey)) { |
9019 | kernel_mach_header_t * temp_kext_mach_hdr; |
9020 | struct load_command * lcp; |
9021 | |
9022 | headerData = OSData::withBytes(kext_mach_hdr, |
9023 | (u_int) (sizeof(*kext_mach_hdr) + kext_mach_hdr->sizeofcmds)); |
9024 | if (!headerData) { |
9025 | goto finish; |
9026 | } |
9027 | |
9028 | // unslide any vmaddrs we return to userspace - 10726716 |
9029 | temp_kext_mach_hdr = (kernel_mach_header_t *) |
9030 | headerData->getBytesNoCopy(); |
9031 | if (temp_kext_mach_hdr == NULL) { |
9032 | goto finish; |
9033 | } |
9034 | |
9035 | lcp = (struct load_command *) (temp_kext_mach_hdr + 1); |
9036 | for (i = 0; i < temp_kext_mach_hdr->ncmds; i++) { |
9037 | if (lcp->cmd == LC_SEGMENT_KERNEL) { |
9038 | kernel_segment_command_t * segp; |
9039 | kernel_section_t * secp; |
9040 | |
9041 | segp = (kernel_segment_command_t *) lcp; |
9042 | // 10543468 - if we jettisoned __LINKEDIT clear size info |
9043 | if (flags.jettisonLinkeditSeg) { |
9044 | if (strncmp(segp->segname, SEG_LINKEDIT, sizeof(segp->segname)) == 0) { |
9045 | segp->vmsize = 0; |
9046 | segp->fileoff = 0; |
9047 | segp->filesize = 0; |
9048 | } |
9049 | } |
9050 | |
9051 | #if 0 |
9052 | OSKextLog(/* kext */ NULL, |
9053 | kOSKextLogErrorLevel | |
9054 | kOSKextLogGeneralFlag, |
9055 | "%s: LC_SEGMENT_KERNEL segname '%s' vmaddr 0x%llX 0x%lX vmsize %llu nsects %u" , |
9056 | __FUNCTION__, segp->segname, segp->vmaddr, |
9057 | VM_KERNEL_UNSLIDE(segp->vmaddr), |
9058 | segp->vmsize, segp->nsects); |
9059 | if ( (VM_KERNEL_IS_SLID(segp->vmaddr) == false) && |
9060 | (VM_KERNEL_IS_KEXT(segp->vmaddr) == false) && |
9061 | (VM_KERNEL_IS_PRELINKTEXT(segp->vmaddr) == false) && |
9062 | (VM_KERNEL_IS_PRELINKINFO(segp->vmaddr) == false) && |
9063 | (VM_KERNEL_IS_KEXT_LINKEDIT(segp->vmaddr) == false) ) { |
9064 | OSKextLog(/* kext */ NULL, |
9065 | kOSKextLogErrorLevel | |
9066 | kOSKextLogGeneralFlag, |
9067 | "%s: not in kext range - vmaddr 0x%llX vm_kext_base 0x%lX vm_kext_top 0x%lX" , |
9068 | __FUNCTION__, segp->vmaddr, vm_kext_base, vm_kext_top); |
9069 | } |
9070 | #endif |
9071 | segp->vmaddr = ml_static_unslide(segp->vmaddr); |
9072 | |
9073 | for (secp = firstsect(segp); secp != NULL; secp = nextsect(segp, secp)) { |
9074 | secp->addr = ml_static_unslide(secp->addr); |
9075 | } |
9076 | } |
9077 | lcp = (struct load_command *)((caddr_t)lcp + lcp->cmdsize); |
9078 | } |
9079 | result->setObject(kOSBundleMachOHeadersKey, headerData); |
9080 | } |
9081 | #endif // SECURE_KERNEL |
9082 | |
9083 | if (_OSArrayContainsCString(infoKeys, kOSBundleLogStringsKey)) { |
9084 | osLogDataHeaderRef *; |
9085 | char [offsetof(osLogDataHeaderRef, sections) + NUM_OS_LOG_SECTIONS * sizeof(header->sections[0])]; |
9086 | |
9087 | void *os_log_data = NULL; |
9088 | void *cstring_data = NULL; |
9089 | unsigned long os_log_size = 0; |
9090 | unsigned long cstring_size = 0; |
9091 | uint32_t os_log_offset = 0; |
9092 | uint32_t cstring_offset = 0; |
9093 | bool res; |
9094 | |
9095 | os_log_data = getsectdatafromheader(kext_mach_hdr, "__TEXT" , "__os_log" , &os_log_size); |
9096 | os_log_offset = getsectoffsetfromheader(kext_mach_hdr, "__TEXT" , "__os_log" ); |
9097 | cstring_data = getsectdatafromheader(kext_mach_hdr, "__TEXT" , "__cstring" , &cstring_size); |
9098 | cstring_offset = getsectoffsetfromheader(kext_mach_hdr, "__TEXT" , "__cstring" ); |
9099 | |
9100 | header = (osLogDataHeaderRef *) headerBytes; |
9101 | header->version = OS_LOG_HDR_VERSION; |
9102 | header->sect_count = NUM_OS_LOG_SECTIONS; |
9103 | header->sections[OS_LOG_SECT_IDX].sect_offset = os_log_offset; |
9104 | header->sections[OS_LOG_SECT_IDX].sect_size = (uint32_t) os_log_size; |
9105 | header->sections[CSTRING_SECT_IDX].sect_offset = cstring_offset; |
9106 | header->sections[CSTRING_SECT_IDX].sect_size = (uint32_t) cstring_size; |
9107 | |
9108 | |
9109 | logData = OSData::withBytes(header, (u_int) (sizeof(osLogDataHeaderRef))); |
9110 | if (!logData) { |
9111 | goto finish; |
9112 | } |
9113 | res = logData->appendBytes(&(header->sections[0]), (u_int)(header->sect_count * sizeof(header->sections[0]))); |
9114 | if (!res) { |
9115 | goto finish; |
9116 | } |
9117 | if (os_log_data) { |
9118 | res = logData->appendBytes(os_log_data, (u_int)header->sections[OS_LOG_SECT_IDX].sect_size); |
9119 | if (!res) { |
9120 | goto finish; |
9121 | } |
9122 | } |
9123 | if (cstring_data) { |
9124 | res = logData->appendBytes(cstring_data, (u_int)header->sections[CSTRING_SECT_IDX].sect_size); |
9125 | if (!res) { |
9126 | goto finish; |
9127 | } |
9128 | } |
9129 | result->setObject(kOSBundleLogStringsKey, logData); |
9130 | } |
9131 | |
9132 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleCPUTypeKey)) { |
9133 | cpuTypeNumber = OSNumber::withNumber( |
9134 | (uint64_t) kext_mach_hdr->cputype, |
9135 | 8 * sizeof(kext_mach_hdr->cputype)); |
9136 | if (!cpuTypeNumber) { |
9137 | goto finish; |
9138 | } |
9139 | result->setObject(kOSBundleCPUTypeKey, cpuTypeNumber); |
9140 | } |
9141 | |
9142 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleCPUSubtypeKey)) { |
9143 | cpuSubtypeNumber = OSNumber::withNumber( |
9144 | (uint64_t) kext_mach_hdr->cpusubtype, |
9145 | 8 * sizeof(kext_mach_hdr->cpusubtype)); |
9146 | if (!cpuSubtypeNumber) { |
9147 | goto finish; |
9148 | } |
9149 | result->setObject(kOSBundleCPUSubtypeKey, cpuSubtypeNumber); |
9150 | } |
9151 | } |
9152 | } |
9153 | |
9154 | /* CFBundleIdentifier. We set this regardless because it's just stupid not to. |
9155 | */ |
9156 | result->setObject(kCFBundleIdentifierKey, bundleID); |
9157 | |
9158 | /* CFBundleVersion. |
9159 | */ |
9160 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kCFBundleVersionKey)) { |
9161 | versionString = OSDynamicCast(OSString, |
9162 | getPropertyForHostArch(kCFBundleVersionKey)); |
9163 | if (versionString) { |
9164 | result->setObject(kCFBundleVersionKey, versionString); |
9165 | } |
9166 | } |
9167 | |
9168 | /* OSBundleCompatibleVersion. |
9169 | */ |
9170 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleCompatibleVersionKey)) { |
9171 | versionString = OSDynamicCast(OSString, |
9172 | getPropertyForHostArch(kOSBundleCompatibleVersionKey)); |
9173 | if (versionString) { |
9174 | result->setObject(kOSBundleCompatibleVersionKey, versionString); |
9175 | } |
9176 | } |
9177 | |
9178 | /* Path. |
9179 | */ |
9180 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundlePathKey)) { |
9181 | if (path) { |
9182 | result->setObject(kOSBundlePathKey, path); |
9183 | } |
9184 | } |
9185 | |
9186 | |
9187 | /* OSBundleExecutablePath. |
9188 | */ |
9189 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleExecutablePathKey)) { |
9190 | if (path && executableRelPath) { |
9191 | |
9192 | uint32_t pathLength = path->getLength(); // gets incremented below |
9193 | |
9194 | // +1 for slash, +1 for \0 |
9195 | executablePathCStringSize = pathLength + executableRelPath->getLength() + 2; |
9196 | |
9197 | executablePathCString = (char *)kalloc_tag((executablePathCStringSize) * |
9198 | sizeof(char), VM_KERN_MEMORY_OSKEXT); // +1 for \0 |
9199 | if (!executablePathCString) { |
9200 | goto finish; |
9201 | } |
9202 | strlcpy(executablePathCString, path->getCStringNoCopy(), |
9203 | executablePathCStringSize); |
9204 | executablePathCString[pathLength++] = '/'; |
9205 | executablePathCString[pathLength++] = '\0'; |
9206 | strlcat(executablePathCString, executableRelPath->getCStringNoCopy(), |
9207 | executablePathCStringSize); |
9208 | |
9209 | executablePathString = OSString::withCString(executablePathCString); |
9210 | |
9211 | if (!executablePathString) { |
9212 | goto finish; |
9213 | } |
9214 | |
9215 | result->setObject(kOSBundleExecutablePathKey, executablePathString); |
9216 | } else if (flags.builtin) { |
9217 | result->setObject(kOSBundleExecutablePathKey, bundleID); |
9218 | } |
9219 | } |
9220 | |
9221 | /* UUID, if the kext has one. |
9222 | */ |
9223 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleUUIDKey)) { |
9224 | uuid = copyUUID(); |
9225 | if (uuid) { |
9226 | result->setObject(kOSBundleUUIDKey, uuid); |
9227 | uuid->release(); |
9228 | } |
9229 | } |
9230 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleTextUUIDKey)) { |
9231 | uuid = copyTextUUID(); |
9232 | if (uuid) { |
9233 | result->setObject(kOSBundleTextUUIDKey, uuid); uuid->release(); |
9234 | } |
9235 | } |
9236 | |
9237 | /***** |
9238 | * OSKernelResource, OSBundleIsInterface, OSBundlePrelinked, OSBundleStarted. |
9239 | */ |
9240 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSKernelResourceKey)) { |
9241 | result->setObject(kOSKernelResourceKey, |
9242 | isKernelComponent() ? kOSBooleanTrue : kOSBooleanFalse); |
9243 | } |
9244 | |
9245 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleIsInterfaceKey)) { |
9246 | result->setObject(kOSBundleIsInterfaceKey, |
9247 | isInterface() ? kOSBooleanTrue : kOSBooleanFalse); |
9248 | } |
9249 | |
9250 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundlePrelinkedKey)) { |
9251 | result->setObject(kOSBundlePrelinkedKey, |
9252 | isPrelinked() ? kOSBooleanTrue : kOSBooleanFalse); |
9253 | } |
9254 | |
9255 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleStartedKey)) { |
9256 | result->setObject(kOSBundleStartedKey, |
9257 | isStarted() ? kOSBooleanTrue : kOSBooleanFalse); |
9258 | } |
9259 | |
9260 | /* LoadTag (Index). |
9261 | */ |
9262 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleLoadTagKey)) { |
9263 | scratchNumber = OSNumber::withNumber((unsigned long long)loadTag, |
9264 | /* numBits */ 8 * sizeof(loadTag)); |
9265 | if (!scratchNumber) { |
9266 | goto finish; |
9267 | } |
9268 | result->setObject(kOSBundleLoadTagKey, scratchNumber); |
9269 | OSSafeReleaseNULL(scratchNumber); |
9270 | } |
9271 | |
9272 | /* LoadAddress, LoadSize. |
9273 | */ |
9274 | if (!infoKeys || |
9275 | _OSArrayContainsCString(infoKeys, kOSBundleLoadAddressKey) || |
9276 | _OSArrayContainsCString(infoKeys, kOSBundleLoadSizeKey) || |
9277 | _OSArrayContainsCString(infoKeys, kOSBundleExecLoadAddressKey) || |
9278 | _OSArrayContainsCString(infoKeys, kOSBundleExecLoadSizeKey) || |
9279 | _OSArrayContainsCString(infoKeys, kOSBundleWiredSizeKey)) |
9280 | { |
9281 | if (isInterface() || flags.builtin || linkedExecutable) { |
9282 | /* These go to userspace via serialization, so we don't want any doubts |
9283 | * about their size. |
9284 | */ |
9285 | uint64_t loadAddress = 0; |
9286 | uint32_t loadSize = 0; |
9287 | uint32_t wiredSize = 0; |
9288 | uint64_t execLoadAddress = 0; |
9289 | uint32_t execLoadSize = 0; |
9290 | |
9291 | /* Interfaces always report 0 load address & size. |
9292 | * Just the way they roll. |
9293 | * |
9294 | * xxx - leaving in # when we have a linkedExecutable...a kernelcomp |
9295 | * xxx - shouldn't have one! |
9296 | */ |
9297 | |
9298 | if (flags.builtin || linkedExecutable) { |
9299 | kernel_mach_header_t *mh = NULL; |
9300 | kernel_segment_command_t *seg = NULL; |
9301 | |
9302 | if (flags.builtin) { |
9303 | loadAddress = kmod_info->address; |
9304 | loadSize = kmod_info->size; |
9305 | } else { |
9306 | loadAddress = (uint64_t)linkedExecutable->getBytesNoCopy(); |
9307 | loadSize = linkedExecutable->getLength(); |
9308 | } |
9309 | mh = (kernel_mach_header_t *)loadAddress; |
9310 | loadAddress = ml_static_unslide(loadAddress); |
9311 | |
9312 | /* Walk through the kext, looking for the first executable |
9313 | * segment in case we were asked for its size/address. |
9314 | */ |
9315 | for (seg = firstsegfromheader(mh); seg != NULL; seg = nextsegfromheader(mh, seg)) { |
9316 | if (seg->initprot & VM_PROT_EXECUTE) { |
9317 | execLoadAddress = ml_static_unslide(seg->vmaddr); |
9318 | execLoadSize = seg->vmsize; |
9319 | break; |
9320 | } |
9321 | } |
9322 | |
9323 | /* If we have a kmod_info struct, calculated the wired size |
9324 | * from that. Otherwise it's the full load size. |
9325 | */ |
9326 | if (kmod_info) { |
9327 | wiredSize = loadSize - kmod_info->hdr_size; |
9328 | } else { |
9329 | wiredSize = loadSize; |
9330 | } |
9331 | } |
9332 | |
9333 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleLoadAddressKey)) { |
9334 | scratchNumber = OSNumber::withNumber( |
9335 | (unsigned long long)(loadAddress), |
9336 | /* numBits */ 8 * sizeof(loadAddress)); |
9337 | if (!scratchNumber) { |
9338 | goto finish; |
9339 | } |
9340 | result->setObject(kOSBundleLoadAddressKey, scratchNumber); |
9341 | OSSafeReleaseNULL(scratchNumber); |
9342 | } |
9343 | #if CONFIG_EMBEDDED |
9344 | if ((!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleCacheLoadAddressKey)) |
9345 | && loadAddress && loadSize) { |
9346 | scratchNumber = OSNumber::withNumber( |
9347 | (unsigned long long)ml_static_unslide((uintptr_t)segLOWESTTEXT), |
9348 | /* numBits */ 8 * sizeof(loadAddress)); |
9349 | if (!scratchNumber) { |
9350 | goto finish; |
9351 | } |
9352 | result->setObject(kOSBundleCacheLoadAddressKey, scratchNumber); |
9353 | OSSafeReleaseNULL(scratchNumber); |
9354 | } |
9355 | if ((!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleKextsInKernelTextKey)) |
9356 | && (this == sKernelKext) && gBuiltinKmodsCount) { |
9357 | result->setObject(kOSBundleKextsInKernelTextKey, kOSBooleanTrue); |
9358 | } |
9359 | #endif /* CONFIG_EMBEDDED */ |
9360 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleExecLoadAddressKey)) { |
9361 | scratchNumber = OSNumber::withNumber( |
9362 | (unsigned long long)(execLoadAddress), |
9363 | /* numBits */ 8 * sizeof(execLoadAddress)); |
9364 | if (!scratchNumber) { |
9365 | goto finish; |
9366 | } |
9367 | result->setObject(kOSBundleExecLoadAddressKey, scratchNumber); |
9368 | OSSafeReleaseNULL(scratchNumber); |
9369 | } |
9370 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleLoadSizeKey)) { |
9371 | scratchNumber = OSNumber::withNumber( |
9372 | (unsigned long long)(loadSize), |
9373 | /* numBits */ 8 * sizeof(loadSize)); |
9374 | if (!scratchNumber) { |
9375 | goto finish; |
9376 | } |
9377 | result->setObject(kOSBundleLoadSizeKey, scratchNumber); |
9378 | OSSafeReleaseNULL(scratchNumber); |
9379 | } |
9380 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleExecLoadSizeKey)) { |
9381 | scratchNumber = OSNumber::withNumber( |
9382 | (unsigned long long)(execLoadSize), |
9383 | /* numBits */ 8 * sizeof(execLoadSize)); |
9384 | if (!scratchNumber) { |
9385 | goto finish; |
9386 | } |
9387 | result->setObject(kOSBundleExecLoadSizeKey, scratchNumber); |
9388 | OSSafeReleaseNULL(scratchNumber); |
9389 | } |
9390 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleWiredSizeKey)) { |
9391 | scratchNumber = OSNumber::withNumber( |
9392 | (unsigned long long)(wiredSize), |
9393 | /* numBits */ 8 * sizeof(wiredSize)); |
9394 | if (!scratchNumber) { |
9395 | goto finish; |
9396 | } |
9397 | result->setObject(kOSBundleWiredSizeKey, scratchNumber); |
9398 | OSSafeReleaseNULL(scratchNumber); |
9399 | } |
9400 | } |
9401 | } |
9402 | |
9403 | /* OSBundleDependencies. In descending order for |
9404 | * easy compatibility with kextstat(8). |
9405 | */ |
9406 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleDependenciesKey)) { |
9407 | if ((count = getNumDependencies())) { |
9408 | dependencyLoadTags = OSArray::withCapacity(count); |
9409 | result->setObject(kOSBundleDependenciesKey, dependencyLoadTags); |
9410 | |
9411 | i = count - 1; |
9412 | do { |
9413 | OSKext * dependency = OSDynamicCast(OSKext, |
9414 | dependencies->getObject(i)); |
9415 | |
9416 | OSSafeReleaseNULL(scratchNumber); |
9417 | |
9418 | if (!dependency) { |
9419 | continue; |
9420 | } |
9421 | scratchNumber = OSNumber::withNumber( |
9422 | (unsigned long long)dependency->getLoadTag(), |
9423 | /* numBits*/ 8 * sizeof(loadTag)); |
9424 | if (!scratchNumber) { |
9425 | goto finish; |
9426 | } |
9427 | dependencyLoadTags->setObject(scratchNumber); |
9428 | } while (i--); |
9429 | } |
9430 | } |
9431 | |
9432 | OSSafeReleaseNULL(scratchNumber); |
9433 | |
9434 | /* OSBundleMetaClasses. |
9435 | */ |
9436 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleClassesKey)) { |
9437 | if (metaClasses && metaClasses->getCount()) { |
9438 | metaClassIterator = OSCollectionIterator::withCollection(metaClasses); |
9439 | metaClassInfo = OSArray::withCapacity(metaClasses->getCount()); |
9440 | if (!metaClassIterator || !metaClassInfo) { |
9441 | goto finish; |
9442 | } |
9443 | result->setObject(kOSBundleClassesKey, metaClassInfo); |
9444 | |
9445 | while ( (thisMetaClass = OSDynamicCast(OSMetaClass, |
9446 | metaClassIterator->getNextObject())) ) { |
9447 | |
9448 | OSSafeReleaseNULL(metaClassDict); |
9449 | OSSafeReleaseNULL(scratchNumber); |
9450 | OSSafeReleaseNULL(metaClassName); |
9451 | OSSafeReleaseNULL(superclassName); |
9452 | |
9453 | metaClassDict = OSDictionary::withCapacity(3); |
9454 | if (!metaClassDict) { |
9455 | goto finish; |
9456 | } |
9457 | |
9458 | metaClassName = OSString::withCString(thisMetaClass->getClassName()); |
9459 | if (thisMetaClass->getSuperClass()) { |
9460 | superclassName = OSString::withCString( |
9461 | thisMetaClass->getSuperClass()->getClassName()); |
9462 | } |
9463 | scratchNumber = OSNumber::withNumber(thisMetaClass->getInstanceCount(), |
9464 | 8 * sizeof(unsigned int)); |
9465 | |
9466 | /* Bail if any of the essentials is missing. The root class lacks a superclass, |
9467 | * of course. |
9468 | */ |
9469 | if (!metaClassDict || !metaClassName || !scratchNumber) { |
9470 | goto finish; |
9471 | } |
9472 | |
9473 | metaClassInfo->setObject(metaClassDict); |
9474 | metaClassDict->setObject(kOSMetaClassNameKey, metaClassName); |
9475 | if (superclassName) { |
9476 | metaClassDict->setObject(kOSMetaClassSuperclassNameKey, superclassName); |
9477 | } |
9478 | metaClassDict->setObject(kOSMetaClassTrackingCountKey, scratchNumber); |
9479 | } |
9480 | } |
9481 | } |
9482 | |
9483 | /* OSBundleRetainCount. |
9484 | */ |
9485 | if (!infoKeys || _OSArrayContainsCString(infoKeys, kOSBundleRetainCountKey)) { |
9486 | OSSafeReleaseNULL(scratchNumber); |
9487 | { |
9488 | int kextRetainCount = getRetainCount() - 1; |
9489 | if (isLoaded()) { |
9490 | kextRetainCount--; |
9491 | } |
9492 | scratchNumber = OSNumber::withNumber( |
9493 | (int)kextRetainCount, |
9494 | /* numBits*/ 8 * sizeof(int)); |
9495 | if (scratchNumber) { |
9496 | result->setObject(kOSBundleRetainCountKey, scratchNumber); |
9497 | } |
9498 | } |
9499 | } |
9500 | |
9501 | success = true; |
9502 | |
9503 | finish: |
9504 | OSSafeReleaseNULL(headerData); |
9505 | OSSafeReleaseNULL(logData); |
9506 | OSSafeReleaseNULL(cpuTypeNumber); |
9507 | OSSafeReleaseNULL(cpuSubtypeNumber); |
9508 | OSSafeReleaseNULL(executablePathString); |
9509 | if (executablePathCString) kfree(executablePathCString, executablePathCStringSize); |
9510 | OSSafeReleaseNULL(scratchNumber); |
9511 | OSSafeReleaseNULL(dependencyLoadTags); |
9512 | OSSafeReleaseNULL(metaClassIterator); |
9513 | OSSafeReleaseNULL(metaClassInfo); |
9514 | OSSafeReleaseNULL(metaClassDict); |
9515 | OSSafeReleaseNULL(metaClassName); |
9516 | OSSafeReleaseNULL(superclassName); |
9517 | if (!success) { |
9518 | OSSafeReleaseNULL(result); |
9519 | } |
9520 | return result; |
9521 | } |
9522 | |
9523 | /********************************************************************* |
9524 | *********************************************************************/ |
9525 | /* static */ |
9526 | OSReturn |
9527 | OSKext::requestResource( |
9528 | const char * kextIdentifierCString, |
9529 | const char * resourceNameCString, |
9530 | OSKextRequestResourceCallback callback, |
9531 | void * context, |
9532 | OSKextRequestTag * requestTagOut) |
9533 | { |
9534 | OSReturn result = kOSReturnError; |
9535 | OSKext * callbackKext = NULL; // must release (looked up) |
9536 | |
9537 | OSKextRequestTag requestTag = -1; |
9538 | OSNumber * requestTagNum = NULL; // must release |
9539 | |
9540 | OSDictionary * requestDict = NULL; // must release |
9541 | OSString * kextIdentifier = NULL; // must release |
9542 | OSString * resourceName = NULL; // must release |
9543 | |
9544 | OSDictionary * callbackRecord = NULL; // must release |
9545 | OSData * callbackWrapper = NULL; // must release |
9546 | |
9547 | OSData * contextWrapper = NULL; // must release |
9548 | |
9549 | IORecursiveLockLock(sKextLock); |
9550 | |
9551 | if (requestTagOut) { |
9552 | *requestTagOut = kOSKextRequestTagInvalid; |
9553 | } |
9554 | |
9555 | /* If requests to user space are disabled, don't go any further */ |
9556 | if (!sKernelRequestsEnabled) { |
9557 | OSKextLog(/* kext */ NULL, |
9558 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9559 | "Can't request resource %s for %s - requests to user space are disabled." , |
9560 | resourceNameCString, |
9561 | kextIdentifierCString); |
9562 | result = kOSKextReturnDisabled; |
9563 | goto finish; |
9564 | } |
9565 | |
9566 | if (!kextIdentifierCString || !resourceNameCString || !callback) { |
9567 | result = kOSKextReturnInvalidArgument; |
9568 | goto finish; |
9569 | } |
9570 | |
9571 | callbackKext = OSKext::lookupKextWithAddress((vm_address_t)callback); |
9572 | if (!callbackKext) { |
9573 | OSKextLog(/* kext */ NULL, |
9574 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9575 | "Resource request has bad callback address." ); |
9576 | result = kOSKextReturnInvalidArgument; |
9577 | goto finish; |
9578 | } |
9579 | if (!callbackKext->flags.starting && !callbackKext->flags.started) { |
9580 | OSKextLog(/* kext */ NULL, |
9581 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9582 | "Resource request callback is in a kext that is not started." ); |
9583 | result = kOSKextReturnInvalidArgument; |
9584 | goto finish; |
9585 | } |
9586 | |
9587 | /* Do not allow any new requests to be made on a kext that is unloading. |
9588 | */ |
9589 | if (callbackKext->flags.stopping) { |
9590 | result = kOSKextReturnStopping; |
9591 | goto finish; |
9592 | } |
9593 | |
9594 | /* If we're wrapped the next available request tag around to the negative |
9595 | * numbers, we can't service any more requests. |
9596 | */ |
9597 | if (sNextRequestTag == kOSKextRequestTagInvalid) { |
9598 | OSKextLog(/* kext */ NULL, |
9599 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9600 | "No more request tags available; restart required." ); |
9601 | result = kOSKextReturnNoResources; |
9602 | goto finish; |
9603 | } |
9604 | requestTag = sNextRequestTag++; |
9605 | |
9606 | result = _OSKextCreateRequest(kKextRequestPredicateRequestResource, |
9607 | &requestDict); |
9608 | if (result != kOSReturnSuccess) { |
9609 | goto finish; |
9610 | } |
9611 | |
9612 | kextIdentifier = OSString::withCString(kextIdentifierCString); |
9613 | resourceName = OSString::withCString(resourceNameCString); |
9614 | requestTagNum = OSNumber::withNumber((long long unsigned int)requestTag, |
9615 | 8 * sizeof(requestTag)); |
9616 | if (!kextIdentifier || |
9617 | !resourceName || |
9618 | !requestTagNum || |
9619 | !_OSKextSetRequestArgument(requestDict, |
9620 | kKextRequestArgumentBundleIdentifierKey, kextIdentifier) || |
9621 | !_OSKextSetRequestArgument(requestDict, |
9622 | kKextRequestArgumentNameKey, resourceName) || |
9623 | !_OSKextSetRequestArgument(requestDict, |
9624 | kKextRequestArgumentRequestTagKey, requestTagNum)) { |
9625 | |
9626 | result = kOSKextReturnNoMemory; |
9627 | goto finish; |
9628 | } |
9629 | |
9630 | callbackRecord = OSDynamicCast(OSDictionary, requestDict->copyCollection()); |
9631 | if (!callbackRecord) { |
9632 | result = kOSKextReturnNoMemory; |
9633 | goto finish; |
9634 | } |
9635 | // we validate callback address at call time |
9636 | callbackWrapper = OSData::withBytes((void *)&callback, sizeof(void *)); |
9637 | if (context) { |
9638 | contextWrapper = OSData::withBytes((void *)&context, sizeof(void *)); |
9639 | } |
9640 | if (!callbackWrapper || !_OSKextSetRequestArgument(callbackRecord, |
9641 | kKextRequestArgumentCallbackKey, callbackWrapper)) { |
9642 | |
9643 | result = kOSKextReturnNoMemory; |
9644 | goto finish; |
9645 | } |
9646 | |
9647 | if (context) { |
9648 | if (!contextWrapper || !_OSKextSetRequestArgument(callbackRecord, |
9649 | kKextRequestArgumentContextKey, contextWrapper)) { |
9650 | |
9651 | result = kOSKextReturnNoMemory; |
9652 | goto finish; |
9653 | } |
9654 | } |
9655 | |
9656 | /* Only post the requests after all the other potential failure points |
9657 | * have been passed. |
9658 | */ |
9659 | if (!sKernelRequests->setObject(requestDict) || |
9660 | !sRequestCallbackRecords->setObject(callbackRecord)) { |
9661 | |
9662 | result = kOSKextReturnNoMemory; |
9663 | goto finish; |
9664 | } |
9665 | |
9666 | OSKext::pingKextd(); |
9667 | |
9668 | result = kOSReturnSuccess; |
9669 | if (requestTagOut) { |
9670 | *requestTagOut = requestTag; |
9671 | } |
9672 | |
9673 | finish: |
9674 | |
9675 | /* If we didn't succeed, yank the request & callback |
9676 | * from their holding arrays. |
9677 | */ |
9678 | if (result != kOSReturnSuccess) { |
9679 | unsigned int index; |
9680 | |
9681 | index = sKernelRequests->getNextIndexOfObject(requestDict, 0); |
9682 | if (index != (unsigned int)-1) { |
9683 | sKernelRequests->removeObject(index); |
9684 | } |
9685 | index = sRequestCallbackRecords->getNextIndexOfObject(callbackRecord, 0); |
9686 | if (index != (unsigned int)-1) { |
9687 | sRequestCallbackRecords->removeObject(index); |
9688 | } |
9689 | } |
9690 | |
9691 | OSKext::considerUnloads(/* rescheduleOnly? */ true); |
9692 | |
9693 | IORecursiveLockUnlock(sKextLock); |
9694 | |
9695 | if (callbackKext) callbackKext->release(); |
9696 | if (requestTagNum) requestTagNum->release(); |
9697 | |
9698 | if (requestDict) requestDict->release(); |
9699 | if (kextIdentifier) kextIdentifier->release(); |
9700 | if (resourceName) resourceName->release(); |
9701 | |
9702 | if (callbackRecord) callbackRecord->release(); |
9703 | if (callbackWrapper) callbackWrapper->release(); |
9704 | if (contextWrapper) contextWrapper->release(); |
9705 | |
9706 | return result; |
9707 | } |
9708 | |
9709 | /********************************************************************* |
9710 | * Assumes sKextLock is held. |
9711 | *********************************************************************/ |
9712 | /* static */ |
9713 | OSReturn |
9714 | OSKext::dequeueCallbackForRequestTag( |
9715 | OSKextRequestTag requestTag, |
9716 | OSDictionary ** callbackRecordOut) |
9717 | { |
9718 | OSReturn result = kOSReturnError; |
9719 | OSNumber * requestTagNum = NULL; // must release |
9720 | |
9721 | requestTagNum = OSNumber::withNumber((long long unsigned int)requestTag, |
9722 | 8 * sizeof(requestTag)); |
9723 | if (!requestTagNum) { |
9724 | goto finish; |
9725 | } |
9726 | |
9727 | result = OSKext::dequeueCallbackForRequestTag(requestTagNum, |
9728 | callbackRecordOut); |
9729 | |
9730 | finish: |
9731 | OSSafeReleaseNULL(requestTagNum); |
9732 | |
9733 | return result; |
9734 | } |
9735 | |
9736 | /********************************************************************* |
9737 | * Assumes sKextLock is held. |
9738 | *********************************************************************/ |
9739 | /* static */ |
9740 | OSReturn |
9741 | OSKext::dequeueCallbackForRequestTag( |
9742 | OSNumber * requestTagNum, |
9743 | OSDictionary ** callbackRecordOut) |
9744 | { |
9745 | OSReturn result = kOSKextReturnInvalidArgument; |
9746 | OSDictionary * callbackRecord = NULL; // retain if matched! |
9747 | OSNumber * callbackTagNum = NULL; // do not release |
9748 | unsigned int count, i; |
9749 | |
9750 | result = kOSReturnError; |
9751 | count = sRequestCallbackRecords->getCount(); |
9752 | for (i = 0; i < count; i++) { |
9753 | callbackRecord = OSDynamicCast(OSDictionary, |
9754 | sRequestCallbackRecords->getObject(i)); |
9755 | if (!callbackRecord) { |
9756 | goto finish; |
9757 | } |
9758 | |
9759 | /* If we don't find a tag, we basically have a leak here. Maybe |
9760 | * we should just remove it. |
9761 | */ |
9762 | callbackTagNum = OSDynamicCast(OSNumber, _OSKextGetRequestArgument( |
9763 | callbackRecord, kKextRequestArgumentRequestTagKey)); |
9764 | if (!callbackTagNum) { |
9765 | goto finish; |
9766 | } |
9767 | |
9768 | /* We could be even more paranoid and check that all the incoming |
9769 | * args match what's in the callback record. |
9770 | */ |
9771 | if (callbackTagNum->isEqualTo(requestTagNum)) { |
9772 | if (callbackRecordOut) { |
9773 | *callbackRecordOut = callbackRecord; |
9774 | callbackRecord->retain(); |
9775 | } |
9776 | sRequestCallbackRecords->removeObject(i); |
9777 | result = kOSReturnSuccess; |
9778 | goto finish; |
9779 | } |
9780 | } |
9781 | result = kOSKextReturnNotFound; |
9782 | |
9783 | finish: |
9784 | return result; |
9785 | } |
9786 | |
9787 | |
9788 | /********************************************************************* |
9789 | * Busy timeout triage |
9790 | *********************************************************************/ |
9791 | /* static */ |
9792 | bool |
9793 | OSKext::isWaitingKextd(void) |
9794 | { |
9795 | return sRequestCallbackRecords && sRequestCallbackRecords->getCount(); |
9796 | } |
9797 | |
9798 | /********************************************************************* |
9799 | * Assumes sKextLock is held. |
9800 | *********************************************************************/ |
9801 | /* static */ |
9802 | OSReturn |
9803 | OSKext::dispatchResource(OSDictionary * requestDict) |
9804 | { |
9805 | OSReturn result = kOSReturnError; |
9806 | OSDictionary * callbackRecord = NULL; // must release |
9807 | OSNumber * requestTag = NULL; // do not release |
9808 | OSNumber * requestResult = NULL; // do not release |
9809 | OSData * dataObj = NULL; // do not release |
9810 | uint32_t dataLength = 0; |
9811 | const void * dataPtr = NULL; // do not free |
9812 | OSData * callbackWrapper = NULL; // do not release |
9813 | OSKextRequestResourceCallback callback = NULL; |
9814 | OSData * contextWrapper = NULL; // do not release |
9815 | void * context = NULL; // do not free |
9816 | OSKext * callbackKext = NULL; // must release (looked up) |
9817 | |
9818 | /* Get the args from the request. Right now we need the tag |
9819 | * to look up the callback record, and the result for invoking the callback. |
9820 | */ |
9821 | requestTag = OSDynamicCast(OSNumber, _OSKextGetRequestArgument(requestDict, |
9822 | kKextRequestArgumentRequestTagKey)); |
9823 | requestResult = OSDynamicCast(OSNumber, _OSKextGetRequestArgument(requestDict, |
9824 | kKextRequestArgumentResultKey)); |
9825 | if (!requestTag || !requestResult) { |
9826 | result = kOSKextReturnInvalidArgument; |
9827 | goto finish; |
9828 | } |
9829 | |
9830 | /* Look for a callback record matching this request's tag. |
9831 | */ |
9832 | result = dequeueCallbackForRequestTag(requestTag, &callbackRecord); |
9833 | if (result != kOSReturnSuccess) { |
9834 | goto finish; |
9835 | } |
9836 | |
9837 | /***** |
9838 | * Get the context pointer of the callback record (if there is one). |
9839 | */ |
9840 | contextWrapper = OSDynamicCast(OSData, _OSKextGetRequestArgument(callbackRecord, |
9841 | kKextRequestArgumentContextKey)); |
9842 | context = _OSKextExtractPointer(contextWrapper); |
9843 | if (contextWrapper && !context) { |
9844 | goto finish; |
9845 | } |
9846 | |
9847 | callbackWrapper = OSDynamicCast(OSData, |
9848 | _OSKextGetRequestArgument(callbackRecord, |
9849 | kKextRequestArgumentCallbackKey)); |
9850 | callback = (OSKextRequestResourceCallback) |
9851 | _OSKextExtractPointer(callbackWrapper); |
9852 | if (!callback) { |
9853 | goto finish; |
9854 | } |
9855 | |
9856 | /* Check for a data obj. We might not have one and that's ok, that means |
9857 | * we didn't find the requested resource, and we still have to tell the |
9858 | * caller that via the callback. |
9859 | */ |
9860 | dataObj = OSDynamicCast(OSData, _OSKextGetRequestArgument(requestDict, |
9861 | kKextRequestArgumentValueKey)); |
9862 | if (dataObj) { |
9863 | dataPtr = dataObj->getBytesNoCopy(); |
9864 | dataLength = dataObj->getLength(); |
9865 | } |
9866 | |
9867 | callbackKext = OSKext::lookupKextWithAddress((vm_address_t)callback); |
9868 | if (!callbackKext) { |
9869 | OSKextLog(/* kext */ NULL, |
9870 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9871 | "Can't invoke callback for resource request; " ); |
9872 | goto finish; |
9873 | } |
9874 | if (!callbackKext->flags.starting && !callbackKext->flags.started) { |
9875 | OSKextLog(/* kext */ NULL, |
9876 | kOSKextLogErrorLevel | kOSKextLogIPCFlag, |
9877 | "Can't invoke kext resource callback; " ); |
9878 | goto finish; |
9879 | } |
9880 | |
9881 | (void)callback(requestTag->unsigned32BitValue(), |
9882 | (OSReturn)requestResult->unsigned32BitValue(), |
9883 | dataPtr, dataLength, context); |
9884 | |
9885 | result = kOSReturnSuccess; |
9886 | |
9887 | finish: |
9888 | if (callbackKext) callbackKext->release(); |
9889 | if (callbackRecord) callbackRecord->release(); |
9890 | |
9891 | return result; |
9892 | } |
9893 | |
9894 | /********************************************************************* |
9895 | *********************************************************************/ |
9896 | /* static */ |
9897 | void |
9898 | OSKext::invokeRequestCallback( |
9899 | OSDictionary * callbackRecord, |
9900 | OSReturn callbackResult) |
9901 | { |
9902 | OSString * predicate = _OSKextGetRequestPredicate(callbackRecord); |
9903 | OSNumber * resultNum = NULL; // must release |
9904 | |
9905 | if (!predicate) { |
9906 | goto finish; |
9907 | } |
9908 | |
9909 | resultNum = OSNumber::withNumber((long long unsigned int)callbackResult, |
9910 | 8 * sizeof(callbackResult)); |
9911 | if (!resultNum) { |
9912 | goto finish; |
9913 | } |
9914 | |
9915 | /* Insert the result into the callback record and dispatch it as if it |
9916 | * were the reply coming down from user space. |
9917 | */ |
9918 | _OSKextSetRequestArgument(callbackRecord, kKextRequestArgumentResultKey, |
9919 | resultNum); |
9920 | |
9921 | if (predicate->isEqualTo(kKextRequestPredicateRequestResource)) { |
9922 | /* This removes the pending callback record. |
9923 | */ |
9924 | OSKext::dispatchResource(callbackRecord); |
9925 | } |
9926 | |
9927 | finish: |
9928 | if (resultNum) resultNum->release(); |
9929 | return; |
9930 | } |
9931 | |
9932 | /********************************************************************* |
9933 | * Assumes sKextLock is held. |
9934 | *********************************************************************/ |
9935 | /* static */ |
9936 | OSReturn |
9937 | OSKext::cancelRequest( |
9938 | OSKextRequestTag requestTag, |
9939 | void ** contextOut) |
9940 | { |
9941 | OSReturn result = kOSKextReturnNoMemory; |
9942 | OSDictionary * callbackRecord = NULL; // must release |
9943 | OSData * contextWrapper = NULL; // do not release |
9944 | |
9945 | IORecursiveLockLock(sKextLock); |
9946 | result = OSKext::dequeueCallbackForRequestTag(requestTag, |
9947 | &callbackRecord); |
9948 | IORecursiveLockUnlock(sKextLock); |
9949 | |
9950 | if (result == kOSReturnSuccess && contextOut) { |
9951 | contextWrapper = OSDynamicCast(OSData, |
9952 | _OSKextGetRequestArgument(callbackRecord, |
9953 | kKextRequestArgumentContextKey)); |
9954 | *contextOut = _OSKextExtractPointer(contextWrapper); |
9955 | } |
9956 | |
9957 | if (callbackRecord) callbackRecord->release(); |
9958 | |
9959 | return result; |
9960 | } |
9961 | |
9962 | /********************************************************************* |
9963 | * Assumes sKextLock is held. |
9964 | *********************************************************************/ |
9965 | void |
9966 | OSKext::invokeOrCancelRequestCallbacks( |
9967 | OSReturn callbackResult, |
9968 | bool invokeFlag) |
9969 | { |
9970 | unsigned int count, i; |
9971 | |
9972 | count = sRequestCallbackRecords->getCount(); |
9973 | if (!count) { |
9974 | goto finish; |
9975 | } |
9976 | |
9977 | i = count - 1; |
9978 | do { |
9979 | OSDictionary * request = OSDynamicCast(OSDictionary, |
9980 | sRequestCallbackRecords->getObject(i)); |
9981 | |
9982 | if (!request) { |
9983 | continue; |
9984 | } |
9985 | OSData * callbackWrapper = OSDynamicCast(OSData, |
9986 | _OSKextGetRequestArgument(request, |
9987 | kKextRequestArgumentCallbackKey)); |
9988 | |
9989 | if (!callbackWrapper) { |
9990 | sRequestCallbackRecords->removeObject(i); |
9991 | continue; |
9992 | } |
9993 | |
9994 | vm_address_t callbackAddress = (vm_address_t) |
9995 | _OSKextExtractPointer(callbackWrapper); |
9996 | |
9997 | if ((kmod_info->address <= callbackAddress) && |
9998 | (callbackAddress < (kmod_info->address + kmod_info->size))) { |
9999 | |
10000 | if (invokeFlag) { |
10001 | /* This removes the callback record. |
10002 | */ |
10003 | invokeRequestCallback(request, callbackResult); |
10004 | } else { |
10005 | sRequestCallbackRecords->removeObject(i); |
10006 | } |
10007 | } |
10008 | } while (i--); |
10009 | |
10010 | finish: |
10011 | return; |
10012 | } |
10013 | |
10014 | /********************************************************************* |
10015 | * Assumes sKextLock is held. |
10016 | *********************************************************************/ |
10017 | uint32_t |
10018 | OSKext::countRequestCallbacks(void) |
10019 | { |
10020 | uint32_t result = 0; |
10021 | unsigned int count, i; |
10022 | |
10023 | count = sRequestCallbackRecords->getCount(); |
10024 | if (!count) { |
10025 | goto finish; |
10026 | } |
10027 | |
10028 | i = count - 1; |
10029 | do { |
10030 | OSDictionary * request = OSDynamicCast(OSDictionary, |
10031 | sRequestCallbackRecords->getObject(i)); |
10032 | |
10033 | if (!request) { |
10034 | continue; |
10035 | } |
10036 | OSData * callbackWrapper = OSDynamicCast(OSData, |
10037 | _OSKextGetRequestArgument(request, |
10038 | kKextRequestArgumentCallbackKey)); |
10039 | |
10040 | if (!callbackWrapper) { |
10041 | continue; |
10042 | } |
10043 | |
10044 | vm_address_t callbackAddress = (vm_address_t) |
10045 | _OSKextExtractPointer(callbackWrapper); |
10046 | |
10047 | if ((kmod_info->address <= callbackAddress) && |
10048 | (callbackAddress < (kmod_info->address + kmod_info->size))) { |
10049 | |
10050 | result++; |
10051 | } |
10052 | } while (i--); |
10053 | |
10054 | finish: |
10055 | return result; |
10056 | } |
10057 | |
10058 | /********************************************************************* |
10059 | *********************************************************************/ |
10060 | static OSReturn _OSKextCreateRequest( |
10061 | const char * predicate, |
10062 | OSDictionary ** requestP) |
10063 | { |
10064 | OSReturn result = kOSKextReturnNoMemory; |
10065 | OSDictionary * request = NULL; // must release on error |
10066 | |
10067 | request = OSDictionary::withCapacity(2); |
10068 | if (!request) { |
10069 | goto finish; |
10070 | } |
10071 | result = _OSDictionarySetCStringValue(request, |
10072 | kKextRequestPredicateKey, predicate); |
10073 | if (result != kOSReturnSuccess) { |
10074 | goto finish; |
10075 | } |
10076 | result = kOSReturnSuccess; |
10077 | |
10078 | finish: |
10079 | if (result != kOSReturnSuccess) { |
10080 | if (request) request->release(); |
10081 | } else { |
10082 | *requestP = request; |
10083 | } |
10084 | |
10085 | return result; |
10086 | } |
10087 | |
10088 | /********************************************************************* |
10089 | *********************************************************************/ |
10090 | static OSString * _OSKextGetRequestPredicate(OSDictionary * requestDict) |
10091 | { |
10092 | return OSDynamicCast(OSString, |
10093 | requestDict->getObject(kKextRequestPredicateKey)); |
10094 | } |
10095 | |
10096 | /********************************************************************* |
10097 | *********************************************************************/ |
10098 | static OSObject * _OSKextGetRequestArgument( |
10099 | OSDictionary * requestDict, |
10100 | const char * argName) |
10101 | { |
10102 | OSDictionary * args = OSDynamicCast(OSDictionary, |
10103 | requestDict->getObject(kKextRequestArgumentsKey)); |
10104 | if (args) { |
10105 | return args->getObject(argName); |
10106 | } |
10107 | return NULL; |
10108 | } |
10109 | |
10110 | /********************************************************************* |
10111 | *********************************************************************/ |
10112 | static bool _OSKextSetRequestArgument( |
10113 | OSDictionary * requestDict, |
10114 | const char * argName, |
10115 | OSObject * value) |
10116 | { |
10117 | OSDictionary * args = OSDynamicCast(OSDictionary, |
10118 | requestDict->getObject(kKextRequestArgumentsKey)); |
10119 | if (!args) { |
10120 | args = OSDictionary::withCapacity(2); |
10121 | if (!args) { |
10122 | goto finish; |
10123 | } |
10124 | requestDict->setObject(kKextRequestArgumentsKey, args); |
10125 | args->release(); |
10126 | } |
10127 | if (args) { |
10128 | return args->setObject(argName, value); |
10129 | } |
10130 | finish: |
10131 | return false; |
10132 | } |
10133 | |
10134 | /********************************************************************* |
10135 | *********************************************************************/ |
10136 | static void * (OSData * wrapper) |
10137 | { |
10138 | void * result = NULL; |
10139 | const void * resultPtr = NULL; |
10140 | |
10141 | if (!wrapper) { |
10142 | goto finish; |
10143 | } |
10144 | resultPtr = wrapper->getBytesNoCopy(); |
10145 | result = *(void **)resultPtr; |
10146 | finish: |
10147 | return result; |
10148 | } |
10149 | |
10150 | /********************************************************************* |
10151 | *********************************************************************/ |
10152 | static OSReturn _OSDictionarySetCStringValue( |
10153 | OSDictionary * dict, |
10154 | const char * cKey, |
10155 | const char * cValue) |
10156 | { |
10157 | OSReturn result = kOSKextReturnNoMemory; |
10158 | const OSSymbol * key = NULL; // must release |
10159 | OSString * value = NULL; // must release |
10160 | |
10161 | key = OSSymbol::withCString(cKey); |
10162 | value = OSString::withCString(cValue); |
10163 | if (!key || !value) { |
10164 | goto finish; |
10165 | } |
10166 | if (dict->setObject(key, value)) { |
10167 | result = kOSReturnSuccess; |
10168 | } |
10169 | |
10170 | finish: |
10171 | if (key) key->release(); |
10172 | if (value) value->release(); |
10173 | |
10174 | return result; |
10175 | } |
10176 | |
10177 | /********************************************************************* |
10178 | *********************************************************************/ |
10179 | static bool _OSArrayContainsCString( |
10180 | OSArray * array, |
10181 | const char * cString) |
10182 | { |
10183 | bool result = false; |
10184 | const OSSymbol * symbol = NULL; |
10185 | uint32_t count, i; |
10186 | |
10187 | if (!array || !cString) { |
10188 | goto finish; |
10189 | } |
10190 | |
10191 | symbol = OSSymbol::withCStringNoCopy(cString); |
10192 | if (!symbol) { |
10193 | goto finish; |
10194 | } |
10195 | |
10196 | count = array->getCount(); |
10197 | for (i = 0; i < count; i++) { |
10198 | OSObject * thisObject = array->getObject(i); |
10199 | if (symbol->isEqualTo(thisObject)) { |
10200 | result = true; |
10201 | goto finish; |
10202 | } |
10203 | } |
10204 | |
10205 | finish: |
10206 | if (symbol) symbol->release(); |
10207 | return result; |
10208 | } |
10209 | |
10210 | /********************************************************************* |
10211 | * We really only care about boot / system start up related kexts. |
10212 | * We return true if we're less than REBUILD_MAX_TIME since start up, |
10213 | * otherwise return false. |
10214 | *********************************************************************/ |
10215 | bool _OSKextInPrelinkRebuildWindow(void) |
10216 | { |
10217 | static bool outside_the_window = false; |
10218 | AbsoluteTime my_abstime; |
10219 | UInt64 my_ns; |
10220 | SInt32 my_secs; |
10221 | |
10222 | if (outside_the_window) { |
10223 | return(false); |
10224 | } |
10225 | clock_get_uptime(&my_abstime); |
10226 | absolutetime_to_nanoseconds(my_abstime, &my_ns); |
10227 | my_secs = (SInt32)(my_ns / NSEC_PER_SEC); |
10228 | if (my_secs > REBUILD_MAX_TIME) { |
10229 | outside_the_window = true; |
10230 | return(false); |
10231 | } |
10232 | return(true); |
10233 | } |
10234 | |
10235 | /********************************************************************* |
10236 | *********************************************************************/ |
10237 | bool _OSKextInUnloadedPrelinkedKexts( const OSSymbol * theBundleID ) |
10238 | { |
10239 | int unLoadedCount, i; |
10240 | bool result = false; |
10241 | |
10242 | IORecursiveLockLock(sKextLock); |
10243 | |
10244 | if (sUnloadedPrelinkedKexts == NULL) { |
10245 | goto finish; |
10246 | } |
10247 | unLoadedCount = sUnloadedPrelinkedKexts->getCount(); |
10248 | if (unLoadedCount == 0) { |
10249 | goto finish; |
10250 | } |
10251 | |
10252 | for (i = 0; i < unLoadedCount; i++) { |
10253 | const OSSymbol * myBundleID; // do not release |
10254 | |
10255 | myBundleID = OSDynamicCast(OSSymbol, sUnloadedPrelinkedKexts->getObject(i)); |
10256 | if (!myBundleID) continue; |
10257 | if (theBundleID->isEqualTo(myBundleID->getCStringNoCopy())) { |
10258 | result = true; |
10259 | break; |
10260 | } |
10261 | } |
10262 | finish: |
10263 | IORecursiveLockUnlock(sKextLock); |
10264 | return(result); |
10265 | } |
10266 | |
10267 | #if PRAGMA_MARK |
10268 | #pragma mark Personalities (IOKit Drivers) |
10269 | #endif |
10270 | /********************************************************************* |
10271 | *********************************************************************/ |
10272 | /* static */ |
10273 | OSArray * |
10274 | OSKext::copyAllKextPersonalities(bool filterSafeBootFlag) |
10275 | { |
10276 | OSArray * result = NULL; // returned |
10277 | OSCollectionIterator * kextIterator = NULL; // must release |
10278 | OSArray * personalities = NULL; // must release |
10279 | OSCollectionIterator * personalitiesIterator = NULL; // must release |
10280 | |
10281 | OSString * kextID = NULL; // do not release |
10282 | OSKext * theKext = NULL; // do not release |
10283 | |
10284 | IORecursiveLockLock(sKextLock); |
10285 | |
10286 | /* Let's conservatively guess that any given kext has around 3 |
10287 | * personalities for now. |
10288 | */ |
10289 | result = OSArray::withCapacity(sKextsByID->getCount() * 3); |
10290 | if (!result) { |
10291 | goto finish; |
10292 | } |
10293 | |
10294 | kextIterator = OSCollectionIterator::withCollection(sKextsByID); |
10295 | if (!kextIterator) { |
10296 | goto finish; |
10297 | } |
10298 | |
10299 | while ((kextID = OSDynamicCast(OSString, kextIterator->getNextObject()))) { |
10300 | if (personalitiesIterator) { |
10301 | personalitiesIterator->release(); |
10302 | personalitiesIterator = NULL; |
10303 | } |
10304 | if (personalities) { |
10305 | personalities->release(); |
10306 | personalities = NULL; |
10307 | } |
10308 | |
10309 | theKext = OSDynamicCast(OSKext, sKextsByID->getObject(kextID)); |
10310 | if (!sSafeBoot || !filterSafeBootFlag || theKext->isLoadableInSafeBoot()) { |
10311 | personalities = theKext->copyPersonalitiesArray(); |
10312 | if (!personalities) { |
10313 | continue; |
10314 | } |
10315 | result->merge(personalities); |
10316 | } else { |
10317 | // xxx - check for better place to put this log msg |
10318 | OSKextLog(theKext, |
10319 | kOSKextLogWarningLevel | |
10320 | kOSKextLogLoadFlag, |
10321 | "Kext %s is not loadable during safe boot; " |
10322 | "omitting its personalities." , |
10323 | theKext->getIdentifierCString()); |
10324 | } |
10325 | |
10326 | } |
10327 | |
10328 | finish: |
10329 | IORecursiveLockUnlock(sKextLock); |
10330 | |
10331 | if (kextIterator) kextIterator->release(); |
10332 | if (personalitiesIterator) personalitiesIterator->release(); |
10333 | if (personalities) personalities->release(); |
10334 | |
10335 | return result; |
10336 | } |
10337 | |
10338 | /********************************************************************* |
10339 | *********************************************************************/ |
10340 | /* static */ |
10341 | void |
10342 | OSKext::sendAllKextPersonalitiesToCatalog(bool startMatching) |
10343 | { |
10344 | int numPersonalities = 0; |
10345 | |
10346 | OSKextLog(/* kext */ NULL, |
10347 | kOSKextLogStepLevel | |
10348 | kOSKextLogLoadFlag, |
10349 | "Sending all eligible registered kexts' personalities " |
10350 | "to the IOCatalogue %s." , |
10351 | startMatching ? "and starting matching" : "but not starting matching" ); |
10352 | |
10353 | OSArray * personalities = OSKext::copyAllKextPersonalities( |
10354 | /* filterSafeBootFlag */ true); |
10355 | |
10356 | if (personalities) { |
10357 | gIOCatalogue->addDrivers(personalities, startMatching); |
10358 | numPersonalities = personalities->getCount(); |
10359 | personalities->release(); |
10360 | } |
10361 | |
10362 | OSKextLog(/* kext */ NULL, |
10363 | kOSKextLogStepLevel | |
10364 | kOSKextLogLoadFlag, |
10365 | "%d kext personalit%s sent to the IOCatalogue; %s." , |
10366 | numPersonalities, numPersonalities > 0 ? "ies" : "y" , |
10367 | startMatching ? "matching started" : "matching not started" ); |
10368 | return; |
10369 | } |
10370 | |
10371 | /********************************************************************* |
10372 | * Do not make a deep copy, just convert the IOKitPersonalities dict |
10373 | * to an array for sending to the IOCatalogue. |
10374 | *********************************************************************/ |
10375 | OSArray * |
10376 | OSKext::copyPersonalitiesArray(void) |
10377 | { |
10378 | OSArray * result = NULL; |
10379 | OSDictionary * personalities = NULL; // do not release |
10380 | OSCollectionIterator * personalitiesIterator = NULL; // must release |
10381 | |
10382 | OSString * personalityName = NULL; // do not release |
10383 | OSString * personalityBundleIdentifier = NULL; // do not release |
10384 | |
10385 | personalities = OSDynamicCast(OSDictionary, |
10386 | getPropertyForHostArch(kIOKitPersonalitiesKey)); |
10387 | if (!personalities) { |
10388 | goto finish; |
10389 | } |
10390 | |
10391 | result = OSArray::withCapacity(personalities->getCount()); |
10392 | if (!result) { |
10393 | goto finish; |
10394 | } |
10395 | |
10396 | personalitiesIterator = |
10397 | OSCollectionIterator::withCollection(personalities); |
10398 | if (!personalitiesIterator) { |
10399 | goto finish; |
10400 | } |
10401 | while ((personalityName = OSDynamicCast(OSString, |
10402 | personalitiesIterator->getNextObject()))) { |
10403 | |
10404 | OSDictionary * personality = OSDynamicCast(OSDictionary, |
10405 | personalities->getObject(personalityName)); |
10406 | |
10407 | /****** |
10408 | * If the personality doesn't have a CFBundleIdentifier, or if it |
10409 | * differs from the kext's, insert the kext's ID so we can find it. |
10410 | * The publisher ID is used to remove personalities from bundles |
10411 | * correctly. |
10412 | */ |
10413 | personalityBundleIdentifier = OSDynamicCast(OSString, |
10414 | personality->getObject(kCFBundleIdentifierKey)); |
10415 | |
10416 | if (!personalityBundleIdentifier) { |
10417 | personality->setObject(kCFBundleIdentifierKey, bundleID); |
10418 | } else if (!personalityBundleIdentifier->isEqualTo(bundleID)) { |
10419 | personality->setObject(kIOPersonalityPublisherKey, bundleID); |
10420 | } |
10421 | |
10422 | result->setObject(personality); |
10423 | } |
10424 | |
10425 | finish: |
10426 | if (personalitiesIterator) personalitiesIterator->release(); |
10427 | |
10428 | return result; |
10429 | } |
10430 | |
10431 | /********************************************************************* |
10432 | Might want to change this to a bool return? |
10433 | *********************************************************************/ |
10434 | OSReturn |
10435 | OSKext::sendPersonalitiesToCatalog( |
10436 | bool startMatching, |
10437 | OSArray * personalityNames) |
10438 | { |
10439 | OSReturn result = kOSReturnSuccess; |
10440 | OSArray * personalitiesToSend = NULL; // must release |
10441 | OSDictionary * kextPersonalities = NULL; // do not release |
10442 | int count, i; |
10443 | |
10444 | if (!sLoadEnabled) { |
10445 | OSKextLog(this, |
10446 | kOSKextLogErrorLevel | |
10447 | kOSKextLogLoadFlag, |
10448 | "Kext loading is disabled (attempt to start matching for kext %s)." , |
10449 | getIdentifierCString()); |
10450 | result = kOSKextReturnDisabled; |
10451 | goto finish; |
10452 | } |
10453 | |
10454 | if (sSafeBoot && !isLoadableInSafeBoot()) { |
10455 | OSKextLog(this, |
10456 | kOSKextLogErrorLevel | |
10457 | kOSKextLogLoadFlag, |
10458 | "Kext %s is not loadable during safe boot; " |
10459 | "not sending personalities to the IOCatalogue." , |
10460 | getIdentifierCString()); |
10461 | result = kOSKextReturnNotLoadable; |
10462 | goto finish; |
10463 | } |
10464 | |
10465 | if (!personalityNames || !personalityNames->getCount()) { |
10466 | personalitiesToSend = copyPersonalitiesArray(); |
10467 | } else { |
10468 | kextPersonalities = OSDynamicCast(OSDictionary, |
10469 | getPropertyForHostArch(kIOKitPersonalitiesKey)); |
10470 | if (!kextPersonalities || !kextPersonalities->getCount()) { |
10471 | // not an error |
10472 | goto finish; |
10473 | } |
10474 | personalitiesToSend = OSArray::withCapacity(0); |
10475 | if (!personalitiesToSend) { |
10476 | result = kOSKextReturnNoMemory; |
10477 | goto finish; |
10478 | } |
10479 | count = personalityNames->getCount(); |
10480 | for (i = 0; i < count; i++) { |
10481 | OSString * name = OSDynamicCast(OSString, |
10482 | personalityNames->getObject(i)); |
10483 | if (!name) { |
10484 | continue; |
10485 | } |
10486 | OSDictionary * personality = OSDynamicCast(OSDictionary, |
10487 | kextPersonalities->getObject(name)); |
10488 | if (personality) { |
10489 | personalitiesToSend->setObject(personality); |
10490 | } |
10491 | } |
10492 | } |
10493 | if (personalitiesToSend) { |
10494 | unsigned numPersonalities = personalitiesToSend->getCount(); |
10495 | OSKextLog(this, |
10496 | kOSKextLogStepLevel | |
10497 | kOSKextLogLoadFlag, |
10498 | "Kext %s sending %d personalit%s to the IOCatalogue%s." , |
10499 | getIdentifierCString(), |
10500 | numPersonalities, |
10501 | numPersonalities > 1 ? "ies" : "y" , |
10502 | startMatching ? " and starting matching" : " but not starting matching" ); |
10503 | gIOCatalogue->addDrivers(personalitiesToSend, startMatching); |
10504 | } |
10505 | finish: |
10506 | if (personalitiesToSend) { |
10507 | personalitiesToSend->release(); |
10508 | } |
10509 | return result; |
10510 | } |
10511 | |
10512 | /********************************************************************* |
10513 | * xxx - We should allow removing the kext's declared personalities, |
10514 | * xxx - even with other bundle identifiers. |
10515 | *********************************************************************/ |
10516 | void |
10517 | OSKext::removePersonalitiesFromCatalog(void) |
10518 | { |
10519 | OSDictionary * personality = NULL; // do not release |
10520 | |
10521 | personality = OSDictionary::withCapacity(1); |
10522 | if (!personality) { |
10523 | goto finish; |
10524 | } |
10525 | personality->setObject(kCFBundleIdentifierKey, getIdentifier()); |
10526 | |
10527 | OSKextLog(this, |
10528 | kOSKextLogStepLevel | |
10529 | kOSKextLogLoadFlag, |
10530 | "Kext %s removing all personalities naming it from the IOCatalogue." , |
10531 | getIdentifierCString()); |
10532 | |
10533 | /* Have the IOCatalog remove all personalities matching this kext's |
10534 | * bundle ID and trigger matching anew. |
10535 | */ |
10536 | gIOCatalogue->removeDrivers(personality, /* startMatching */ true); |
10537 | |
10538 | finish: |
10539 | if (personality) personality->release(); |
10540 | |
10541 | return; |
10542 | } |
10543 | |
10544 | |
10545 | #if PRAGMA_MARK |
10546 | #pragma mark Logging |
10547 | #endif |
10548 | /********************************************************************* |
10549 | * Do not call any function that takes sKextLock here! |
10550 | *********************************************************************/ |
10551 | /* static */ |
10552 | OSKextLogSpec |
10553 | OSKext::setUserSpaceLogFilter( |
10554 | OSKextLogSpec newUserLogFilter, |
10555 | bool captureFlag) |
10556 | { |
10557 | OSKextLogSpec result; |
10558 | bool allocError = false; |
10559 | |
10560 | /* Do not call any function that takes sKextLoggingLock during |
10561 | * this critical block. That means do logging after. |
10562 | */ |
10563 | IOLockLock(sKextLoggingLock); |
10564 | |
10565 | result = sUserSpaceKextLogFilter; |
10566 | sUserSpaceKextLogFilter = newUserLogFilter; |
10567 | |
10568 | if (newUserLogFilter && captureFlag && |
10569 | !sUserSpaceLogSpecArray && !sUserSpaceLogMessageArray) { |
10570 | |
10571 | // xxx - do some measurements for a good initial capacity? |
10572 | sUserSpaceLogSpecArray = OSArray::withCapacity(0); |
10573 | sUserSpaceLogMessageArray = OSArray::withCapacity(0); |
10574 | |
10575 | if (!sUserSpaceLogSpecArray || !sUserSpaceLogMessageArray) { |
10576 | OSSafeReleaseNULL(sUserSpaceLogSpecArray); |
10577 | OSSafeReleaseNULL(sUserSpaceLogMessageArray); |
10578 | allocError = true; |
10579 | } |
10580 | } |
10581 | |
10582 | IOLockUnlock(sKextLoggingLock); |
10583 | |
10584 | /* If the config flag itself is changing, log the state change |
10585 | * going both ways, before setting up the user-space log arrays, |
10586 | * so that this is only logged in the kernel. |
10587 | */ |
10588 | if (result != newUserLogFilter) { |
10589 | OSKextLog(/* kext */ NULL, |
10590 | kOSKextLogDebugLevel | |
10591 | kOSKextLogGeneralFlag, |
10592 | "User-space log flags changed from 0x%x to 0x%x." , |
10593 | result, newUserLogFilter); |
10594 | } |
10595 | if (allocError) { |
10596 | OSKextLog(/* kext */ NULL, |
10597 | kOSKextLogErrorLevel | |
10598 | kOSKextLogGeneralFlag, |
10599 | "Failed to allocate user-space log message arrays." ); |
10600 | } |
10601 | |
10602 | return result; |
10603 | } |
10604 | |
10605 | /********************************************************************* |
10606 | * Do not call any function that takes sKextLock here! |
10607 | *********************************************************************/ |
10608 | /* static */ |
10609 | OSArray * |
10610 | OSKext::clearUserSpaceLogFilter(void) |
10611 | { |
10612 | OSArray * result = NULL; |
10613 | OSKextLogSpec oldLogFilter; |
10614 | OSKextLogSpec newLogFilter = kOSKextLogSilentFilter; |
10615 | |
10616 | /* Do not call any function that takes sKextLoggingLock during |
10617 | * this critical block. That means do logging after. |
10618 | */ |
10619 | IOLockLock(sKextLoggingLock); |
10620 | |
10621 | result = OSArray::withCapacity(2); |
10622 | if (result) { |
10623 | result->setObject(sUserSpaceLogSpecArray); |
10624 | result->setObject(sUserSpaceLogMessageArray); |
10625 | } |
10626 | OSSafeReleaseNULL(sUserSpaceLogSpecArray); |
10627 | OSSafeReleaseNULL(sUserSpaceLogMessageArray); |
10628 | |
10629 | oldLogFilter = sUserSpaceKextLogFilter; |
10630 | sUserSpaceKextLogFilter = newLogFilter; |
10631 | |
10632 | IOLockUnlock(sKextLoggingLock); |
10633 | |
10634 | /* If the config flag itself is changing, log the state change |
10635 | * going both ways, after tearing down the user-space log |
10636 | * arrays, so this is only logged within the kernel. |
10637 | */ |
10638 | if (oldLogFilter != newLogFilter) { |
10639 | OSKextLog(/* kext */ NULL, |
10640 | kOSKextLogDebugLevel | |
10641 | kOSKextLogGeneralFlag, |
10642 | "User-space log flags changed from 0x%x to 0x%x." , |
10643 | oldLogFilter, newLogFilter); |
10644 | } |
10645 | |
10646 | return result; |
10647 | } |
10648 | |
10649 | |
10650 | /********************************************************************* |
10651 | * Do not call any function that takes sKextLock here! |
10652 | *********************************************************************/ |
10653 | /* static */ |
10654 | OSKextLogSpec |
10655 | OSKext::getUserSpaceLogFilter(void) |
10656 | { |
10657 | OSKextLogSpec result; |
10658 | |
10659 | IOLockLock(sKextLoggingLock); |
10660 | result = sUserSpaceKextLogFilter; |
10661 | IOLockUnlock(sKextLoggingLock); |
10662 | |
10663 | return result; |
10664 | } |
10665 | |
10666 | /********************************************************************* |
10667 | * This function is called by OSMetaClass during kernel C++ setup. |
10668 | * Be careful what you access here; assume only OSKext::initialize() |
10669 | * has been called. |
10670 | * |
10671 | * Do not call any function that takes sKextLock here! |
10672 | *********************************************************************/ |
10673 | #define VTRESET "\033[0m" |
10674 | |
10675 | #define VTBOLD "\033[1m" |
10676 | #define VTUNDER "\033[4m" |
10677 | |
10678 | #define VTRED "\033[31m" |
10679 | #define VTGREEN "\033[32m" |
10680 | #define VTYELLOW "\033[33m" |
10681 | #define VTBLUE "\033[34m" |
10682 | #define VTMAGENTA "\033[35m" |
10683 | #define VTCYAN "\033[36m" |
10684 | |
10685 | inline const char * colorForFlags(OSKextLogSpec flags) |
10686 | { |
10687 | OSKextLogSpec logLevel = flags & kOSKextLogLevelMask; |
10688 | |
10689 | switch (logLevel) { |
10690 | case kOSKextLogErrorLevel: |
10691 | return VTRED VTBOLD; |
10692 | case kOSKextLogWarningLevel: |
10693 | return VTRED; |
10694 | case kOSKextLogBasicLevel: |
10695 | return VTYELLOW VTUNDER; |
10696 | case kOSKextLogProgressLevel: |
10697 | return VTYELLOW; |
10698 | case kOSKextLogStepLevel: |
10699 | return VTGREEN; |
10700 | case kOSKextLogDetailLevel: |
10701 | return VTCYAN; |
10702 | case kOSKextLogDebugLevel: |
10703 | return VTMAGENTA; |
10704 | default: |
10705 | return "" ; // white |
10706 | } |
10707 | } |
10708 | |
10709 | inline bool logSpecMatch( |
10710 | OSKextLogSpec msgLogSpec, |
10711 | OSKextLogSpec logFilter) |
10712 | { |
10713 | OSKextLogSpec filterKextGlobal = logFilter & kOSKextLogKextOrGlobalMask; |
10714 | OSKextLogSpec filterLevel = logFilter & kOSKextLogLevelMask; |
10715 | OSKextLogSpec filterFlags = logFilter & kOSKextLogFlagsMask; |
10716 | |
10717 | OSKextLogSpec msgKextGlobal = msgLogSpec & kOSKextLogKextOrGlobalMask; |
10718 | OSKextLogSpec msgLevel = msgLogSpec & kOSKextLogLevelMask; |
10719 | OSKextLogSpec msgFlags = msgLogSpec & kOSKextLogFlagsMask; |
10720 | |
10721 | /* Explicit messages always get logged. |
10722 | */ |
10723 | if (msgLevel == kOSKextLogExplicitLevel) { |
10724 | return true; |
10725 | } |
10726 | |
10727 | /* Warnings and errors are logged regardless of the flags. |
10728 | */ |
10729 | if (msgLevel <= kOSKextLogBasicLevel && (msgLevel <= filterLevel)) { |
10730 | return true; |
10731 | } |
10732 | |
10733 | /* A verbose message that isn't for a logging-enabled kext and isn't global |
10734 | * does *not* get logged. |
10735 | */ |
10736 | if (!msgKextGlobal && !filterKextGlobal) { |
10737 | return false; |
10738 | } |
10739 | |
10740 | /* Warnings and errors are logged regardless of the flags. |
10741 | * All other messages must fit the flags and |
10742 | * have a level at or below the filter. |
10743 | * |
10744 | */ |
10745 | if ((msgFlags & filterFlags) && (msgLevel <= filterLevel)) { |
10746 | return true; |
10747 | } |
10748 | return false; |
10749 | } |
10750 | |
10751 | extern "C" { |
10752 | |
10753 | void |
10754 | OSKextLog( |
10755 | OSKext * aKext, |
10756 | OSKextLogSpec msgLogSpec, |
10757 | const char * format, ...) |
10758 | { |
10759 | va_list argList; |
10760 | |
10761 | va_start(argList, format); |
10762 | OSKextVLog(aKext, msgLogSpec, format, argList); |
10763 | va_end(argList); |
10764 | } |
10765 | |
10766 | void |
10767 | OSKextVLog( |
10768 | OSKext * aKext, |
10769 | OSKextLogSpec msgLogSpec, |
10770 | const char * format, |
10771 | va_list srcArgList) |
10772 | { |
10773 | extern int disableConsoleOutput; |
10774 | |
10775 | bool logForKernel = false; |
10776 | bool logForUser = false; |
10777 | va_list argList; |
10778 | char stackBuffer[120]; |
10779 | uint32_t length = 0; |
10780 | char * allocBuffer = NULL; // must kfree |
10781 | OSNumber * logSpecNum = NULL; // must release |
10782 | OSString * logString = NULL; // must release |
10783 | char * buffer = stackBuffer; // do not free |
10784 | |
10785 | IOLockLock(sKextLoggingLock); |
10786 | |
10787 | /* Set the kext/global bit in the message spec if we have no |
10788 | * kext or if the kext requests logging. |
10789 | */ |
10790 | if (!aKext || aKext->flags.loggingEnabled) { |
10791 | msgLogSpec = msgLogSpec | kOSKextLogKextOrGlobalMask; |
10792 | } |
10793 | |
10794 | logForKernel = logSpecMatch(msgLogSpec, sKernelLogFilter); |
10795 | if (sUserSpaceLogSpecArray && sUserSpaceLogMessageArray) { |
10796 | logForUser = logSpecMatch(msgLogSpec, sUserSpaceKextLogFilter); |
10797 | } |
10798 | |
10799 | if (! (logForKernel || logForUser) ) { |
10800 | goto finish; |
10801 | } |
10802 | |
10803 | /* No goto from here until past va_end()! |
10804 | */ |
10805 | va_copy(argList, srcArgList); |
10806 | length = vsnprintf(stackBuffer, sizeof(stackBuffer), format, argList); |
10807 | va_end(argList); |
10808 | |
10809 | if (length + 1 >= sizeof(stackBuffer)) { |
10810 | allocBuffer = (char *)kalloc_tag((length + 1) * sizeof(char), VM_KERN_MEMORY_OSKEXT); |
10811 | if (!allocBuffer) { |
10812 | goto finish; |
10813 | } |
10814 | |
10815 | /* No goto from here until past va_end()! |
10816 | */ |
10817 | va_copy(argList, srcArgList); |
10818 | vsnprintf(allocBuffer, length + 1, format, argList); |
10819 | va_end(argList); |
10820 | |
10821 | buffer = allocBuffer; |
10822 | } |
10823 | |
10824 | /* If user space wants the log message, queue it up. |
10825 | */ |
10826 | if (logForUser && sUserSpaceLogSpecArray && sUserSpaceLogMessageArray) { |
10827 | logSpecNum = OSNumber::withNumber(msgLogSpec, 8 * sizeof(msgLogSpec)); |
10828 | logString = OSString::withCString(buffer); |
10829 | if (logSpecNum && logString) { |
10830 | sUserSpaceLogSpecArray->setObject(logSpecNum); |
10831 | sUserSpaceLogMessageArray->setObject(logString); |
10832 | } |
10833 | } |
10834 | |
10835 | /* Always log messages from the kernel according to the kernel's |
10836 | * log flags. |
10837 | */ |
10838 | if (logForKernel) { |
10839 | |
10840 | /* If we are in console mode and have a custom log filter, |
10841 | * colorize the log message. |
10842 | */ |
10843 | if (!disableConsoleOutput && sBootArgLogFilterFound) { |
10844 | const char * color = "" ; // do not free |
10845 | color = colorForFlags(msgLogSpec); |
10846 | printf("%s%s%s\n" , colorForFlags(msgLogSpec), |
10847 | buffer, color[0] ? VTRESET : "" ); |
10848 | } else { |
10849 | printf("%s\n" , buffer); |
10850 | } |
10851 | } |
10852 | |
10853 | finish: |
10854 | IOLockUnlock(sKextLoggingLock); |
10855 | |
10856 | if (allocBuffer) { |
10857 | kfree(allocBuffer, (length + 1) * sizeof(char)); |
10858 | } |
10859 | OSSafeReleaseNULL(logString); |
10860 | OSSafeReleaseNULL(logSpecNum); |
10861 | return; |
10862 | } |
10863 | |
10864 | #if KASLR_IOREG_DEBUG |
10865 | |
10866 | #define IOLOG_INDENT( the_indention ) \ |
10867 | { \ |
10868 | int i; \ |
10869 | for ( i = 0; i < (the_indention); i++ ) { \ |
10870 | IOLog(" "); \ |
10871 | } \ |
10872 | } |
10873 | |
10874 | extern vm_offset_t vm_kernel_stext; |
10875 | extern vm_offset_t vm_kernel_etext; |
10876 | extern mach_vm_offset_t kext_alloc_base; |
10877 | extern mach_vm_offset_t kext_alloc_max; |
10878 | |
10879 | bool ScanForAddrInObject(OSObject * theObject, |
10880 | int indent ); |
10881 | |
10882 | bool ScanForAddrInObject(OSObject * theObject, |
10883 | int indent) |
10884 | { |
10885 | const OSMetaClass * myTypeID; |
10886 | OSCollectionIterator * myIter; |
10887 | OSSymbol * myKey; |
10888 | OSObject * myValue; |
10889 | bool myResult = false; |
10890 | |
10891 | if ( theObject == NULL ) { |
10892 | IOLog("%s: theObject is NULL \n" , |
10893 | __FUNCTION__); |
10894 | return myResult; |
10895 | } |
10896 | |
10897 | myTypeID = OSTypeIDInst(theObject); |
10898 | |
10899 | if ( myTypeID == OSTypeID(OSDictionary) ) { |
10900 | OSDictionary * myDictionary; |
10901 | |
10902 | myDictionary = OSDynamicCast(OSDictionary, theObject); |
10903 | myIter = OSCollectionIterator::withCollection( myDictionary ); |
10904 | if ( myIter == NULL ) |
10905 | return myResult; |
10906 | myIter->reset(); |
10907 | |
10908 | while ( (myKey = OSDynamicCast(OSSymbol, myIter->getNextObject())) ) { |
10909 | bool myTempResult; |
10910 | |
10911 | myValue = myDictionary->getObject(myKey); |
10912 | myTempResult = ScanForAddrInObject(myValue, (indent + 4)); |
10913 | if (myTempResult) { |
10914 | // if we ever get a true result return true |
10915 | myResult = true; |
10916 | IOLOG_INDENT(indent); |
10917 | IOLog("OSDictionary key \"%s\" \n" , myKey->getCStringNoCopy()); |
10918 | } |
10919 | } |
10920 | myIter->release(); |
10921 | } |
10922 | else if ( myTypeID == OSTypeID(OSArray) ) { |
10923 | OSArray * myArray; |
10924 | |
10925 | myArray = OSDynamicCast(OSArray, theObject); |
10926 | myIter = OSCollectionIterator::withCollection(myArray); |
10927 | if ( myIter == NULL ) |
10928 | return myResult; |
10929 | myIter->reset(); |
10930 | |
10931 | while ( (myValue = myIter->getNextObject()) ) { |
10932 | bool myTempResult; |
10933 | myTempResult = ScanForAddrInObject(myValue, (indent + 4)); |
10934 | if (myTempResult) { |
10935 | // if we ever get a true result return true |
10936 | myResult = true; |
10937 | IOLOG_INDENT(indent); |
10938 | IOLog("OSArray: \n" ); |
10939 | } |
10940 | } |
10941 | myIter->release(); |
10942 | } |
10943 | else if ( myTypeID == OSTypeID(OSString) || myTypeID == OSTypeID(OSSymbol) ) { |
10944 | |
10945 | // should we look for addresses in strings? |
10946 | } |
10947 | else if ( myTypeID == OSTypeID(OSData) ) { |
10948 | |
10949 | void * * myPtrPtr; |
10950 | unsigned int myLen; |
10951 | OSData * myDataObj; |
10952 | |
10953 | myDataObj = OSDynamicCast(OSData, theObject); |
10954 | myPtrPtr = (void * *) myDataObj->getBytesNoCopy(); |
10955 | myLen = myDataObj->getLength(); |
10956 | |
10957 | if (myPtrPtr && myLen && myLen > 7) { |
10958 | int i; |
10959 | int myPtrCount = (myLen / sizeof(void *)); |
10960 | |
10961 | for (i = 0; i < myPtrCount; i++) { |
10962 | UInt64 numberValue = (UInt64) *(myPtrPtr); |
10963 | |
10964 | if ( kext_alloc_max != 0 && |
10965 | numberValue >= kext_alloc_base && |
10966 | numberValue < kext_alloc_max ) { |
10967 | |
10968 | OSKext * myKext = NULL; // must release (looked up) |
10969 | // IOLog("found OSData %p in kext map %p to %p \n", |
10970 | // *(myPtrPtr), |
10971 | // (void *) kext_alloc_base, |
10972 | // (void *) kext_alloc_max); |
10973 | |
10974 | myKext = OSKext::lookupKextWithAddress( (vm_address_t) *(myPtrPtr) ); |
10975 | if (myKext) { |
10976 | IOLog("found addr %p from an OSData obj within kext \"%s\" \n" , |
10977 | *(myPtrPtr), |
10978 | myKext->getIdentifierCString()); |
10979 | myKext->release(); |
10980 | } |
10981 | myResult = true; |
10982 | } |
10983 | if ( vm_kernel_etext != 0 && |
10984 | numberValue >= vm_kernel_stext && |
10985 | numberValue < vm_kernel_etext ) { |
10986 | IOLog("found addr %p from an OSData obj within kernel text segment %p to %p \n" , |
10987 | *(myPtrPtr), |
10988 | (void *) vm_kernel_stext, |
10989 | (void *) vm_kernel_etext); |
10990 | myResult = true; |
10991 | } |
10992 | myPtrPtr++; |
10993 | } |
10994 | } |
10995 | } |
10996 | else if ( myTypeID == OSTypeID(OSBoolean) ) { |
10997 | |
10998 | // do nothing here... |
10999 | } |
11000 | else if ( myTypeID == OSTypeID(OSNumber) ) { |
11001 | |
11002 | OSNumber * number = OSDynamicCast(OSNumber, theObject); |
11003 | |
11004 | UInt64 numberValue = number->unsigned64BitValue(); |
11005 | |
11006 | if ( kext_alloc_max != 0 && |
11007 | numberValue >= kext_alloc_base && |
11008 | numberValue < kext_alloc_max ) { |
11009 | |
11010 | OSKext * myKext = NULL; // must release (looked up) |
11011 | IOLog("found OSNumber in kext map %p to %p \n" , |
11012 | (void *) kext_alloc_base, |
11013 | (void *) kext_alloc_max); |
11014 | IOLog("OSNumber 0x%08llx (%llu) \n" , numberValue, numberValue); |
11015 | |
11016 | myKext = OSKext::lookupKextWithAddress( (vm_address_t) numberValue ); |
11017 | if (myKext) { |
11018 | IOLog("found in kext \"%s\" \n" , |
11019 | myKext->getIdentifierCString()); |
11020 | myKext->release(); |
11021 | } |
11022 | |
11023 | myResult = true; |
11024 | } |
11025 | if ( vm_kernel_etext != 0 && |
11026 | numberValue >= vm_kernel_stext && |
11027 | numberValue < vm_kernel_etext ) { |
11028 | IOLog("found OSNumber in kernel text segment %p to %p \n" , |
11029 | (void *) vm_kernel_stext, |
11030 | (void *) vm_kernel_etext); |
11031 | IOLog("OSNumber 0x%08llx (%llu) \n" , numberValue, numberValue); |
11032 | myResult = true; |
11033 | } |
11034 | } |
11035 | #if 0 |
11036 | else { |
11037 | const OSMetaClass* myMetaClass = NULL; |
11038 | |
11039 | myMetaClass = theObject->getMetaClass(); |
11040 | if ( myMetaClass ) { |
11041 | IOLog("class %s \n" , myMetaClass->getClassName() ); |
11042 | } |
11043 | else { |
11044 | IOLog("Unknown object \n" ); |
11045 | } |
11046 | } |
11047 | #endif |
11048 | |
11049 | return myResult; |
11050 | } |
11051 | #endif // KASLR_KEXT_DEBUG |
11052 | |
11053 | }; /* extern "C" */ |
11054 | |
11055 | #if PRAGMA_MARK |
11056 | #pragma mark Backtrace Dump & kmod_get_info() support |
11057 | #endif |
11058 | /********************************************************************* |
11059 | * This function must be safe to call in panic context. |
11060 | *********************************************************************/ |
11061 | /* static */ |
11062 | void |
11063 | OSKext::printKextsInBacktrace( |
11064 | vm_offset_t * addr __unused, |
11065 | unsigned int cnt __unused, |
11066 | int (* printf_func)(const char *fmt, ...) __unused, |
11067 | uint32_t flags __unused) |
11068 | { |
11069 | addr64_t summary_page = 0; |
11070 | addr64_t last_summary_page = 0; |
11071 | bool found_kmod = false; |
11072 | u_int i = 0; |
11073 | |
11074 | if (kPrintKextsLock & flags) { |
11075 | if (!sKextSummariesLock) return; |
11076 | IOLockLock(sKextSummariesLock); |
11077 | } |
11078 | |
11079 | if (!gLoadedKextSummaries) { |
11080 | (*printf_func)(" can't perform kext scan: no kext summary" ); |
11081 | goto finish; |
11082 | } |
11083 | |
11084 | summary_page = trunc_page((addr64_t)(uintptr_t)gLoadedKextSummaries); |
11085 | last_summary_page = round_page(summary_page + sLoadedKextSummariesAllocSize); |
11086 | for (; summary_page < last_summary_page; summary_page += PAGE_SIZE) { |
11087 | if (pmap_find_phys(kernel_pmap, summary_page) == 0) { |
11088 | (*printf_func)(" can't perform kext scan: " |
11089 | "missing kext summary page %p" , summary_page); |
11090 | goto finish; |
11091 | } |
11092 | } |
11093 | |
11094 | for (i = 0; i < gLoadedKextSummaries->numSummaries; ++i) { |
11095 | OSKextLoadedKextSummary * summary; |
11096 | |
11097 | summary = gLoadedKextSummaries->summaries + i; |
11098 | if (!summary->address) { |
11099 | continue; |
11100 | } |
11101 | |
11102 | if (!summaryIsInBacktrace(summary, addr, cnt)) { |
11103 | continue; |
11104 | } |
11105 | |
11106 | if (!found_kmod) { |
11107 | if (!(kPrintKextsTerse & flags)) { |
11108 | (*printf_func)(" Kernel Extensions in backtrace:\n" ); |
11109 | } |
11110 | found_kmod = true; |
11111 | } |
11112 | |
11113 | printSummary(summary, printf_func, flags); |
11114 | } |
11115 | |
11116 | finish: |
11117 | if (kPrintKextsLock & flags) { |
11118 | IOLockUnlock(sKextSummariesLock); |
11119 | } |
11120 | |
11121 | return; |
11122 | } |
11123 | |
11124 | /********************************************************************* |
11125 | * This function must be safe to call in panic context. |
11126 | *********************************************************************/ |
11127 | /* static */ |
11128 | boolean_t |
11129 | OSKext::summaryIsInBacktrace( |
11130 | OSKextLoadedKextSummary * summary, |
11131 | vm_offset_t * addr, |
11132 | unsigned int cnt) |
11133 | { |
11134 | u_int i = 0; |
11135 | |
11136 | for (i = 0; i < cnt; i++) { |
11137 | vm_offset_t kscan_addr = addr[i]; |
11138 | if ((kscan_addr >= summary->address) && |
11139 | (kscan_addr < (summary->address + summary->size))) |
11140 | { |
11141 | return TRUE; |
11142 | } |
11143 | } |
11144 | |
11145 | return FALSE; |
11146 | } |
11147 | |
11148 | /* |
11149 | * Get the kext summary object for the kext where 'addr' lies. Must be called with |
11150 | * sKextSummariesLock held. |
11151 | */ |
11152 | OSKextLoadedKextSummary * |
11153 | OSKext::summaryForAddress(const uintptr_t addr) |
11154 | { |
11155 | for (unsigned i = 0; i < gLoadedKextSummaries->numSummaries; ++i) { |
11156 | |
11157 | OSKextLoadedKextSummary *summary = &gLoadedKextSummaries->summaries[i]; |
11158 | if (!summary->address) { |
11159 | continue; |
11160 | } |
11161 | |
11162 | #if VM_MAPPED_KEXTS |
11163 | /* On our platforms that use VM_MAPPED_KEXTS, we currently do not |
11164 | * support split kexts, but we also may unmap the kexts, which can |
11165 | * race with the above codepath (see OSKext::unload). As such, |
11166 | * use a simple range lookup if we are using VM_MAPPED_KEXTS. |
11167 | */ |
11168 | if ((addr >= summary->address) && (addr < (summary->address + summary->size))) { |
11169 | return summary; |
11170 | } |
11171 | #else |
11172 | kernel_mach_header_t *mh = (kernel_mach_header_t *)summary->address; |
11173 | kernel_segment_command_t *seg; |
11174 | |
11175 | for (seg = firstsegfromheader(mh); seg != NULL; seg = nextsegfromheader(mh, seg)) { |
11176 | if ((addr >= seg->vmaddr) && (addr < (seg->vmaddr + seg->vmsize))) { |
11177 | return summary; |
11178 | } |
11179 | } |
11180 | #endif |
11181 | } |
11182 | |
11183 | /* addr did not map to any kext */ |
11184 | return NULL; |
11185 | } |
11186 | |
11187 | /* static */ |
11188 | void * |
11189 | OSKext::kextForAddress(const void *address) |
11190 | { |
11191 | void * image = NULL; |
11192 | OSKextActiveAccount * active; |
11193 | OSKext * kext = NULL; |
11194 | uint32_t baseIdx; |
11195 | uint32_t lim; |
11196 | uintptr_t addr = (uintptr_t) address; |
11197 | |
11198 | if (!addr) { |
11199 | return NULL; |
11200 | } |
11201 | |
11202 | if (sKextAccountsCount) |
11203 | { |
11204 | IOSimpleLockLock(sKextAccountsLock); |
11205 | // bsearch sKextAccounts list |
11206 | for (baseIdx = 0, lim = sKextAccountsCount; lim; lim >>= 1) |
11207 | { |
11208 | active = &sKextAccounts[baseIdx + (lim >> 1)]; |
11209 | if ((addr >= active->address) && (addr < active->address_end)) |
11210 | { |
11211 | kext = active->account->kext; |
11212 | if (kext && kext->kmod_info) image = (void *) kext->kmod_info->address; |
11213 | break; |
11214 | } |
11215 | else if (addr > active->address) |
11216 | { |
11217 | // move right |
11218 | baseIdx += (lim >> 1) + 1; |
11219 | lim--; |
11220 | } |
11221 | // else move left |
11222 | } |
11223 | IOSimpleLockUnlock(sKextAccountsLock); |
11224 | } |
11225 | if (!image && (addr >= vm_kernel_stext) && (addr < vm_kernel_etext)) |
11226 | { |
11227 | image = (void *) &_mh_execute_header; |
11228 | } |
11229 | |
11230 | return image; |
11231 | } |
11232 | |
11233 | /********************************************************************* |
11234 | * scan list of loaded kext summaries looking for a load address match and if |
11235 | * found return the UUID C string. If not found then set empty string. |
11236 | *********************************************************************/ |
11237 | static void findSummaryUUID( |
11238 | uint32_t tag_ID, |
11239 | uuid_string_t uuid); |
11240 | |
11241 | static void findSummaryUUID( |
11242 | uint32_t tag_ID, |
11243 | uuid_string_t uuid) |
11244 | { |
11245 | u_int i; |
11246 | |
11247 | uuid[0] = 0x00; // default to no UUID |
11248 | |
11249 | for (i = 0; i < gLoadedKextSummaries->numSummaries; ++i) { |
11250 | OSKextLoadedKextSummary * summary; |
11251 | |
11252 | summary = gLoadedKextSummaries->summaries + i; |
11253 | |
11254 | if (summary->loadTag == tag_ID) { |
11255 | (void) uuid_unparse(summary->uuid, uuid); |
11256 | break; |
11257 | } |
11258 | } |
11259 | return; |
11260 | } |
11261 | |
11262 | /********************************************************************* |
11263 | * This function must be safe to call in panic context. |
11264 | *********************************************************************/ |
11265 | void OSKext::printSummary( |
11266 | OSKextLoadedKextSummary * summary, |
11267 | int (* printf_func)(const char *fmt, ...), |
11268 | uint32_t flags) |
11269 | { |
11270 | kmod_reference_t * kmod_ref = NULL; |
11271 | uuid_string_t uuid; |
11272 | char version[kOSKextVersionMaxLength]; |
11273 | uint64_t tmpAddr; |
11274 | |
11275 | if (!OSKextVersionGetString(summary->version, version, sizeof(version))) { |
11276 | strlcpy(version, "unknown version" , sizeof(version)); |
11277 | } |
11278 | (void) uuid_unparse(summary->uuid, uuid); |
11279 | |
11280 | if (kPrintKextsUnslide & flags) { |
11281 | tmpAddr = ml_static_unslide(summary->address); |
11282 | } |
11283 | else { |
11284 | tmpAddr = summary->address; |
11285 | } |
11286 | (*printf_func)("%s%s(%s)[%s]@0x%llx->0x%llx\n" , |
11287 | (kPrintKextsTerse & flags) ? "" : " " , |
11288 | summary->name, version, uuid, |
11289 | tmpAddr, tmpAddr + summary->size - 1); |
11290 | |
11291 | if (kPrintKextsTerse & flags) return; |
11292 | |
11293 | /* print dependency info */ |
11294 | for (kmod_ref = (kmod_reference_t *) summary->reference_list; |
11295 | kmod_ref; |
11296 | kmod_ref = kmod_ref->next) { |
11297 | kmod_info_t * rinfo; |
11298 | |
11299 | if (pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)kmod_ref)) == 0) { |
11300 | (*printf_func)(" kmod dependency scan stopped " |
11301 | "due to missing dependency page: %p\n" , |
11302 | (kPrintKextsUnslide & flags) ? (void *)ml_static_unslide((vm_offset_t)kmod_ref) : kmod_ref); |
11303 | break; |
11304 | } |
11305 | rinfo = kmod_ref->info; |
11306 | |
11307 | if (pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)rinfo)) == 0) { |
11308 | (*printf_func)(" kmod dependency scan stopped " |
11309 | "due to missing kmod page: %p\n" , |
11310 | (kPrintKextsUnslide & flags) ? (void *)ml_static_unslide((vm_offset_t)rinfo) : rinfo); |
11311 | break; |
11312 | } |
11313 | |
11314 | if (!rinfo->address) { |
11315 | continue; // skip fake entries for built-ins |
11316 | } |
11317 | |
11318 | /* locate UUID in gLoadedKextSummaries */ |
11319 | findSummaryUUID(rinfo->id, uuid); |
11320 | |
11321 | if (kPrintKextsUnslide & flags) { |
11322 | tmpAddr = ml_static_unslide(rinfo->address); |
11323 | } |
11324 | else { |
11325 | tmpAddr = rinfo->address; |
11326 | } |
11327 | (*printf_func)(" dependency: %s(%s)[%s]@%p\n" , |
11328 | rinfo->name, rinfo->version, uuid, tmpAddr); |
11329 | } |
11330 | return; |
11331 | } |
11332 | |
11333 | |
11334 | /******************************************************************************* |
11335 | * substitute() looks at an input string (a pointer within a larger buffer) |
11336 | * for a match to a substring, and on match it writes the marker & substitution |
11337 | * character to an output string, updating the scan (from) and |
11338 | * output (to) indexes as appropriate. |
11339 | *******************************************************************************/ |
11340 | static int substitute( |
11341 | const char * scan_string, |
11342 | char * string_out, |
11343 | uint32_t * to_index, |
11344 | uint32_t * from_index, |
11345 | const char * substring, |
11346 | char marker, |
11347 | char substitution); |
11348 | |
11349 | /* string_out must be at least KMOD_MAX_NAME bytes. |
11350 | */ |
11351 | static int |
11352 | substitute( |
11353 | const char * scan_string, |
11354 | char * string_out, |
11355 | uint32_t * to_index, |
11356 | uint32_t * from_index, |
11357 | const char * substring, |
11358 | char marker, |
11359 | char substitution) |
11360 | { |
11361 | uint32_t substring_length = strnlen(substring, KMOD_MAX_NAME - 1); |
11362 | |
11363 | /* On a substring match, append the marker (if there is one) and then |
11364 | * the substitution character, updating the output (to) index accordingly. |
11365 | * Then update the input (from) length by the length of the substring |
11366 | * that got replaced. |
11367 | */ |
11368 | if (!strncmp(scan_string, substring, substring_length)) { |
11369 | if (marker) { |
11370 | string_out[(*to_index)++] = marker; |
11371 | } |
11372 | string_out[(*to_index)++] = substitution; |
11373 | (*from_index) += substring_length; |
11374 | return 1; |
11375 | } |
11376 | return 0; |
11377 | } |
11378 | |
11379 | /******************************************************************************* |
11380 | * compactIdentifier() takes a CFBundleIdentifier in a buffer of at least |
11381 | * KMOD_MAX_NAME characters and performs various substitutions of common |
11382 | * prefixes & substrings as defined by tables in kext_panic_report.h. |
11383 | *******************************************************************************/ |
11384 | static void compactIdentifier( |
11385 | const char * identifier, |
11386 | char * identifier_out, |
11387 | char ** identifier_out_end); |
11388 | |
11389 | static void |
11390 | compactIdentifier( |
11391 | const char * identifier, |
11392 | char * identifier_out, |
11393 | char ** identifier_out_end) |
11394 | { |
11395 | uint32_t from_index, to_index; |
11396 | uint32_t scan_from_index = 0; |
11397 | uint32_t scan_to_index = 0; |
11398 | subs_entry_t * subs_entry = NULL; |
11399 | int did_sub = 0; |
11400 | |
11401 | from_index = to_index = 0; |
11402 | identifier_out[0] = '\0'; |
11403 | |
11404 | /* Replace certain identifier prefixes with shorter @+character sequences. |
11405 | * Check the return value of substitute() so we only replace the prefix. |
11406 | */ |
11407 | for (subs_entry = &kext_identifier_prefix_subs[0]; |
11408 | subs_entry->substring && !did_sub; |
11409 | subs_entry++) { |
11410 | |
11411 | did_sub = substitute(identifier, identifier_out, |
11412 | &scan_to_index, &scan_from_index, |
11413 | subs_entry->substring, /* marker */ '\0', subs_entry->substitute); |
11414 | } |
11415 | did_sub = 0; |
11416 | |
11417 | /* Now scan through the identifier looking for the common substrings |
11418 | * and replacing them with shorter !+character sequences via substitute(). |
11419 | */ |
11420 | for (/* see above */; |
11421 | scan_from_index < KMOD_MAX_NAME - 1 && identifier[scan_from_index]; |
11422 | /* see loop */) { |
11423 | |
11424 | const char * scan_string = &identifier[scan_from_index]; |
11425 | |
11426 | did_sub = 0; |
11427 | |
11428 | if (scan_from_index) { |
11429 | for (subs_entry = &kext_identifier_substring_subs[0]; |
11430 | subs_entry->substring && !did_sub; |
11431 | subs_entry++) { |
11432 | |
11433 | did_sub = substitute(scan_string, identifier_out, |
11434 | &scan_to_index, &scan_from_index, |
11435 | subs_entry->substring, '!', subs_entry->substitute); |
11436 | } |
11437 | } |
11438 | |
11439 | /* If we didn't substitute, copy the input character to the output. |
11440 | */ |
11441 | if (!did_sub) { |
11442 | identifier_out[scan_to_index++] = identifier[scan_from_index++]; |
11443 | } |
11444 | } |
11445 | |
11446 | identifier_out[scan_to_index] = '\0'; |
11447 | if (identifier_out_end) { |
11448 | *identifier_out_end = &identifier_out[scan_to_index]; |
11449 | } |
11450 | |
11451 | return; |
11452 | } |
11453 | |
11454 | /******************************************************************************* |
11455 | * assemble_identifier_and_version() adds to a string buffer a compacted |
11456 | * bundle identifier followed by a version string. |
11457 | *******************************************************************************/ |
11458 | |
11459 | /* identPlusVers must be at least 2*KMOD_MAX_NAME in length. |
11460 | */ |
11461 | static int assemble_identifier_and_version( |
11462 | kmod_info_t * kmod_info, |
11463 | char * identPlusVers, |
11464 | int bufSize); |
11465 | |
11466 | static int |
11467 | assemble_identifier_and_version( |
11468 | kmod_info_t * kmod_info, |
11469 | char * identPlusVers, |
11470 | int bufSize) |
11471 | { |
11472 | int result = 0; |
11473 | |
11474 | compactIdentifier(kmod_info->name, identPlusVers, NULL); |
11475 | result = strnlen(identPlusVers, KMOD_MAX_NAME - 1); |
11476 | identPlusVers[result++] = '\t'; // increment for real char |
11477 | identPlusVers[result] = '\0'; // don't increment for nul char |
11478 | result = strlcat(identPlusVers, kmod_info->version, bufSize); |
11479 | if (result >= bufSize) { |
11480 | identPlusVers[bufSize - 1] = '\0'; |
11481 | result = bufSize - 1; |
11482 | } |
11483 | |
11484 | return result; |
11485 | } |
11486 | |
11487 | /******************************************************************************* |
11488 | * Assumes sKextLock is held. |
11489 | *******************************************************************************/ |
11490 | /* static */ |
11491 | int |
11492 | OSKext::saveLoadedKextPanicListTyped( |
11493 | const char * prefix, |
11494 | int invertFlag, |
11495 | int libsFlag, |
11496 | char * paniclist, |
11497 | uint32_t list_size) |
11498 | { |
11499 | int result = -1; |
11500 | unsigned int count, i; |
11501 | |
11502 | count = sLoadedKexts->getCount(); |
11503 | if (!count) { |
11504 | goto finish; |
11505 | } |
11506 | |
11507 | i = count - 1; |
11508 | do { |
11509 | OSObject * rawKext = sLoadedKexts->getObject(i); |
11510 | OSKext * theKext = OSDynamicCast(OSKext, rawKext); |
11511 | int match; |
11512 | uint32_t identPlusVersLength; |
11513 | uint32_t tempLen; |
11514 | char identPlusVers[2*KMOD_MAX_NAME]; |
11515 | |
11516 | if (!rawKext) { |
11517 | printf("OSKext::saveLoadedKextPanicListTyped - " |
11518 | "NULL kext in loaded kext list; continuing\n" ); |
11519 | continue; |
11520 | } |
11521 | |
11522 | if (!theKext) { |
11523 | printf("OSKext::saveLoadedKextPanicListTyped - " |
11524 | "Kext type cast failed in loaded kext list; continuing\n" ); |
11525 | continue; |
11526 | } |
11527 | |
11528 | /* Skip all built-in kexts. |
11529 | */ |
11530 | if (theKext->isKernelComponent()) { |
11531 | continue; |
11532 | } |
11533 | |
11534 | kmod_info_t * kmod_info = theKext->kmod_info; |
11535 | |
11536 | /* Filter for kmod name (bundle identifier). |
11537 | */ |
11538 | match = !strncmp(kmod_info->name, prefix, strnlen(prefix, KMOD_MAX_NAME)); |
11539 | if ((match && invertFlag) || (!match && !invertFlag)) { |
11540 | continue; |
11541 | } |
11542 | |
11543 | /* Filter for libraries (kexts that have a compatible version). |
11544 | */ |
11545 | if ((libsFlag == 0 && theKext->getCompatibleVersion() > 1) || |
11546 | (libsFlag == 1 && theKext->getCompatibleVersion() < 1)) { |
11547 | |
11548 | continue; |
11549 | } |
11550 | |
11551 | if (!kmod_info || |
11552 | !pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)kmod_info))) { |
11553 | |
11554 | printf("kext scan stopped due to missing kmod_info page: %p\n" , |
11555 | kmod_info); |
11556 | goto finish; |
11557 | } |
11558 | |
11559 | identPlusVersLength = assemble_identifier_and_version(kmod_info, |
11560 | identPlusVers, |
11561 | sizeof(identPlusVers)); |
11562 | if (!identPlusVersLength) { |
11563 | printf("error saving loaded kext info\n" ); |
11564 | goto finish; |
11565 | } |
11566 | |
11567 | /* make sure everything fits and we null terminate. |
11568 | */ |
11569 | tempLen = strlcat(paniclist, identPlusVers, list_size); |
11570 | if (tempLen >= list_size) { |
11571 | // panic list is full, keep it and null terminate |
11572 | paniclist[list_size - 1] = 0x00; |
11573 | result = 0; |
11574 | goto finish; |
11575 | } |
11576 | tempLen = strlcat(paniclist, "\n" , list_size); |
11577 | if (tempLen >= list_size) { |
11578 | // panic list is full, keep it and null terminate |
11579 | paniclist[list_size - 1] = 0x00; |
11580 | result = 0; |
11581 | goto finish; |
11582 | } |
11583 | } while (i--); |
11584 | |
11585 | result = 0; |
11586 | finish: |
11587 | |
11588 | return result; |
11589 | } |
11590 | |
11591 | /********************************************************************* |
11592 | *********************************************************************/ |
11593 | /* static */ |
11594 | void |
11595 | OSKext::saveLoadedKextPanicList(void) |
11596 | { |
11597 | char * newlist = NULL; |
11598 | uint32_t newlist_size = 0; |
11599 | |
11600 | newlist_size = KEXT_PANICLIST_SIZE; |
11601 | newlist = (char *)kalloc_tag(newlist_size, VM_KERN_MEMORY_OSKEXT); |
11602 | |
11603 | if (!newlist) { |
11604 | OSKextLog(/* kext */ NULL, |
11605 | kOSKextLogErrorLevel | kOSKextLogGeneralFlag, |
11606 | "Couldn't allocate kext panic log buffer." ); |
11607 | goto finish; |
11608 | } |
11609 | |
11610 | newlist[0] = '\0'; |
11611 | |
11612 | // non-"com.apple." kexts |
11613 | if (OSKext::saveLoadedKextPanicListTyped("com.apple." , /* invert? */ 1, |
11614 | /* libs? */ -1, newlist, newlist_size) != 0) { |
11615 | |
11616 | goto finish; |
11617 | } |
11618 | // "com.apple." nonlibrary kexts |
11619 | if (OSKext::saveLoadedKextPanicListTyped("com.apple." , /* invert? */ 0, |
11620 | /* libs? */ 0, newlist, newlist_size) != 0) { |
11621 | |
11622 | goto finish; |
11623 | } |
11624 | // "com.apple." library kexts |
11625 | if (OSKext::saveLoadedKextPanicListTyped("com.apple." , /* invert? */ 0, |
11626 | /* libs? */ 1, newlist, newlist_size) != 0) { |
11627 | |
11628 | goto finish; |
11629 | } |
11630 | |
11631 | if (loaded_kext_paniclist) { |
11632 | kfree(loaded_kext_paniclist, loaded_kext_paniclist_size); |
11633 | } |
11634 | loaded_kext_paniclist = newlist; |
11635 | newlist = NULL; |
11636 | loaded_kext_paniclist_size = newlist_size; |
11637 | |
11638 | finish: |
11639 | if (newlist) { |
11640 | kfree(newlist, newlist_size); |
11641 | } |
11642 | return; |
11643 | } |
11644 | |
11645 | /********************************************************************* |
11646 | * Assumes sKextLock is held. |
11647 | *********************************************************************/ |
11648 | void |
11649 | OSKext::savePanicString(bool isLoading) |
11650 | { |
11651 | u_long len; |
11652 | |
11653 | if (!kmod_info) { |
11654 | return; // do not goto finish here b/c of lock |
11655 | } |
11656 | |
11657 | len = assemble_identifier_and_version( kmod_info, |
11658 | (isLoading) ? last_loaded_str_buf : last_unloaded_str_buf, |
11659 | (isLoading) ? sizeof(last_loaded_str_buf) : sizeof(last_unloaded_str_buf) ); |
11660 | if (!len) { |
11661 | printf("error saving unloaded kext info\n" ); |
11662 | goto finish; |
11663 | } |
11664 | |
11665 | if (isLoading) { |
11666 | last_loaded_strlen = len; |
11667 | last_loaded_address = (void *)kmod_info->address; |
11668 | last_loaded_size = kmod_info->size; |
11669 | clock_get_uptime(&last_loaded_timestamp); |
11670 | } else { |
11671 | last_unloaded_strlen = len; |
11672 | last_unloaded_address = (void *)kmod_info->address; |
11673 | last_unloaded_size = kmod_info->size; |
11674 | clock_get_uptime(&last_unloaded_timestamp); |
11675 | } |
11676 | |
11677 | finish: |
11678 | return; |
11679 | } |
11680 | |
11681 | /********************************************************************* |
11682 | *********************************************************************/ |
11683 | /* static */ |
11684 | void |
11685 | OSKext::printKextPanicLists(int (*printf_func)(const char *fmt, ...)) |
11686 | { |
11687 | if (last_loaded_strlen) { |
11688 | printf_func("last loaded kext at %llu: %.*s (addr %p, size %lu)\n" , |
11689 | AbsoluteTime_to_scalar(&last_loaded_timestamp), |
11690 | last_loaded_strlen, last_loaded_str_buf, |
11691 | last_loaded_address, last_loaded_size); |
11692 | } |
11693 | |
11694 | if (last_unloaded_strlen) { |
11695 | printf_func("last unloaded kext at %llu: %.*s (addr %p, size %lu)\n" , |
11696 | AbsoluteTime_to_scalar(&last_unloaded_timestamp), |
11697 | last_unloaded_strlen, last_unloaded_str_buf, |
11698 | last_unloaded_address, last_unloaded_size); |
11699 | } |
11700 | |
11701 | printf_func("loaded kexts:\n" ); |
11702 | if (loaded_kext_paniclist && |
11703 | pmap_find_phys(kernel_pmap, (addr64_t) (uintptr_t) loaded_kext_paniclist) && |
11704 | loaded_kext_paniclist[0]) { |
11705 | |
11706 | printf_func("%.*s" , |
11707 | strnlen(loaded_kext_paniclist, loaded_kext_paniclist_size), |
11708 | loaded_kext_paniclist); |
11709 | } else { |
11710 | printf_func("(none)\n" ); |
11711 | } |
11712 | return; |
11713 | } |
11714 | |
11715 | /********************************************************************* |
11716 | * Assumes sKextLock is held. |
11717 | *********************************************************************/ |
11718 | /* static */ |
11719 | void |
11720 | OSKext::updateLoadedKextSummaries(void) |
11721 | { |
11722 | kern_return_t result = KERN_FAILURE; |
11723 | OSKextLoadedKextSummaryHeader * = NULL; |
11724 | OSKextLoadedKextSummaryHeader * = NULL; |
11725 | OSKext *aKext; |
11726 | vm_map_offset_t start, end; |
11727 | size_t summarySize = 0; |
11728 | size_t size; |
11729 | u_int count; |
11730 | u_int maxKexts; |
11731 | u_int i, j; |
11732 | OSKextActiveAccount * accountingList; |
11733 | OSKextActiveAccount * prevAccountingList; |
11734 | uint32_t idx, accountingListAlloc, accountingListCount, prevAccountingListCount; |
11735 | |
11736 | prevAccountingList = NULL; |
11737 | prevAccountingListCount = 0; |
11738 | |
11739 | #if DEVELOPMENT || DEBUG |
11740 | if (IORecursiveLockHaveLock(sKextLock) == false) { |
11741 | panic("sKextLock must be held" ); |
11742 | } |
11743 | #endif |
11744 | |
11745 | IOLockLock(sKextSummariesLock); |
11746 | |
11747 | count = sLoadedKexts->getCount(); |
11748 | for (i = 0, maxKexts = 0; i < count; ++i) { |
11749 | aKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
11750 | maxKexts += (aKext && aKext->isExecutable()); |
11751 | } |
11752 | |
11753 | if (!maxKexts) goto finish; |
11754 | if (maxKexts < kOSKextTypicalLoadCount) maxKexts = kOSKextTypicalLoadCount; |
11755 | |
11756 | /* Calculate the size needed for the new summary headers. |
11757 | */ |
11758 | |
11759 | size = sizeof(*gLoadedKextSummaries); |
11760 | size += maxKexts * sizeof(*gLoadedKextSummaries->summaries); |
11761 | size = round_page(size); |
11762 | |
11763 | if (gLoadedKextSummaries == NULL || sLoadedKextSummariesAllocSize < size) { |
11764 | if (gLoadedKextSummaries) { |
11765 | kmem_free(kernel_map, (vm_offset_t)gLoadedKextSummaries, sLoadedKextSummariesAllocSize); |
11766 | gLoadedKextSummaries = NULL; |
11767 | gLoadedKextSummariesTimestamp = mach_absolute_time(); |
11768 | sLoadedKextSummariesAllocSize = 0; |
11769 | } |
11770 | result = kmem_alloc(kernel_map, (vm_offset_t *)&summaryHeaderAlloc, size, VM_KERN_MEMORY_OSKEXT); |
11771 | if (result != KERN_SUCCESS) goto finish; |
11772 | summaryHeader = summaryHeaderAlloc; |
11773 | summarySize = size; |
11774 | } |
11775 | else { |
11776 | summaryHeader = gLoadedKextSummaries; |
11777 | summarySize = sLoadedKextSummariesAllocSize; |
11778 | |
11779 | start = (vm_map_offset_t) summaryHeader; |
11780 | end = start + summarySize; |
11781 | result = vm_map_protect(kernel_map, |
11782 | start, |
11783 | end, |
11784 | VM_PROT_DEFAULT, |
11785 | FALSE); |
11786 | if (result != KERN_SUCCESS) goto finish; |
11787 | } |
11788 | |
11789 | /* Populate the summary header. |
11790 | */ |
11791 | |
11792 | bzero(summaryHeader, summarySize); |
11793 | summaryHeader->version = kOSKextLoadedKextSummaryVersion; |
11794 | summaryHeader->entry_size = sizeof(OSKextLoadedKextSummary); |
11795 | |
11796 | /* Populate each kext summary. |
11797 | */ |
11798 | |
11799 | count = sLoadedKexts->getCount(); |
11800 | accountingListAlloc = 0; |
11801 | for (i = 0, j = 0; i < count && j < maxKexts; ++i) { |
11802 | aKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
11803 | if (!aKext || !aKext->isExecutable()) { |
11804 | continue; |
11805 | } |
11806 | |
11807 | aKext->updateLoadedKextSummary(&summaryHeader->summaries[j++]); |
11808 | summaryHeader->numSummaries++; |
11809 | accountingListAlloc++; |
11810 | } |
11811 | |
11812 | accountingList = IONew(typeof(accountingList[0]), accountingListAlloc); |
11813 | accountingListCount = 0; |
11814 | for (i = 0, j = 0; i < count && j < maxKexts; ++i) { |
11815 | aKext = OSDynamicCast(OSKext, sLoadedKexts->getObject(i)); |
11816 | if (!aKext || !aKext->isExecutable()) { |
11817 | continue; |
11818 | } |
11819 | |
11820 | OSKextActiveAccount activeAccount; |
11821 | aKext->updateActiveAccount(&activeAccount); |
11822 | // order by address |
11823 | for (idx = 0; idx < accountingListCount; idx++) |
11824 | { |
11825 | if (activeAccount.address < accountingList[idx].address) break; |
11826 | } |
11827 | bcopy(&accountingList[idx], &accountingList[idx + 1], (accountingListCount - idx) * sizeof(accountingList[0])); |
11828 | accountingList[idx] = activeAccount; |
11829 | accountingListCount++; |
11830 | } |
11831 | assert(accountingListCount == accountingListAlloc); |
11832 | /* Write protect the buffer and move it into place. |
11833 | */ |
11834 | |
11835 | start = (vm_map_offset_t) summaryHeader; |
11836 | end = start + summarySize; |
11837 | |
11838 | result = vm_map_protect(kernel_map, start, end, VM_PROT_READ, FALSE); |
11839 | if (result != KERN_SUCCESS) |
11840 | goto finish; |
11841 | |
11842 | gLoadedKextSummaries = summaryHeader; |
11843 | gLoadedKextSummariesTimestamp = mach_absolute_time(); |
11844 | sLoadedKextSummariesAllocSize = summarySize; |
11845 | summaryHeaderAlloc = NULL; |
11846 | |
11847 | /* Call the magic breakpoint function through a static function pointer so |
11848 | * the compiler can't optimize the function away. |
11849 | */ |
11850 | if (sLoadedKextSummariesUpdated) (*sLoadedKextSummariesUpdated)(); |
11851 | |
11852 | IOSimpleLockLock(sKextAccountsLock); |
11853 | prevAccountingList = sKextAccounts; |
11854 | prevAccountingListCount = sKextAccountsCount; |
11855 | sKextAccounts = accountingList; |
11856 | sKextAccountsCount = accountingListCount; |
11857 | IOSimpleLockUnlock(sKextAccountsLock); |
11858 | |
11859 | finish: |
11860 | IOLockUnlock(sKextSummariesLock); |
11861 | |
11862 | /* If we had to allocate a new buffer but failed to generate the summaries, |
11863 | * free that now. |
11864 | */ |
11865 | if (summaryHeaderAlloc) { |
11866 | kmem_free(kernel_map, (vm_offset_t)summaryHeaderAlloc, summarySize); |
11867 | } |
11868 | if (prevAccountingList) { |
11869 | IODelete(prevAccountingList, typeof(accountingList[0]), prevAccountingListCount); |
11870 | } |
11871 | |
11872 | return; |
11873 | } |
11874 | |
11875 | /********************************************************************* |
11876 | *********************************************************************/ |
11877 | void |
11878 | OSKext::updateLoadedKextSummary(OSKextLoadedKextSummary *summary) |
11879 | { |
11880 | OSData *uuid; |
11881 | |
11882 | strlcpy(summary->name, getIdentifierCString(), |
11883 | sizeof(summary->name)); |
11884 | |
11885 | uuid = copyUUID(); |
11886 | if (uuid) { |
11887 | memcpy(summary->uuid, uuid->getBytesNoCopy(), sizeof(summary->uuid)); |
11888 | OSSafeReleaseNULL(uuid); |
11889 | } |
11890 | |
11891 | if (flags.builtin) { |
11892 | // this value will stop lldb from parsing the mach-o header |
11893 | // summary->address = UINT64_MAX; |
11894 | // summary->size = 0; |
11895 | summary->address = kmod_info->address; |
11896 | summary->size = kmod_info->size; |
11897 | } else { |
11898 | summary->address = kmod_info->address; |
11899 | summary->size = kmod_info->size; |
11900 | } |
11901 | summary->version = getVersion(); |
11902 | summary->loadTag = kmod_info->id; |
11903 | summary->flags = 0; |
11904 | summary->reference_list = (uint64_t) kmod_info->reference_list; |
11905 | |
11906 | return; |
11907 | } |
11908 | |
11909 | /********************************************************************* |
11910 | *********************************************************************/ |
11911 | |
11912 | void |
11913 | OSKext::updateActiveAccount(OSKextActiveAccount *accountp) |
11914 | { |
11915 | kernel_mach_header_t *hdr = NULL; |
11916 | kernel_segment_command_t *seg = NULL; |
11917 | |
11918 | bzero(accountp, sizeof(*accountp)); |
11919 | |
11920 | hdr = (kernel_mach_header_t *)kmod_info->address; |
11921 | if (getcommandfromheader(hdr, LC_SEGMENT_SPLIT_INFO)) { |
11922 | /* If this kext supports split segments, use the first |
11923 | * executable segment as the range for instructions |
11924 | * (and thus for backtracing. |
11925 | */ |
11926 | for (seg = firstsegfromheader(hdr); seg != NULL; seg = nextsegfromheader(hdr, seg)) { |
11927 | if (seg->initprot & VM_PROT_EXECUTE) { |
11928 | break; |
11929 | } |
11930 | } |
11931 | } |
11932 | if (seg) { |
11933 | accountp->address = seg->vmaddr; |
11934 | if (accountp->address) { |
11935 | accountp->address_end = seg->vmaddr + seg->vmsize; |
11936 | } |
11937 | } else { |
11938 | /* For non-split kexts and for kexts without executable |
11939 | * segments, just use the kmod_info range (as the kext |
11940 | * is either all in one range or should not show up in |
11941 | * instruction backtraces). |
11942 | */ |
11943 | accountp->address = kmod_info->address; |
11944 | if (accountp->address) { |
11945 | accountp->address_end = kmod_info->address + kmod_info->size; |
11946 | } |
11947 | } |
11948 | |
11949 | accountp->account = this->account; |
11950 | } |
11951 | |
11952 | extern "C" const vm_allocation_site_t * |
11953 | OSKextGetAllocationSiteForCaller(uintptr_t address) |
11954 | { |
11955 | OSKextActiveAccount * active; |
11956 | vm_allocation_site_t * site; |
11957 | vm_allocation_site_t * releasesite; |
11958 | |
11959 | uint32_t baseIdx; |
11960 | uint32_t lim; |
11961 | |
11962 | IOSimpleLockLock(sKextAccountsLock); |
11963 | site = releasesite = NULL; |
11964 | |
11965 | // bsearch sKextAccounts list |
11966 | for (baseIdx = 0, lim = sKextAccountsCount; lim; lim >>= 1) |
11967 | { |
11968 | active = &sKextAccounts[baseIdx + (lim >> 1)]; |
11969 | if ((address >= active->address) && (address < active->address_end)) |
11970 | { |
11971 | site = &active->account->site; |
11972 | if (!site->tag) vm_tag_alloc_locked(site, &releasesite); |
11973 | break; |
11974 | } |
11975 | else if (address > active->address) |
11976 | { |
11977 | // move right |
11978 | baseIdx += (lim >> 1) + 1; |
11979 | lim--; |
11980 | } |
11981 | // else move left |
11982 | } |
11983 | IOSimpleLockUnlock(sKextAccountsLock); |
11984 | if (releasesite) kern_allocation_name_release(releasesite); |
11985 | |
11986 | return (site); |
11987 | } |
11988 | |
11989 | extern "C" uint32_t |
11990 | OSKextGetKmodIDForSite(const vm_allocation_site_t * site, char * name, vm_size_t namelen) |
11991 | { |
11992 | OSKextAccount * account = (typeof(account)) site; |
11993 | const char * kname; |
11994 | |
11995 | if (name) |
11996 | { |
11997 | if (account->kext) kname = account->kext->getIdentifierCString(); |
11998 | else kname = "<>" ; |
11999 | strlcpy(name, kname, namelen); |
12000 | } |
12001 | |
12002 | return (account->loadTag); |
12003 | } |
12004 | |
12005 | extern "C" void |
12006 | OSKextFreeSite(vm_allocation_site_t * site) |
12007 | { |
12008 | OSKextAccount * freeAccount = (typeof(freeAccount)) site; |
12009 | IODelete(freeAccount, OSKextAccount, 1); |
12010 | } |
12011 | |
12012 | /********************************************************************* |
12013 | *********************************************************************/ |
12014 | |
12015 | #if CONFIG_IMAGEBOOT |
12016 | int OSKextGetUUIDForName(const char *name, uuid_t uuid) |
12017 | { |
12018 | OSKext *kext = OSKext::lookupKextWithIdentifier(name); |
12019 | if (!kext) { |
12020 | return 1; |
12021 | } |
12022 | |
12023 | OSData *uuid_data = kext->copyUUID(); |
12024 | if (uuid_data) { |
12025 | memcpy(uuid, uuid_data->getBytesNoCopy(), sizeof(uuid_t)); |
12026 | OSSafeReleaseNULL(uuid_data); |
12027 | return 0; |
12028 | } |
12029 | |
12030 | return 1; |
12031 | } |
12032 | #endif |
12033 | |