kcdata.h source code [xnu/osfmk/kern/kcdata.h]

1	/*
2	* Copyright (c) 2015 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29
30	/*
31	*
32	* THE KCDATA MANIFESTO
33	*
34	* Kcdata is a self-describing data serialization format. It is meant to get
35	* nested data structures out of xnu with minimum fuss, but also for that data
36	* to be easy to parse. It is also meant to allow us to add new fields and
37	* evolve the data format without breaking old parsers.
38	*
39	* Kcdata is a permanent data format suitable for long-term storage including
40	* in files. It is very important that we continue to be able to parse old
41	* versions of kcdata-based formats. To this end, there are several
42	* invariants you MUST MAINTAIN if you alter this file.
43	*
44	* * None of the magic numbers should ever be a byteswap of themselves or
45	* of any of the other magic numbers.
46	*
47	* * Never remove any type.
48	*
49	* * All kcdata structs must be packed, and must exclusively use fixed-size
50	* types.
51	*
52	* * Never change the definition of any type, except to add new fields to
53	* the end.
54	*
55	* * If you do add new fields to the end of a type, do not actually change
56	* the definition of the old structure. Instead, define a new structure
57	* with the new fields. See thread_snapshot_v3 as an example. This
58	* provides source compatibility for old readers, and also documents where
59	* the potential size cutoffs are.
60	*
61	* * If you change libkdd, or kcdata.py run the unit tests under libkdd.
62	*
63	* * If you add a type or extend an existing one, add a sample test to
64	* libkdd/tests so future changes to libkdd will always parse your struct
65	* correctly.
66	*
67	* For example to add a field to this:
68	*
69	* struct foobar {
70	* uint32_t baz;
71	* uint32_t quux;
72	* } __attribute__ ((packed));
73	*
74	* Make it look like this:
75	*
76	* struct foobar {
77	* uint32_t baz;
78	* uint32_t quux;
79	* ///////// end version 1 of foobar. sizeof(struct foobar) was 8 ////////
80	* uint32_t frozzle;
81	* } __attribute__ ((packed));
82	*
83	* If you are parsing kcdata formats, you MUST
84	*
85	* * Check the length field of each struct, including array elements. If the
86	* struct is longer than you expect, you must ignore the extra data.
87	*
88	* * Ignore any data types you do not understand.
89	*
90	* Additionally, we want to be as forward compatible as we can. Meaning old
91	* tools should still be able to use new data whenever possible. To this end,
92	* you should:
93	*
94	* * Try not to add new versions of types that supplant old ones. Instead
95	* extend the length of existing types or add supplemental types.
96	*
97	* * Try not to remove information from existing kcdata formats, unless
98	* removal was explicitly asked for. For example it is fine to add a
99	* stackshot flag to remove unwanted information, but you should not
100	* remove it from the default stackshot if the new flag is absent.
101	*
102	* * (TBD) If you do break old readers by removing information or
103	* supplanting old structs, then increase the major version number.
104	*
105	*
106	*
107	* The following is a description of the kcdata format.
108	*
109	*
110	* The format for data is setup in a generic format as follows
111	*
112	* Layout of data structure:
113	*
114	* \| 8 - bytes \|
115	* \| type = MAGIC \| LENGTH \|
116	* \| 0 \|
117	* \| type \| size \|
118	* \| flags \|
119	* \| data \|
120	* \|___________data____________\|
121	* \| type \| size \|
122	* \| flags \|
123	* \|___________data____________\|
124	* \| type = END \| size=0 \|
125	* \| 0 \|
126	*
127	*
128	* The type field describes what kind of data is passed. For example type = TASK_CRASHINFO_UUID means the following data is a uuid.
129	* These types need to be defined in task_corpses.h for easy consumption by userspace inspection tools.
130	*
131	* Some range of types is reserved for special types like ints, longs etc. A cool new functionality made possible with this
132	* extensible data format is that kernel can decide to put more information as required without requiring user space tools to
133	* re-compile to be compatible. The case of rusage struct versions could be introduced without breaking existing tools.
134	*
135	* Feature description: Generic data with description
136	* -------------------
137	* Further more generic data with description is very much possible now. For example
138	*
139	* - kcdata_add_uint64_with_description(cdatainfo, 0x700, "NUM MACH PORTS");
140	* - and more functions that allow adding description.
141	* The userspace tools can then look at the description and print the data even if they are not compiled with knowledge of the field apriori.
142	*
143	* Example data:
144	* 0000 57 f1 ad de 00 00 00 00 00 00 00 00 00 00 00 00 W...............
145	* 0010 01 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 ........0.......
146	* 0020 50 49 44 00 00 00 00 00 00 00 00 00 00 00 00 00 PID.............
147	* 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
148	* 0040 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
149	* 0050 01 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 ........0.......
150	* 0060 50 41 52 45 4e 54 20 50 49 44 00 00 00 00 00 00 PARENT PID......
151	* 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
152	* 0080 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
153	* 0090 ed 58 91 f1
154	*
155	* Feature description: Container markers for compound data
156	* ------------------
157	* If a given kernel data type is complex and requires adding multiple optional fields inside a container
158	* object for a consumer to understand arbitrary data, we package it using container markers.
159	*
160	* For example, the stackshot code gathers information and describes the state of a given task with respect
161	* to many subsystems. It includes data such as io stats, vm counters, process names/flags and syscall counts.
162	*
163	* kcdata_add_container_marker(kcdata_p, KCDATA_TYPE_CONTAINER_BEGIN, STACKSHOT_KCCONTAINER_TASK, task_uniqueid);
164	* // add multiple data, or add_<type>_with_description()s here
165	*
166	* kcdata_add_container_marker(kcdata_p, KCDATA_TYPE_CONTAINER_END, STACKSHOT_KCCONTAINER_TASK, task_uniqueid);
167	*
168	* Feature description: Custom Data formats on demand
169	* --------------------
170	* With the self describing nature of format, the kernel provider can describe a data type (uniquely identified by a number) and use
171	* it in the buffer for sending data. The consumer can parse the type information and have knowledge of describing incoming data.
172	* Following is an example of how we can describe a kernel specific struct sample_disk_io_stats in buffer.
173	*
174	* struct sample_disk_io_stats {
175	* uint64_t disk_reads_count;
176	* uint64_t disk_reads_size;
177	* uint64_t io_priority_count[4];
178	* uint64_t io_priority_size;
179	* } __attribute__ ((packed));
180	*
181	*
182	* struct kcdata_subtype_descriptor disk_io_stats_def[] = {
183	* {KCS_SUBTYPE_FLAGS_NONE, KC_ST_UINT64, 0 * sizeof(uint64_t), sizeof(uint64_t), "disk_reads_count"},
184	* {KCS_SUBTYPE_FLAGS_NONE, KC_ST_UINT64, 1 * sizeof(uint64_t), sizeof(uint64_t), "disk_reads_size"},
185	* {KCS_SUBTYPE_FLAGS_ARRAY, KC_ST_UINT64, 2 * sizeof(uint64_t), KCS_SUBTYPE_PACK_SIZE(4, sizeof(uint64_t)), "io_priority_count"},
186	* {KCS_SUBTYPE_FLAGS_ARRAY, KC_ST_UINT64, (2 + 4) * sizeof(uint64_t), sizeof(uint64_t), "io_priority_size"},
187	* };
188	*
189	* Now you can add this custom type definition into the buffer as
190	* kcdata_add_type_definition(kcdata_p, KCTYPE_SAMPLE_DISK_IO_STATS, "sample_disk_io_stats",
191	* &disk_io_stats_def[0], sizeof(disk_io_stats_def)/sizeof(struct kcdata_subtype_descriptor));
192	*
193	* Feature description: Compression
194	* --------------------
195	* In order to avoid keeping large amounts of memory reserved for a panic stackshot, kcdata has support
196	* for compressing the buffer in a streaming fashion. New data pushed to the kcdata buffer will be
197	* automatically compressed using an algorithm selected by the API user (currently, we only support
198	* pass-through and zlib, in the future we plan to add WKDM support, see: 57913859).
199	*
200	* To start using compression, call:
201	* kcdata_init_compress(kcdata_p, hdr_tag, memcpy_f, comp_type);
202	* where:
203	* `kcdata_p` is the kcdata buffer that will be used
204	* `hdr_tag` is the usual header tag denoting what type of kcdata buffer this will be
205	* `memcpy_f` a memcpy(3) function to use to copy into the buffer, optional.
206	* `compy_type` is the compression type, see KCDCT_ZLIB for an example.
207	*
208	* Once compression is initialized:
209	* (1) all self-describing APIs will automatically compress
210	* (2) you can now use the following APIs to compress data into the buffer:
211	* (None of the following will compress unless kcdata_init_compress() has been called)
212	*
213	* - kcdata_push_data(kcdata_descriptor_t data, uint32_t type, uint32_t size, const void *input_data)
214	* Pushes the buffer of kctype @type at[@input_data, @input_data + @size]
215	* into the kcdata buffer @data, compressing if needed.
216	*
217	* - kcdata_push_array(kcdata_descriptor_t data, uint32_t type_of_element,
218	* uint32_t size_of_element, uint32_t count, const void *input_data)
219	* Pushes the array found at @input_data, with element type @type_of_element, where
220	* each element is of size @size_of_element and there are @count elements into the kcdata buffer
221	* at @data.
222	*
223	* - kcdata_compression_window_open/close(kcdata_descriptor_t data)
224	* In case the data you are trying to push to the kcdata buffer @data is difficult to predict,
225	* you can open a "compression window". Between an open and a close, no compression will be done.
226	* Once you clsoe the window, the underlying compression algorithm will compress the data into the buffer
227	* and automatically rewind the current end marker of the kcdata buffer.
228	* There is an ASCII art in kern_cdata.c to aid the reader in understanding
229	* this.
230	*
231	* - kcdata_finish_compression(kcdata_descriptor_t data)
232	* Must be called at the end to flush any underlying buffers used by the compression algorithms.
233	* This function will also add some statistics about the compression to the buffer which helps with
234	* decompressing later.
235	*
236	*/
237
238
239	#ifndef _KCDATA_H_
240	#define _KCDATA_H_
241
242	#include <stdint.h>
243	#include <string.h>
244	#include <uuid/uuid.h>
245
246	#define KCDATA_DESC_MAXLEN 32 /* including NULL byte at end */
247
248	#define KCDATA_FLAGS_STRUCT_PADDING_MASK 0xf
249	#define KCDATA_FLAGS_STRUCT_HAS_PADDING 0x80
250
251	/*
252	* kcdata aligns elements to 16 byte boundaries.
253	*/
254	#define KCDATA_ALIGNMENT_SIZE 0x10
255
256	struct kcdata_item {
257	uint32_t type;
258	uint32_t size; / len(data) /
259	/ flags.*
260	*
261	* For structures:
262	* padding = flags & 0xf
263	* has_padding = (flags & 0x80) >> 7
264	*
265	* has_padding is needed to disambiguate cases such as
266	* thread_snapshot_v2 and thread_snapshot_v3. Their
267	* respective sizes are 0x68 and 0x70, and thread_snapshot_v2
268	* was emitted by old kernels before we started recording
269	* padding. Since legacy thread_snapsht_v2 and modern
270	* thread_snapshot_v3 will both record 0 for the padding
271	* flags, we need some other bit which will be nonzero in the
272	* flags to disambiguate.
273	*
274	* This is why we hardcode a special case for
275	* STACKSHOT_KCTYPE_THREAD_SNAPSHOT into the iterator
276	* functions below. There is only a finite number of such
277	* hardcodings which will ever be needed. They can occur
278	* when:
279	*
280	* * We have a legacy structure that predates padding flags
281	*
282	* * which we want to extend without changing the kcdata type
283	*
284	* * by only so many bytes as would fit in the space that
285	* was previously unused padding.
286	*
287	* For containers:
288	* container_id = flags
289	*
290	* For arrays:
291	* element_count = flags & UINT32_MAX
292	* element_type = (flags >> 32) & UINT32_MAX
293	*/
294	uint64_t flags;
295	char data[]; / must be at the end /
296	};
297
298	typedef struct kcdata_item * kcdata_item_t;
299
300	enum KCDATA_SUBTYPE_TYPES { KC_ST_CHAR = `1`, KC_ST_INT8, KC_ST_UINT8, KC_ST_INT16, KC_ST_UINT16, KC_ST_INT32, KC_ST_UINT32, KC_ST_INT64, KC_ST_UINT64 };
301	typedef enum KCDATA_SUBTYPE_TYPES kctype_subtype_t;
302
303	/*
304	* A subtype description structure that defines
305	* how a compound data is laid out in memory. This
306	* provides on the fly definition of types and consumption
307	* by the parser.
308	*/
309	struct kcdata_subtype_descriptor {
310	uint8_t kcs_flags;
311	#define KCS_SUBTYPE_FLAGS_NONE 0x0
312	#define KCS_SUBTYPE_FLAGS_ARRAY 0x1
313	/ Force struct type even if only one element.*
314	*
315	* Normally a kcdata_type_definition is treated as a structure if it has
316	* more than one subtype descriptor. Otherwise it is treated as a simple
317	* type. For example libkdd will represent a simple integer 42 as simply
318	* 42, but it will represent a structure containing an integer 42 as
319	* {"field_name": 42}..
320	*
321	* If a kcdata_type_definition has only single subtype, then it will be
322	* treated as a structure iff KCS_SUBTYPE_FLAGS_STRUCT is set. If it has
323	* multiple subtypes, it will always be treated as a structure.
324	*
325	* KCS_SUBTYPE_FLAGS_MERGE has the opposite effect. If this flag is used then
326	* even if there are multiple elements, they will all be treated as individual
327	* properties of the parent dictionary.
328	*/
329	#define KCS_SUBTYPE_FLAGS_STRUCT 0x2 /* force struct type even if only one element */
330	#define KCS_SUBTYPE_FLAGS_MERGE 0x4 /* treat as multiple elements of parents instead of struct */
331	uint8_t kcs_elem_type; / restricted to kctype_subtype_t /
332	uint16_t kcs_elem_offset; / offset in struct where data is found /
333	uint32_t kcs_elem_size; / size of element (or) packed state for array type /
334	char kcs_name[KCDATA_DESC_MAXLEN]; / max 31 bytes for name of field /
335	};
336
337	typedef struct kcdata_subtype_descriptor * kcdata_subtype_descriptor_t;
338
339	/*
340	* In case of array of basic c types in kctype_subtype_t,
341	* size is packed in lower 16 bits and
342	* count is packed in upper 16 bits of kcs_elem_size field.
343	*/
344	#define KCS_SUBTYPE_PACK_SIZE(e_count, e_size) (((e_count)&0xffffu) << 16 \| ((e_size)&0xffffu))
345
346	static inline uint32_t
347	kcs_get_elem_size(kcdata_subtype_descriptor_t d)
348	{
349	if (d->kcs_flags & KCS_SUBTYPE_FLAGS_ARRAY) {
350	/ size is composed as ((count &0xffff)<<16 \| (elem_size & 0xffff)) /
351	return (uint32_t)((d->kcs_elem_size & `0xffff`) * ((d->kcs_elem_size & `0xffff0000`) >> `16`));
352	}
353	return d->kcs_elem_size;
354	}
355
356	static inline uint32_t
357	kcs_get_elem_count(kcdata_subtype_descriptor_t d)
358	{
359	if (d->kcs_flags & KCS_SUBTYPE_FLAGS_ARRAY) {
360	return (d->kcs_elem_size >> `16`) & `0xffff`;
361	}
362	return `1`;
363	}
364
365	static inline int
366	kcs_set_elem_size(kcdata_subtype_descriptor_t d, uint32_t size, uint32_t count)
367	{
368	if (count > `1`) {
369	/ means we are setting up an array /
370	if (size > `0xffff` \|\| count > `0xffff`) {
371	return -`1`; //invalid argument
372	}
373	d->kcs_elem_size = ((count & `0xffff`) << `16` \| (size & `0xffff`));
374	} else {
375	d->kcs_elem_size = size;
376	}
377	return `0`;
378	}
379
380	struct kcdata_type_definition {
381	uint32_t kct_type_identifier;
382	uint32_t kct_num_elements;
383	char kct_name[KCDATA_DESC_MAXLEN];
384	struct kcdata_subtype_descriptor kct_elements[];
385	};
386
387
388	/ chunk type definitions. 0 - 0x7ff are reserved and defined here*
389	* NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes
390	* in STACKSHOT_KCTYPE_* types.
391	*/
392
393	/*
394	* Types with description value.
395	* these will have KCDATA_DESC_MAXLEN-1 length string description
396	* and rest of kcdata_iter_size() - KCDATA_DESC_MAXLEN bytes as data
397	*/
398	#define KCDATA_TYPE_INVALID 0x0u
399	#define KCDATA_TYPE_STRING_DESC 0x1u
400	#define KCDATA_TYPE_UINT32_DESC 0x2u
401	#define KCDATA_TYPE_UINT64_DESC 0x3u
402	#define KCDATA_TYPE_INT32_DESC 0x4u
403	#define KCDATA_TYPE_INT64_DESC 0x5u
404	#define KCDATA_TYPE_BINDATA_DESC 0x6u
405
406	/*
407	* Compound type definitions
408	*/
409	#define KCDATA_TYPE_ARRAY 0x11u /* Array of data OBSOLETE DONT USE THIS*/
410	#define KCDATA_TYPE_TYPEDEFINTION 0x12u /* Meta type that describes a type on the fly. */
411	#define KCDATA_TYPE_CONTAINER_BEGIN \
412	0x13u /* Container type which has corresponding CONTAINER_END header. \
413	* KCDATA_TYPE_CONTAINER_BEGIN has type in the data segment. \
414	* Both headers have (uint64_t) ID for matching up nested data. \
415	*/
416	#define KCDATA_TYPE_CONTAINER_END 0x14u
417
418	#define KCDATA_TYPE_ARRAY_PAD0 0x20u /* Array of data with 0 byte of padding*/
419	#define KCDATA_TYPE_ARRAY_PAD1 0x21u /* Array of data with 1 byte of padding*/
420	#define KCDATA_TYPE_ARRAY_PAD2 0x22u /* Array of data with 2 byte of padding*/
421	#define KCDATA_TYPE_ARRAY_PAD3 0x23u /* Array of data with 3 byte of padding*/
422	#define KCDATA_TYPE_ARRAY_PAD4 0x24u /* Array of data with 4 byte of padding*/
423	#define KCDATA_TYPE_ARRAY_PAD5 0x25u /* Array of data with 5 byte of padding*/
424	#define KCDATA_TYPE_ARRAY_PAD6 0x26u /* Array of data with 6 byte of padding*/
425	#define KCDATA_TYPE_ARRAY_PAD7 0x27u /* Array of data with 7 byte of padding*/
426	#define KCDATA_TYPE_ARRAY_PAD8 0x28u /* Array of data with 8 byte of padding*/
427	#define KCDATA_TYPE_ARRAY_PAD9 0x29u /* Array of data with 9 byte of padding*/
428	#define KCDATA_TYPE_ARRAY_PADa 0x2au /* Array of data with a byte of padding*/
429	#define KCDATA_TYPE_ARRAY_PADb 0x2bu /* Array of data with b byte of padding*/
430	#define KCDATA_TYPE_ARRAY_PADc 0x2cu /* Array of data with c byte of padding*/
431	#define KCDATA_TYPE_ARRAY_PADd 0x2du /* Array of data with d byte of padding*/
432	#define KCDATA_TYPE_ARRAY_PADe 0x2eu /* Array of data with e byte of padding*/
433	#define KCDATA_TYPE_ARRAY_PADf 0x2fu /* Array of data with f byte of padding*/
434
435	/*
436	* Generic data types that are most commonly used
437	*/
438	#define KCDATA_TYPE_LIBRARY_LOADINFO 0x30u /* struct dyld_uuid_info_32 */
439	#define KCDATA_TYPE_LIBRARY_LOADINFO64 0x31u /* struct dyld_uuid_info_64 */
440	#define KCDATA_TYPE_TIMEBASE 0x32u /* struct mach_timebase_info */
441	#define KCDATA_TYPE_MACH_ABSOLUTE_TIME 0x33u /* uint64_t */
442	#define KCDATA_TYPE_TIMEVAL 0x34u /* struct timeval64 */
443	#define KCDATA_TYPE_USECS_SINCE_EPOCH 0x35u /* time in usecs uint64_t */
444	#define KCDATA_TYPE_PID 0x36u /* int32_t */
445	#define KCDATA_TYPE_PROCNAME 0x37u /* char * */
446	#define KCDATA_TYPE_NESTED_KCDATA 0x38u /* nested kcdata buffer */
447	#define KCDATA_TYPE_LIBRARY_AOTINFO 0x39u /* struct user64_dyld_aot_info */
448
449	#define KCDATA_TYPE_BUFFER_END 0xF19158EDu
450
451	/ MAGIC numbers defined for each class of chunked data*
452	*
453	* To future-proof against big-endian arches, make sure none of these magic
454	* numbers are byteswaps of each other
455	*/
456
457	#define KCDATA_BUFFER_BEGIN_CRASHINFO 0xDEADF157u /* owner: corpses/task_corpse.h */
458	/ type-range: 0x800 - 0x8ff /
459	#define KCDATA_BUFFER_BEGIN_STACKSHOT 0x59a25807u /* owner: sys/stackshot.h */
460	/ type-range: 0x900 - 0x93f /
461	#define KCDATA_BUFFER_BEGIN_COMPRESSED 0x434f4d50u /* owner: sys/stackshot.h */
462	/ type-range: 0x900 - 0x93f /
463	#define KCDATA_BUFFER_BEGIN_DELTA_STACKSHOT 0xDE17A59Au /* owner: sys/stackshot.h */
464	/ type-range: 0x940 - 0x9ff /
465	#define KCDATA_BUFFER_BEGIN_BTINFO 0x46414E47u /* owner: kern/kern_exit.c */
466	/ type-range: 0xa01 - 0xaff /
467	#define KCDATA_BUFFER_BEGIN_OS_REASON 0x53A20900u /* owner: sys/reason.h */
468	/ type-range: 0x1000-0x103f /
469	#define KCDATA_BUFFER_BEGIN_XNUPOST_CONFIG 0x1e21c09fu /* owner: osfmk/tests/kernel_tests.c */
470	/ type-range: 0x1040-0x105f /
471
472	/ next type range number available 0x1060 /
473	/************* definitions for XNUPOST ******************/
474	#define XNUPOST_KCTYPE_TESTCONFIG 0x1040
475
476	/************* definitions for stackshot ******************/
477
478	/ This value must always match IO_NUM_PRIORITIES defined in thread_info.h /
479	#define STACKSHOT_IO_NUM_PRIORITIES 4
480	/ This value must always match MAXTHREADNAMESIZE used in bsd /
481	#define STACKSHOT_MAX_THREAD_NAME_SIZE 64
482
483	/*
484	* NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes
485	* in STACKSHOT_KCTYPE_* types.
486	*/
487	#define STACKSHOT_KCTYPE_IOSTATS 0x901u /* io_stats_snapshot */
488	#define STACKSHOT_KCTYPE_GLOBAL_MEM_STATS 0x902u /* struct mem_and_io_snapshot */
489	#define STACKSHOT_KCCONTAINER_TASK 0x903u
490	#define STACKSHOT_KCCONTAINER_THREAD 0x904u
491	#define STACKSHOT_KCTYPE_TASK_SNAPSHOT 0x905u /* task_snapshot_v2 */
492	#define STACKSHOT_KCTYPE_THREAD_SNAPSHOT 0x906u /* thread_snapshot_v2, thread_snapshot_v3 */
493	#define STACKSHOT_KCTYPE_DONATING_PIDS 0x907u /* int[] */
494	#define STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO 0x908u /* dyld_shared_cache_loadinfo */
495	#define STACKSHOT_KCTYPE_THREAD_NAME 0x909u /* char[] */
496	#define STACKSHOT_KCTYPE_KERN_STACKFRAME 0x90Au /* struct stack_snapshot_frame32 */
497	#define STACKSHOT_KCTYPE_KERN_STACKFRAME64 0x90Bu /* struct stack_snapshot_frame64 */
498	#define STACKSHOT_KCTYPE_USER_STACKFRAME 0x90Cu /* struct stack_snapshot_frame32 */
499	#define STACKSHOT_KCTYPE_USER_STACKFRAME64 0x90Du /* struct stack_snapshot_frame64 */
500	#define STACKSHOT_KCTYPE_BOOTARGS 0x90Eu /* boot args string */
501	#define STACKSHOT_KCTYPE_OSVERSION 0x90Fu /* os version string */
502	#define STACKSHOT_KCTYPE_KERN_PAGE_SIZE 0x910u /* kernel page size in uint32_t */
503	#define STACKSHOT_KCTYPE_JETSAM_LEVEL 0x911u /* jetsam level in uint32_t */
504	#define STACKSHOT_KCTYPE_DELTA_SINCE_TIMESTAMP 0x912u /* timestamp used for the delta stackshot */
505	#define STACKSHOT_KCTYPE_KERN_STACKLR 0x913u /* uint32_t */
506	#define STACKSHOT_KCTYPE_KERN_STACKLR64 0x914u /* uint64_t */
507	#define STACKSHOT_KCTYPE_USER_STACKLR 0x915u /* uint32_t */
508	#define STACKSHOT_KCTYPE_USER_STACKLR64 0x916u /* uint64_t */
509	#define STACKSHOT_KCTYPE_NONRUNNABLE_TIDS 0x917u /* uint64_t */
510	#define STACKSHOT_KCTYPE_NONRUNNABLE_TASKS 0x918u /* uint64_t */
511	#define STACKSHOT_KCTYPE_CPU_TIMES 0x919u /* struct stackshot_cpu_times or stackshot_cpu_times_v2 */
512	#define STACKSHOT_KCTYPE_STACKSHOT_DURATION 0x91au /* struct stackshot_duration */
513	#define STACKSHOT_KCTYPE_STACKSHOT_FAULT_STATS 0x91bu /* struct stackshot_fault_stats */
514	#define STACKSHOT_KCTYPE_KERNELCACHE_LOADINFO 0x91cu /* kernelcache UUID -- same as KCDATA_TYPE_LIBRARY_LOADINFO64 */
515	#define STACKSHOT_KCTYPE_THREAD_WAITINFO 0x91du /* struct stackshot_thread_waitinfo */
516	#define STACKSHOT_KCTYPE_THREAD_GROUP_SNAPSHOT 0x91eu /* struct thread_group_snapshot{,_v2,_v3} */
517	#define STACKSHOT_KCTYPE_THREAD_GROUP 0x91fu /* uint64_t */
518	#define STACKSHOT_KCTYPE_JETSAM_COALITION_SNAPSHOT 0x920u /* struct jetsam_coalition_snapshot */
519	#define STACKSHOT_KCTYPE_JETSAM_COALITION 0x921u /* uint64_t */
520	#define STACKSHOT_KCTYPE_THREAD_POLICY_VERSION 0x922u /* THREAD_POLICY_INTERNAL_STRUCT_VERSION in uint32 */
521	#define STACKSHOT_KCTYPE_INSTRS_CYCLES 0x923u /* struct instrs_cycles_snapshot_v2 */
522	#define STACKSHOT_KCTYPE_USER_STACKTOP 0x924u /* struct stack_snapshot_stacktop */
523	#define STACKSHOT_KCTYPE_ASID 0x925u /* uint32_t */
524	#define STACKSHOT_KCTYPE_PAGE_TABLES 0x926u /* uint64_t */
525	#define STACKSHOT_KCTYPE_SYS_SHAREDCACHE_LAYOUT 0x927u /* same as KCDATA_TYPE_LIBRARY_LOADINFO64 */
526	#define STACKSHOT_KCTYPE_THREAD_DISPATCH_QUEUE_LABEL 0x928u /* dispatch queue label */
527	#define STACKSHOT_KCTYPE_THREAD_TURNSTILEINFO 0x929u /* struct stackshot_thread_turnstileinfo */
528	#define STACKSHOT_KCTYPE_TASK_CPU_ARCHITECTURE 0x92au /* struct stackshot_cpu_architecture */
529	#define STACKSHOT_KCTYPE_LATENCY_INFO 0x92bu /* struct stackshot_latency_collection */
530	#define STACKSHOT_KCTYPE_LATENCY_INFO_TASK 0x92cu /* struct stackshot_latency_task */
531	#define STACKSHOT_KCTYPE_LATENCY_INFO_THREAD 0x92du /* struct stackshot_latency_thread */
532	#define STACKSHOT_KCTYPE_LOADINFO64_TEXT_EXEC 0x92eu /* TEXT_EXEC load info -- same as KCDATA_TYPE_LIBRARY_LOADINFO64 */
533	#define STACKSHOT_KCTYPE_AOTCACHE_LOADINFO 0x92fu /* struct dyld_aot_cache_uuid_info */
534	#define STACKSHOT_KCTYPE_TRANSITIONING_TASK_SNAPSHOT 0x930u /* transitioning_task_snapshot */
535	#define STACKSHOT_KCCONTAINER_TRANSITIONING_TASK 0x931u
536	#define STACKSHOT_KCTYPE_USER_ASYNC_START_INDEX 0x932u /* uint32_t index in user_stack of beginning of async stack */
537	#define STACKSHOT_KCTYPE_USER_ASYNC_STACKLR64 0x933u /* uint64_t async stack pointers */
538	#define STACKSHOT_KCCONTAINER_PORTLABEL 0x934u /* container for port label info */
539	#define STACKSHOT_KCTYPE_PORTLABEL 0x935u /* struct stackshot_portlabel */
540	#define STACKSHOT_KCTYPE_PORTLABEL_NAME 0x936u /* string port name */
541	#define STACKSHOT_KCTYPE_DYLD_COMPACTINFO 0x937u /* binary blob of dyld info (variable size) */
542	#define STACKSHOT_KCTYPE_SUSPENSION_INFO 0x938u /* struct stackshot_suspension_info */
543	#define STACKSHOT_KCTYPE_SUSPENSION_SOURCE 0x939u /* struct stackshot_suspension_source */
544
545	#define STACKSHOT_KCTYPE_TASK_DELTA_SNAPSHOT 0x940u /* task_delta_snapshot_v2 */
546	#define STACKSHOT_KCTYPE_THREAD_DELTA_SNAPSHOT 0x941u /* thread_delta_snapshot_v* */
547	#define STACKSHOT_KCCONTAINER_SHAREDCACHE 0x942u /* container for shared cache info */
548	#define STACKSHOT_KCTYPE_SHAREDCACHE_INFO 0x943u /* dyld_shared_cache_loadinfo_v2 */
549	#define STACKSHOT_KCTYPE_SHAREDCACHE_AOTINFO 0x944u /* struct dyld_aot_cache_uuid_info */
550	#define STACKSHOT_KCTYPE_SHAREDCACHE_ID 0x945u /* uint32_t in task: if we aren't attached to Primary, which one */
551	#define STACKSHOT_KCTYPE_CODESIGNING_INFO 0x946u /* struct stackshot_task_codesigning_info */
552	#define STACKSHOT_KCTYPE_KERN_EXCLAVES_THREADINFO 0x948u /* struct thread_exclaves_info */
553	#define STACKSHOT_KCCONTAINER_EXCLAVES 0x949u /* exclave threads info */
554	#define STACKSHOT_KCCONTAINER_EXCLAVE_SCRESULT 0x94au /* exclave thread container for one scid */
555	#define STACKSHOT_KCTYPE_EXCLAVE_SCRESULT_INFO 0x94bu /* struct exclave_scresult_info */
556	#define STACKSHOT_KCCONTAINER_EXCLAVE_IPCSTACKENTRY 0x94cu /* container for one chunk of exclave IPC chain */
557	#define STACKSHOT_KCTYPE_EXCLAVE_IPCSTACKENTRY_INFO 0x94du /* struct exclave_ipcstackentry_info */
558	#define STACKSHOT_KCTYPE_EXCLAVE_IPCSTACKENTRY_ECSTACK 0x94eu /* exclave_ecstackentry_addr_t */
559	#define STACKSHOT_KCCONTAINER_EXCLAVE_ADDRESSSPACE 0x94fu /* exclave address space container */
560	#define STACKSHOT_KCTYPE_EXCLAVE_ADDRESSSPACE_INFO 0x950u /* struct exclave_addressspace_info */
561	#define STACKSHOT_KCTYPE_EXCLAVE_ADDRESSSPACE_NAME 0x951u /* exclave component name */
562	#define STACKSHOT_KCCONTAINER_EXCLAVE_TEXTLAYOUT 0x952u /* exclave text layout container */
563	#define STACKSHOT_KCTYPE_EXCLAVE_TEXTLAYOUT_INFO 0x953u /* struct exclave_textlayout_info */
564	#define STACKSHOT_KCTYPE_EXCLAVE_TEXTLAYOUT_SEGMENTS 0x954u /* struct exclave_textlayout_segment */
565	#define STACKSHOT_KCTYPE_KERN_EXCLAVES_CRASH_THREADINFO 0x955u /* struct thread_crash_exclaves_info */
566
567	struct stack_snapshot_frame32 {
568	uint32_t lr;
569	uint32_t sp;
570	};
571
572	struct stack_snapshot_frame64 {
573	uint64_t lr;
574	uint64_t sp;
575	};
576
577	struct dyld_uuid_info_32 {
578	uint32_t imageLoadAddress; / base address image is mapped at /
579	uuid_t imageUUID;
580	};
581
582	struct dyld_uuid_info_64 {
583	uint64_t imageLoadAddress; / XXX image slide /
584	uuid_t imageUUID;
585	};
586
587	/*
588	* N.B.: Newer kernels output dyld_shared_cache_loadinfo structures
589	* instead of this, since the field names match their contents better.
590	*/
591	struct dyld_uuid_info_64_v2 {
592	uint64_t imageLoadAddress; / XXX image slide /
593	uuid_t imageUUID;
594	/ end of version 1 of dyld_uuid_info_64. sizeof v1 was 24 /
595	uint64_t imageSlidBaseAddress; / slid base address or slid first mapping of image /
596	};
597
598	enum dyld_shared_cache_flags {
599	kSharedCacheSystemPrimary = `0x1`, / primary shared cache on the system; attached tasks will have kTaskSharedRegionSystem set /
600	kSharedCacheDriverkit = `0x2`, / driverkit shared cache /
601	kSharedCacheAOT = `0x4`, / Rosetta shared cache /
602	};
603
604	/*
605	* This is the renamed version of dyld_uuid_info_64 with more accurate
606	* field names, for STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO. Any users
607	* must be aware of the dyld_uuid_info_64* version history and ensure
608	* the fields they are accessing are within the actual bounds.
609	*
610	* OLD_FIELD NEW_FIELD
611	* imageLoadAddress sharedCacheSlide
612	* imageUUID sharedCacheUUID
613	* imageSlidBaseAddress sharedCacheUnreliableSlidBaseAddress
614	* - sharedCacheSlidFirstMapping
615	* - sharedCacheID
616	* - sharedCacheFlags
617	*/
618	struct dyld_shared_cache_loadinfo_v2 {
619	uint64_t sharedCacheSlide; / image slide value /
620	uuid_t sharedCacheUUID;
621	/ end of version 1 of dyld_uuid_info_64. sizeof v1 was 24 /
622	uint64_t sharedCacheUnreliableSlidBaseAddress; / for backwards-compatibility; use sharedCacheSlidFirstMapping if available /
623	/ end of version 2 of dyld_uuid_info_64. sizeof v2 was 32 /
624	uint64_t sharedCacheSlidFirstMapping; / slid base address of first mapping /
625	/ end of version 1 of dyld_shared_cache_loadinfo. sizeof was 40 /
626	uint32_t sharedCacheID; / ID of shared cache /
627	uint32_t sharedCacheFlags;
628	};
629
630	struct dyld_shared_cache_loadinfo {
631	uint64_t sharedCacheSlide; / image slide value /
632	uuid_t sharedCacheUUID;
633	/ end of version 1 of dyld_uuid_info_64. sizeof v1 was 24 /
634	uint64_t sharedCacheUnreliableSlidBaseAddress; / for backwards-compatibility; use sharedCacheSlidFirstMapping if available /
635	/ end of version 2 of dyld_uuid_info_64. sizeof v2 was 32 /
636	uint64_t sharedCacheSlidFirstMapping; / slid base address of first mapping /
637	};
638
639	struct dyld_aot_cache_uuid_info {
640	uint64_t x86SlidBaseAddress; / slid first mapping address of x86 shared cache /
641	uuid_t x86UUID; / UUID of x86 shared cache /
642	uint64_t aotSlidBaseAddress; / slide first mapping address of aot cache /
643	uuid_t aotUUID; / UUID of aot shared cache /
644	};
645
646	struct user32_dyld_uuid_info {
647	uint32_t imageLoadAddress; / base address image is mapped into /
648	uuid_t imageUUID; / UUID of image /
649	};
650
651	struct user64_dyld_uuid_info {
652	uint64_t imageLoadAddress; / base address image is mapped into /
653	uuid_t imageUUID; / UUID of image /
654	};
655
656	#define DYLD_AOT_IMAGE_KEY_SIZE 32
657
658	struct user64_dyld_aot_info {
659	uint64_t x86LoadAddress;
660	uint64_t aotLoadAddress;
661	uint64_t aotImageSize;
662	uint8_t aotImageKey[DYLD_AOT_IMAGE_KEY_SIZE];
663	};
664
665	enum task_snapshot_flags {
666	/ k{User,Kernel}64_p (values 0x1 and 0x2) are defined in generic_snapshot_flags /
667	kTaskRsrcFlagged = `0x4`, // In the EXC_RESOURCE danger zone?
668	kTerminatedSnapshot = `0x8`,
669	kPidSuspended = `0x10`, // true for suspended task
670	kFrozen = `0x20`, // true for hibernated task (along with pidsuspended)
671	kTaskDarwinBG = `0x40`,
672	kTaskExtDarwinBG = `0x80`,
673	kTaskVisVisible = `0x100`,
674	kTaskVisNonvisible = `0x200`,
675	kTaskIsForeground = `0x400`,
676	kTaskIsBoosted = `0x800`,
677	kTaskIsSuppressed = `0x1000`,
678	kTaskIsTimerThrottled = `0x2000`, / deprecated /
679	kTaskIsImpDonor = `0x4000`,
680	kTaskIsLiveImpDonor = `0x8000`,
681	kTaskIsDirty = `0x10000`,
682	kTaskWqExceededConstrainedThreadLimit = `0x20000`,
683	kTaskWqExceededTotalThreadLimit = `0x40000`,
684	kTaskWqFlagsAvailable = `0x80000`,
685	kTaskUUIDInfoFaultedIn = `0x100000`, / successfully faulted in some UUID info /
686	kTaskUUIDInfoMissing = `0x200000`, / some UUID info was paged out /
687	kTaskUUIDInfoTriedFault = `0x400000`, / tried to fault in UUID info /
688	kTaskSharedRegionInfoUnavailable = `0x800000`, / shared region info unavailable /
689	kTaskTALEngaged = `0x1000000`,
690	/ 0x2000000 unused /
691	kTaskIsDirtyTracked = `0x4000000`,
692	kTaskAllowIdleExit = `0x8000000`,
693	kTaskIsTranslated = `0x10000000`,
694	kTaskSharedRegionNone = `0x20000000`, / task doesn't have a shared region /
695	kTaskSharedRegionSystem = `0x40000000`, / task attached to region with kSharedCacheSystemPrimary set /
696	kTaskSharedRegionOther = `0x80000000`, / task is attached to a different shared region /
697	kTaskDyldCompactInfoNone = `0x100000000`,
698	kTaskDyldCompactInfoTooBig = `0x200000000`,
699	kTaskDyldCompactInfoFaultedIn = `0x400000000`,
700	kTaskDyldCompactInfoMissing = `0x800000000`,
701	kTaskDyldCompactInfoTriedFault = `0x1000000000`,
702	}; // Note: Add any new flags to kcdata.py (ts_ss_flags)
703
704	enum task_transition_type {
705	kTaskIsTerminated = `0x1`,// Past LPEXIT
706	};
707
708	enum thread_snapshot_flags {
709	/ k{User,Kernel}64_p (values 0x1 and 0x2) are defined in generic_snapshot_flags /
710	kHasDispatchSerial = `0x4`,
711	kStacksPCOnly = `0x8`, / Stack traces have no frame pointers. /
712	kThreadDarwinBG = `0x10`, / Thread is darwinbg /
713	kThreadIOPassive = `0x20`, / Thread uses passive IO /
714	kThreadSuspended = `0x40`, / Thread is suspended /
715	kThreadTruncatedBT = `0x80`, / Unmapped pages caused truncated backtrace /
716	kGlobalForcedIdle = `0x100`, / Thread performs global forced idle /
717	kThreadFaultedBT = `0x200`, / Some thread stack pages were faulted in as part of BT /
718	kThreadTriedFaultBT = `0x400`, / We tried to fault in thread stack pages as part of BT /
719	kThreadOnCore = `0x800`, / Thread was on-core when we entered debugger context /
720	kThreadIdleWorker = `0x1000`, / Thread is an idle libpthread worker thread /
721	kThreadMain = `0x2000`, / Thread is the main thread /
722	kThreadTruncKernBT = `0x4000`, / Unmapped pages caused truncated kernel BT /
723	kThreadTruncUserBT = `0x8000`, / Unmapped pages caused truncated user BT /
724	kThreadTruncUserAsyncBT = `0x10000`, / Unmapped pages caused truncated user async BT /
725	}; // Note: Add any new flags to kcdata.py (ths_ss_flags)
726
727	struct mem_and_io_snapshot {
728	uint32_t snapshot_magic;
729	uint32_t free_pages;
730	uint32_t active_pages;
731	uint32_t inactive_pages;
732	uint32_t purgeable_pages;
733	uint32_t wired_pages;
734	uint32_t speculative_pages;
735	uint32_t throttled_pages;
736	uint32_t filebacked_pages;
737	uint32_t compressions;
738	uint32_t decompressions;
739	uint32_t compressor_size;
740	int32_t busy_buffer_count;
741	uint32_t pages_wanted;
742	uint32_t pages_reclaimed;
743	uint8_t pages_wanted_reclaimed_valid; // did mach_vm_pressure_monitor succeed?
744	} __attribute__((packed));
745
746	/ SS_TH_* macros are for ths_state /
747	#define SS_TH_WAIT 0x01 /* queued for waiting */
748	#define SS_TH_SUSP 0x02 /* stopped or requested to stop */
749	#define SS_TH_RUN 0x04 /* running or on runq */
750	#define SS_TH_UNINT 0x08 /* waiting uninteruptibly */
751	#define SS_TH_TERMINATE 0x10 /* halted at termination */
752	#define SS_TH_TERMINATE2 0x20 /* added to termination queue */
753	#define SS_TH_IDLE 0x80 /* idling processor */
754
755	struct thread_snapshot_v2 {
756	uint64_t ths_thread_id;
757	uint64_t ths_wait_event;
758	uint64_t ths_continuation;
759	uint64_t ths_total_syscalls;
760	uint64_t ths_voucher_identifier;
761	uint64_t ths_dqserialnum;
762	uint64_t ths_user_time;
763	uint64_t ths_sys_time;
764	uint64_t ths_ss_flags;
765	uint64_t ths_last_run_time;
766	uint64_t ths_last_made_runnable_time;
767	uint32_t ths_state;
768	uint32_t ths_sched_flags;
769	int16_t ths_base_priority;
770	int16_t ths_sched_priority;
771	uint8_t ths_eqos;
772	uint8_t ths_rqos;
773	uint8_t ths_rqos_override;
774	uint8_t ths_io_tier;
775	} __attribute__((packed));
776
777	struct thread_snapshot_v3 {
778	uint64_t ths_thread_id;
779	uint64_t ths_wait_event;
780	uint64_t ths_continuation;
781	uint64_t ths_total_syscalls;
782	uint64_t ths_voucher_identifier;
783	uint64_t ths_dqserialnum;
784	uint64_t ths_user_time;
785	uint64_t ths_sys_time;
786	uint64_t ths_ss_flags;
787	uint64_t ths_last_run_time;
788	uint64_t ths_last_made_runnable_time;
789	uint32_t ths_state;
790	uint32_t ths_sched_flags;
791	int16_t ths_base_priority;
792	int16_t ths_sched_priority;
793	uint8_t ths_eqos;
794	uint8_t ths_rqos;
795	uint8_t ths_rqos_override;
796	uint8_t ths_io_tier;
797	uint64_t ths_thread_t;
798	} __attribute__((packed));
799
800
801	struct thread_snapshot_v4 {
802	uint64_t ths_thread_id;
803	uint64_t ths_wait_event;
804	uint64_t ths_continuation;
805	uint64_t ths_total_syscalls;
806	uint64_t ths_voucher_identifier;
807	uint64_t ths_dqserialnum;
808	uint64_t ths_user_time;
809	uint64_t ths_sys_time;
810	uint64_t ths_ss_flags;
811	uint64_t ths_last_run_time;
812	uint64_t ths_last_made_runnable_time;
813	uint32_t ths_state;
814	uint32_t ths_sched_flags;
815	int16_t ths_base_priority;
816	int16_t ths_sched_priority;
817	uint8_t ths_eqos;
818	uint8_t ths_rqos;
819	uint8_t ths_rqos_override;
820	uint8_t ths_io_tier;
821	uint64_t ths_thread_t;
822	uint64_t ths_requested_policy;
823	uint64_t ths_effective_policy;
824	} __attribute__((packed));
825
826
827	struct thread_group_snapshot {
828	uint64_t tgs_id;
829	char tgs_name[`16`];
830	} __attribute__((packed));
831
832	/*
833	* In general these flags mirror their THREAD_GROUP_FLAGS_ counterparts.
834	* THREAD_GROUP_FLAGS_UI_APP was repurposed and THREAD_GROUP_FLAGS_APPLICATION
835	* introduced to take its place. To remain compatible, kThreadGroupUIApp is
836	* kept around and kThreadGroupUIApplication introduced.
837	*/
838	enum thread_group_flags {
839	kThreadGroupEfficient = `0x1`,
840	kThreadGroupApplication = `0x2`,
841	kThreadGroupUIApp = `0x2`,
842	kThreadGroupCritical = `0x4`,
843	kThreadGroupBestEffort = `0x8`,
844	kThreadGroupUIApplication = `0x100`,
845	kThreadGroupManaged = `0x200`,
846	kThreadGroupStrictTimers = `0x400`,
847	}; // Note: Add any new flags to kcdata.py (tgs_flags)
848
849	struct thread_group_snapshot_v2 {
850	uint64_t tgs_id;
851	char tgs_name[`16`];
852	uint64_t tgs_flags;
853	} __attribute__((packed));
854
855	struct thread_group_snapshot_v3 {
856	uint64_t tgs_id;
857	char tgs_name[`16`];
858	uint64_t tgs_flags;
859	char tgs_name_cont[`16`];
860	} __attribute__((packed));
861
862	enum coalition_flags {
863	kCoalitionTermRequested = `0x1`,
864	kCoalitionTerminated = `0x2`,
865	kCoalitionReaped = `0x4`,
866	kCoalitionPrivileged = `0x8`,
867	}; // Note: Add any new flags to kcdata.py (jcs_flags)
868
869	struct jetsam_coalition_snapshot {
870	uint64_t jcs_id;
871	uint64_t jcs_flags;
872	uint64_t jcs_thread_group;
873	uint64_t jcs_leader_task_uniqueid;
874	} __attribute__((packed));
875
876	struct instrs_cycles_snapshot {
877	uint64_t ics_instructions;
878	uint64_t ics_cycles;
879	} __attribute__((packed));
880
881	struct instrs_cycles_snapshot_v2 {
882	uint64_t ics_instructions;
883	uint64_t ics_cycles;
884	uint64_t ics_p_instructions;
885	uint64_t ics_p_cycles;
886	} __attribute__((packed));
887
888	struct thread_delta_snapshot_v2 {
889	uint64_t tds_thread_id;
890	uint64_t tds_voucher_identifier;
891	uint64_t tds_ss_flags;
892	uint64_t tds_last_made_runnable_time;
893	uint32_t tds_state;
894	uint32_t tds_sched_flags;
895	int16_t tds_base_priority;
896	int16_t tds_sched_priority;
897	uint8_t tds_eqos;
898	uint8_t tds_rqos;
899	uint8_t tds_rqos_override;
900	uint8_t tds_io_tier;
901	} __attribute__ ((packed));
902
903	struct thread_delta_snapshot_v3 {
904	uint64_t tds_thread_id;
905	uint64_t tds_voucher_identifier;
906	uint64_t tds_ss_flags;
907	uint64_t tds_last_made_runnable_time;
908	uint32_t tds_state;
909	uint32_t tds_sched_flags;
910	int16_t tds_base_priority;
911	int16_t tds_sched_priority;
912	uint8_t tds_eqos;
913	uint8_t tds_rqos;
914	uint8_t tds_rqos_override;
915	uint8_t tds_io_tier;
916	uint64_t tds_requested_policy;
917	uint64_t tds_effective_policy;
918	} __attribute__ ((packed));
919
920	struct io_stats_snapshot {
921	/*
922	* I/O Statistics
923	* XXX: These fields must be together.
924	*/
925	uint64_t ss_disk_reads_count;
926	uint64_t ss_disk_reads_size;
927	uint64_t ss_disk_writes_count;
928	uint64_t ss_disk_writes_size;
929	uint64_t ss_io_priority_count[STACKSHOT_IO_NUM_PRIORITIES];
930	uint64_t ss_io_priority_size[STACKSHOT_IO_NUM_PRIORITIES];
931	uint64_t ss_paging_count;
932	uint64_t ss_paging_size;
933	uint64_t ss_non_paging_count;
934	uint64_t ss_non_paging_size;
935	uint64_t ss_data_count;
936	uint64_t ss_data_size;
937	uint64_t ss_metadata_count;
938	uint64_t ss_metadata_size;
939	/ XXX: I/O Statistics end /
940	} __attribute__ ((packed));
941
942	struct task_snapshot_v2 {
943	uint64_t ts_unique_pid;
944	uint64_t ts_ss_flags;
945	uint64_t ts_user_time_in_terminated_threads;
946	uint64_t ts_system_time_in_terminated_threads;
947	uint64_t ts_p_start_sec;
948	uint64_t ts_task_size;
949	uint64_t ts_max_resident_size;
950	uint32_t ts_suspend_count;
951	uint32_t ts_faults;
952	uint32_t ts_pageins;
953	uint32_t ts_cow_faults;
954	uint32_t ts_was_throttled;
955	uint32_t ts_did_throttle;
956	uint32_t ts_latency_qos;
957	int32_t ts_pid;
958	char ts_p_comm[`32`];
959	} __attribute__ ((packed));
960
961	struct transitioning_task_snapshot {
962	uint64_t tts_unique_pid;
963	uint64_t tts_ss_flags;
964	uint64_t tts_transition_type;
965	int32_t tts_pid;
966	char tts_p_comm[`32`];
967	} __attribute__ ((packed));
968
969	struct task_delta_snapshot_v2 {
970	uint64_t tds_unique_pid;
971	uint64_t tds_ss_flags;
972	uint64_t tds_user_time_in_terminated_threads;
973	uint64_t tds_system_time_in_terminated_threads;
974	uint64_t tds_task_size;
975	uint64_t tds_max_resident_size;
976	uint32_t tds_suspend_count;
977	uint32_t tds_faults;
978	uint32_t tds_pageins;
979	uint32_t tds_cow_faults;
980	uint32_t tds_was_throttled;
981	uint32_t tds_did_throttle;
982	uint32_t tds_latency_qos;
983	} __attribute__ ((packed));
984
985	#define KCDATA_INVALID_CS_TRUST_LEVEL 0xffffffff
986	struct stackshot_task_codesigning_info {
987	uint64_t csflags;
988	uint32_t cs_trust_level;
989	} __attribute__ ((packed));
990
991	struct stackshot_cpu_times {
992	uint64_t user_usec;
993	uint64_t system_usec;
994	} __attribute__((packed));
995
996	struct stackshot_cpu_times_v2 {
997	uint64_t user_usec;
998	uint64_t system_usec;
999	uint64_t runnable_usec;
1000	} __attribute__((packed));
1001
1002	struct stackshot_duration {
1003	uint64_t stackshot_duration;
1004	uint64_t stackshot_duration_outer;
1005	} __attribute__((packed));
1006
1007	struct stackshot_duration_v2 {
1008	uint64_t stackshot_duration;
1009	uint64_t stackshot_duration_outer;
1010	uint64_t stackshot_duration_prior;
1011	} __attribute__((packed));
1012
1013	struct stackshot_fault_stats {
1014	uint32_t sfs_pages_faulted_in; / number of pages faulted in using KDP fault path /
1015	uint64_t sfs_time_spent_faulting; / MATUs spent faulting /
1016	uint64_t sfs_system_max_fault_time; / MATUs fault time limit per stackshot /
1017	uint8_t sfs_stopped_faulting; / we stopped decompressing because we hit the limit /
1018	} __attribute__((packed));
1019
1020	typedef struct stackshot_thread_waitinfo {
1021	uint64_t owner; / The thread that owns the object /
1022	uint64_t waiter; / The thread that's waiting on the object /
1023	uint64_t context; / A context uniquely identifying the object /
1024	uint8_t wait_type; / The type of object that the thread is waiting on /
1025	} __attribute__((packed)) thread_waitinfo_t;
1026
1027	typedef struct stackshot_thread_waitinfo_v2 {
1028	uint64_t owner; / The thread that owns the object /
1029	uint64_t waiter; / The thread that's waiting on the object /
1030	uint64_t context; / A context uniquely identifying the object /
1031	uint8_t wait_type; / The type of object that the thread is waiting on /
1032	int16_t portlabel_id; / matches to a stackshot_portlabel, or NONE or MISSING /
1033	uint32_t wait_flags; / info about the wait /
1034	#define STACKSHOT_WAITINFO_FLAGS_SPECIALREPLY 0x1 /* We're waiting on a special reply port */
1035	} __attribute__((packed)) thread_waitinfo_v2_t;
1036
1037
1038	typedef struct stackshot_thread_turnstileinfo {
1039	uint64_t waiter; / The thread that's waiting on the object /
1040	uint64_t turnstile_context; / Associated data (either thread id, or workq addr) /
1041	uint8_t turnstile_priority;
1042	uint8_t number_of_hops;
1043	uint64_t turnstile_flags; / see below /
1044	} __attribute__((packed)) thread_turnstileinfo_t;
1045
1046	typedef struct stackshot_thread_turnstileinfo_v2 {
1047	uint64_t waiter; / The thread that's waiting on the object /
1048	uint64_t turnstile_context; / Associated data (either thread id, or workq addr) /
1049	uint8_t turnstile_priority;
1050	uint8_t number_of_hops;
1051	#define STACKSHOT_TURNSTILE_STATUS_UNKNOWN 0x01 /* The final inheritor is unknown (bug?) */
1052	#define STACKSHOT_TURNSTILE_STATUS_LOCKED_WAITQ 0x02 /* A waitq was found to be locked */
1053	#define STACKSHOT_TURNSTILE_STATUS_WORKQUEUE 0x04 /* The final inheritor is a workqueue */
1054	#define STACKSHOT_TURNSTILE_STATUS_THREAD 0x08 /* The final inheritor is a thread */
1055	#define STACKSHOT_TURNSTILE_STATUS_BLOCKED_ON_TASK 0x10 /* blocked on task, dind't find thread */
1056	#define STACKSHOT_TURNSTILE_STATUS_HELD_IPLOCK 0x20 /* the ip_lock was held */
1057	#define STACKSHOT_TURNSTILE_STATUS_SENDPORT 0x40 /* port_labelid was from a send port */
1058	#define STACKSHOT_TURNSTILE_STATUS_RECEIVEPORT 0x80 /* port_labelid was from a receive port */
1059	uint64_t turnstile_flags; // Note: Add any new flags to kcdata.py (turnstile_flags)
1060	int16_t portlabel_id; / matches to a stackshot_portlabel, or NONE or MISSING /
1061	} __attribute__((packed)) thread_turnstileinfo_v2_t;
1062
1063	#define STACKSHOT_TURNSTILE_STATUS_PORTFLAGS (STACKSHOT_TURNSTILE_STATUS_SENDPORT \| STACKSHOT_TURNSTILE_STATUS_RECEIVEPORT)
1064
1065	#define STACKSHOT_PORTLABELID_NONE (0) /* No port label found */
1066	#define STACKSHOT_PORTLABELID_MISSING (-1) /* portlabel found, but stackshot ran out of space to track it */
1067
1068	#define STACKSHOT_WAITOWNER_KERNEL (UINT64_MAX - 1)
1069	#define STACKSHOT_WAITOWNER_PORT_LOCKED (UINT64_MAX - 2)
1070	#define STACKSHOT_WAITOWNER_PSET_LOCKED (UINT64_MAX - 3)
1071	#define STACKSHOT_WAITOWNER_INTRANSIT (UINT64_MAX - 4)
1072	#define STACKSHOT_WAITOWNER_MTXSPIN (UINT64_MAX - 5)
1073	#define STACKSHOT_WAITOWNER_THREQUESTED (UINT64_MAX - 6) /* workloop waiting for a new worker thread */
1074	#define STACKSHOT_WAITOWNER_SUSPENDED (UINT64_MAX - 7) /* workloop is suspended */
1075
1076	#define STACKSHOT_PORTLABEL_READFAILED 0x1 /* could not read port information */
1077	#define STACKSHOT_PORTLABEL_THROTTLED 0x2 /* service port is marked as throttled */
1078
1079	struct portlabel_info {
1080	int16_t portlabel_id; / kcdata-specific ID for this port label /
1081	uint16_t portlabel_flags; / STACKSHOT_PORTLABEL_* /
1082	uint8_t portlabel_domain; / launchd domain /
1083	} __attribute__((packed));
1084
1085	struct stackshot_cpu_architecture {
1086	int32_t cputype;
1087	int32_t cpusubtype;
1088	} __attribute__((packed));
1089
1090	struct stack_snapshot_stacktop {
1091	uint64_t sp;
1092	uint8_t stack_contents[`8`];
1093	};
1094
1095	/ only collected if STACKSHOT_COLLECTS_LATENCY_INFO is set to !0 /
1096	struct stackshot_latency_collection {
1097	uint64_t latency_version;
1098	uint64_t setup_latency;
1099	uint64_t total_task_iteration_latency;
1100	uint64_t total_terminated_task_iteration_latency;
1101	} __attribute__((packed));
1102
1103	/ only collected if STACKSHOT_COLLECTS_LATENCY_INFO is set to !0 /
1104	struct stackshot_latency_task {
1105	uint64_t task_uniqueid;
1106	uint64_t setup_latency;
1107	uint64_t task_thread_count_loop_latency;
1108	uint64_t task_thread_data_loop_latency;
1109	uint64_t cur_tsnap_latency;
1110	uint64_t pmap_latency;
1111	uint64_t bsd_proc_ids_latency;
1112	uint64_t misc_latency;
1113	uint64_t misc2_latency;
1114	uint64_t end_latency;
1115	} __attribute__((packed));
1116
1117	/ only collected if STACKSHOT_COLLECTS_LATENCY_INFO is set to !0 /
1118	struct stackshot_latency_thread {
1119	uint64_t thread_id;
1120	uint64_t cur_thsnap1_latency;
1121	uint64_t dispatch_serial_latency;
1122	uint64_t dispatch_label_latency;
1123	uint64_t cur_thsnap2_latency;
1124	uint64_t thread_name_latency;
1125	uint64_t sur_times_latency;
1126	uint64_t user_stack_latency;
1127	uint64_t kernel_stack_latency;
1128	uint64_t misc_latency;
1129	} __attribute__((packed));
1130
1131	struct stackshot_suspension_info {
1132	uint64_t tss_last_start; / mach_absolute_time of beginning of last suspension/
1133	uint64_t tss_last_end; / mach_absolute_time of end of last suspension /
1134	uint64_t tss_count; / number of times this task has been suspended /
1135	uint64_t tss_duration; / sum(mach_absolute_time) of time spend suspended /
1136	} __attribute__((packed));
1137
1138	struct stackshot_suspension_source {
1139	uint64_t tss_time; / mach_absolute_time of suspend /
1140	uint64_t tss_tid; / tid of suspending thread /
1141	int tss_pid; / pid of suspending task /
1142	char tss_procname[`65`]; / name of suspending task /
1143	} __attribute__((packed));
1144
1145	/************* definitions for exclaves ******************/
1146
1147	enum thread_exclaves_flags : uint32_t {
1148	kExclaveRPCActive = `0x1`, / Thread is handling RPC call in secure world /
1149	kExclaveUpcallActive = `0x2`, / Thread has upcalled back into xnu while handling RPC /
1150	kExclaveSchedulerRequest = `0x4`, / Thread is handling scheduler request /
1151	};
1152
1153	struct thread_exclaves_info {
1154	uint64_t tei_scid; / Scheduling context for exclave IPC stack /
1155	uint32_t tei_thread_offset; / # frames from top of stack exclave frames should be inserted /
1156	uint32_t tei_flags; / A combination of enum thread_exclaves_flags values /
1157	} __attribute__((packed));
1158
1159	struct thread_crash_exclaves_info {
1160	uint64_t tcei_scid; / Scheduling context for exclave IPC stack /
1161	uint64_t tcei_thread_id; / Corresponding xnu thread id /
1162	uint32_t tcei_flags; / A combination of enum thread_exclaves_flags values /
1163	} __attribute__((packed));
1164
1165	enum exclave_scresult_flags : uint64_t {
1166	kExclaveScresultHaveIPCStack = `0x1`,
1167	};
1168
1169	struct exclave_scresult_info {
1170	uint64_t esc_id;
1171	uint64_t esc_flags; / A combination of enum exclave_scresult_flags values /
1172	} __attribute__((packed));
1173
1174	enum exclave_ipcstackentry_flags : uint64_t {
1175	kExclaveIpcStackEntryHaveInvocationID = `0x1`,
1176	kExclaveIpcStackEntryHaveStack = `0x2`,
1177	};
1178
1179	struct exclave_ipcstackentry_info {
1180	uint64_t eise_asid; / ASID /
1181	uint64_t eise_tnid; / Thread numeric ID, may be UINT64_MAX if ommitted /
1182	uint64_t eise_invocationid; / Invocation ID, may be UINT64_MAX if ommitted /
1183	uint64_t eise_flags; / A combination of enum exclave_ipcstackentry_flags values /
1184	} __attribute__((packed));
1185
1186	typedef uint64_t exclave_ecstackentry_addr_t;
1187
1188	enum exclave_addressspace_flags : uint64_t {
1189	kExclaveAddressSpaceHaveSlide = `0x1`, / slide info provided /
1190	};
1191
1192	struct exclave_addressspace_info {
1193	uint64_t eas_id; / ASID /
1194	uint64_t eas_flags; / A combination of enum exclave_addressspace_flags values /
1195	uint64_t eas_layoutid; / textLayout for this address space /
1196	uint64_t eas_slide; / slide to apply to textlayout, or UINT64_MAX if omitted /
1197	uint64_t eas_asroot; / ASRoot/TTBR0 value used as an identifier for the address space by cL4 /
1198	} __attribute__((packed));
1199
1200	enum exclave_textlayout_flags : uint64_t {
1201	kExclaveTextLayoutLoadAddressesSynthetic = `0x1`, / Load Addresses are synthetic /
1202	kExclaveTextLayoutLoadAddressesUnslid = `0x2`, / Load Addresses are accurate and unslid /
1203	};
1204
1205	struct exclave_textlayout_info {
1206	uint64_t layout_id;
1207	uint64_t etl_flags; / A combination of enum exclave_textlayout_flags values /
1208	} __attribute__((packed));
1209
1210	struct exclave_textlayout_segment {
1211	uuid_t layoutSegment_uuid;
1212	uint64_t layoutSegment_loadAddress; / Load Address, either synthetic or unslid /
1213	} __attribute__((packed));
1214
1215	/************* definitions for crashinfo ******************/
1216
1217	/*
1218	* NOTE: Please update kcdata/libkdd/kcdtypes.c if you make any changes
1219	* in TASK_CRASHINFO_* types.
1220	*/
1221
1222	/ FIXME some of these types aren't clean (fixed width, packed, and defined here) /
1223
1224	struct crashinfo_proc_uniqidentifierinfo {
1225	uint8_t p_uuid[`16`]; / UUID of the main executable /
1226	uint64_t p_uniqueid; / 64 bit unique identifier for process /
1227	uint64_t p_puniqueid; / unique identifier for process's parent /
1228	uint64_t p_reserve2; / reserved for future use /
1229	uint64_t p_reserve3; / reserved for future use /
1230	uint64_t p_reserve4; / reserved for future use /
1231	} __attribute__((packed));
1232
1233	#define MAX_TRIAGE_STRING_LEN (128)
1234
1235	struct kernel_triage_info_v1 {
1236	char triage_string1[MAX_TRIAGE_STRING_LEN];
1237	char triage_string2[MAX_TRIAGE_STRING_LEN];
1238	char triage_string3[MAX_TRIAGE_STRING_LEN];
1239	char triage_string4[MAX_TRIAGE_STRING_LEN];
1240	char triage_string5[MAX_TRIAGE_STRING_LEN];
1241	} __attribute__((packed));
1242
1243	#define MAX_CRASHINFO_SIGNING_ID_LEN 64
1244	#define MAX_CRASHINFO_TEAM_ID_LEN 32
1245
1246	#define TASK_CRASHINFO_BEGIN KCDATA_BUFFER_BEGIN_CRASHINFO
1247	#define TASK_CRASHINFO_STRING_DESC KCDATA_TYPE_STRING_DESC
1248	#define TASK_CRASHINFO_UINT32_DESC KCDATA_TYPE_UINT32_DESC
1249	#define TASK_CRASHINFO_UINT64_DESC KCDATA_TYPE_UINT64_DESC
1250
1251	#define TASK_CRASHINFO_EXTMODINFO 0x801
1252	#define TASK_CRASHINFO_BSDINFOWITHUNIQID 0x802 /* struct crashinfo_proc_uniqidentifierinfo */
1253	#define TASK_CRASHINFO_TASKDYLD_INFO 0x803
1254	#define TASK_CRASHINFO_UUID 0x804
1255	#define TASK_CRASHINFO_PID 0x805
1256	#define TASK_CRASHINFO_PPID 0x806
1257	#define TASK_CRASHINFO_RUSAGE 0x807 /* struct rusage DEPRECATED do not use.
1258	* This struct has longs in it */
1259	#define TASK_CRASHINFO_RUSAGE_INFO 0x808 /* struct rusage_info_v3 from resource.h */
1260	#define TASK_CRASHINFO_PROC_NAME 0x809 /* char * */
1261	#define TASK_CRASHINFO_PROC_STARTTIME 0x80B /* struct timeval64 */
1262	#define TASK_CRASHINFO_USERSTACK 0x80C /* uint64_t */
1263	#define TASK_CRASHINFO_ARGSLEN 0x80D
1264	#define TASK_CRASHINFO_EXCEPTION_CODES 0x80E /* mach_exception_data_t */
1265	#define TASK_CRASHINFO_PROC_PATH 0x80F /* string of len MAXPATHLEN */
1266	#define TASK_CRASHINFO_PROC_CSFLAGS 0x810 /* uint32_t */
1267	#define TASK_CRASHINFO_PROC_STATUS 0x811 /* char */
1268	#define TASK_CRASHINFO_UID 0x812 /* uid_t */
1269	#define TASK_CRASHINFO_GID 0x813 /* gid_t */
1270	#define TASK_CRASHINFO_PROC_ARGC 0x814 /* int */
1271	#define TASK_CRASHINFO_PROC_FLAGS 0x815 /* unsigned int */
1272	#define TASK_CRASHINFO_CPUTYPE 0x816 /* cpu_type_t */
1273	#define TASK_CRASHINFO_WORKQUEUEINFO 0x817 /* struct proc_workqueueinfo */
1274	#define TASK_CRASHINFO_RESPONSIBLE_PID 0x818 /* pid_t */
1275	#define TASK_CRASHINFO_DIRTY_FLAGS 0x819 /* int */
1276	#define TASK_CRASHINFO_CRASHED_THREADID 0x81A /* uint64_t */
1277	#define TASK_CRASHINFO_COALITION_ID 0x81B /* uint64_t */
1278	#define TASK_CRASHINFO_UDATA_PTRS 0x81C /* uint64_t */
1279	#define TASK_CRASHINFO_MEMORY_LIMIT 0x81D /* uint64_t */
1280
1281	#define TASK_CRASHINFO_LEDGER_INTERNAL 0x81E /* uint64_t */
1282	#define TASK_CRASHINFO_LEDGER_INTERNAL_COMPRESSED 0x81F /* uint64_t */
1283	#define TASK_CRASHINFO_LEDGER_IOKIT_MAPPED 0x820 /* uint64_t */
1284	#define TASK_CRASHINFO_LEDGER_ALTERNATE_ACCOUNTING 0x821 /* uint64_t */
1285	#define TASK_CRASHINFO_LEDGER_ALTERNATE_ACCOUNTING_COMPRESSED 0x822 /* uint64_t */
1286	#define TASK_CRASHINFO_LEDGER_PURGEABLE_NONVOLATILE 0x823 /* uint64_t */
1287	#define TASK_CRASHINFO_LEDGER_PURGEABLE_NONVOLATILE_COMPRESSED 0x824 /* uint64_t */
1288	#define TASK_CRASHINFO_LEDGER_PAGE_TABLE 0x825 /* uint64_t */
1289	#define TASK_CRASHINFO_LEDGER_PHYS_FOOTPRINT 0x826 /* uint64_t */
1290	#define TASK_CRASHINFO_LEDGER_PHYS_FOOTPRINT_LIFETIME_MAX 0x827 /* uint64_t */
1291	#define TASK_CRASHINFO_LEDGER_NETWORK_NONVOLATILE 0x828 /* uint64_t */
1292	#define TASK_CRASHINFO_LEDGER_NETWORK_NONVOLATILE_COMPRESSED 0x829 /* uint64_t */
1293	#define TASK_CRASHINFO_LEDGER_WIRED_MEM 0x82A /* uint64_t */
1294	#define TASK_CRASHINFO_PROC_PERSONA_ID 0x82B /* uid_t */
1295	#define TASK_CRASHINFO_MEMORY_LIMIT_INCREASE 0x82C /* uint32_t */
1296	#define TASK_CRASHINFO_LEDGER_TAGGED_FOOTPRINT 0x82D /* uint64_t */
1297	#define TASK_CRASHINFO_LEDGER_TAGGED_FOOTPRINT_COMPRESSED 0x82E /* uint64_t */
1298	#define TASK_CRASHINFO_LEDGER_MEDIA_FOOTPRINT 0x82F /* uint64_t */
1299	#define TASK_CRASHINFO_LEDGER_MEDIA_FOOTPRINT_COMPRESSED 0x830 /* uint64_t */
1300	#define TASK_CRASHINFO_LEDGER_GRAPHICS_FOOTPRINT 0x831 /* uint64_t */
1301	#define TASK_CRASHINFO_LEDGER_GRAPHICS_FOOTPRINT_COMPRESSED 0x832 /* uint64_t */
1302	#define TASK_CRASHINFO_LEDGER_NEURAL_FOOTPRINT 0x833 /* uint64_t */
1303	#define TASK_CRASHINFO_LEDGER_NEURAL_FOOTPRINT_COMPRESSED 0x834 /* uint64_t */
1304	#define TASK_CRASHINFO_MEMORYSTATUS_EFFECTIVE_PRIORITY 0x835 /* int32_t */
1305	#define TASK_CRASHINFO_KERNEL_TRIAGE_INFO_V1 0x836 /* struct kernel_triage_info_v1 */
1306
1307	#define TASK_CRASHINFO_TASK_IS_CORPSE_FORK 0x837 /* boolean_t */
1308	#define TASK_CRASHINFO_EXCEPTION_TYPE 0x838 /* int */
1309
1310	#define TASK_CRASHINFO_CRASH_COUNT 0x839 /* int */
1311	#define TASK_CRASHINFO_THROTTLE_TIMEOUT 0x83A /* int */
1312
1313	#define TASK_CRASHINFO_CS_SIGNING_ID 0x83B /* string of len MAX_CRASHINFO_SIGNING_ID_LEN */
1314	#define TASK_CRASHINFO_CS_TEAM_ID 0x83C /* string of len MAX_CRASHINFO_TEAM_ID_LEN */
1315	#define TASK_CRASHINFO_CS_VALIDATION_CATEGORY 0x83D /* uint32_t */
1316	#define TASK_CRASHINFO_CS_TRUST_LEVEL 0x83E /* uint32_t */
1317	#define TASK_CRASHINFO_PROC_CPUTYPE 0x83F /* cpu_type_t */
1318
1319	#define TASK_CRASHINFO_END KCDATA_TYPE_BUFFER_END
1320
1321	/************* definitions for backtrace info ******************/
1322
1323	/ tstate is variable length with count elements /
1324	struct btinfo_thread_state_data_t {
1325	uint32_t flavor;
1326	uint32_t count;
1327	int tstate[];
1328	};
1329
1330	struct btinfo_sc_load_info64 {
1331	uint64_t sharedCacheSlide;
1332	uuid_t sharedCacheUUID;
1333	uint64_t sharedCacheBaseAddress;
1334	};
1335
1336	struct btinfo_sc_load_info {
1337	uint32_t sharedCacheSlide;
1338	uuid_t sharedCacheUUID;
1339	uint32_t sharedCacheBaseAddress;
1340	};
1341
1342	#define TASK_BTINFO_BEGIN KCDATA_BUFFER_BEGIN_BTINFO
1343
1344	/ Shared keys with CRASHINFO /
1345	#define TASK_BTINFO_PID 0xA01
1346	#define TASK_BTINFO_PPID 0xA02
1347	#define TASK_BTINFO_PROC_NAME 0xA03
1348	#define TASK_BTINFO_PROC_PATH 0xA04
1349	#define TASK_BTINFO_UID 0xA05
1350	#define TASK_BTINFO_GID 0xA06
1351	#define TASK_BTINFO_PROC_FLAGS 0xA07
1352	#define TASK_BTINFO_CPUTYPE 0xA08
1353	#define TASK_BTINFO_EXCEPTION_CODES 0xA09
1354	#define TASK_BTINFO_EXCEPTION_TYPE 0xA0A
1355	#define TASK_BTINFO_RUSAGE_INFO 0xA0B
1356	#define TASK_BTINFO_COALITION_ID 0xA0C
1357	#define TASK_BTINFO_CRASH_COUNT 0xA0D
1358	#define TASK_BTINFO_THROTTLE_TIMEOUT 0xA0E
1359
1360	/ Only in BTINFO /
1361	#define TASK_BTINFO_THREAD_ID 0xA20 /* uint64_t */
1362	#define TASK_BTINFO_THREAD_NAME 0xA21 /* string of len MAXTHREADNAMESIZE */
1363	#define TASK_BTINFO_THREAD_STATE 0xA22 /* struct btinfo_thread_state_data_t */
1364	#define TASK_BTINFO_THREAD_EXCEPTION_STATE 0xA23 /* struct btinfo_thread_state_data_t */
1365	#define TASK_BTINFO_BACKTRACE 0xA24 /* array of uintptr_t */
1366	#define TASK_BTINFO_BACKTRACE64 0xA25 /* array of uintptr_t */
1367	#define TASK_BTINFO_ASYNC_BACKTRACE64 0xA26 /* array of uintptr_t */
1368	#define TASK_BTINFO_ASYNC_START_INDEX 0xA27 /* uint32_t */
1369	#define TASK_BTINFO_PLATFORM 0xA28 /* uint32_t */
1370	#define TASK_BTINFO_SC_LOADINFO 0xA29 /* struct btinfo_sc_load_info */
1371	#define TASK_BTINFO_SC_LOADINFO64 0xA2A /* struct btinfo_sc_load_info64 */
1372
1373	#define TASK_BTINFO_DYLD_LOADINFO KCDATA_TYPE_LIBRARY_LOADINFO
1374	#define TASK_BTINFO_DYLD_LOADINFO64 KCDATA_TYPE_LIBRARY_LOADINFO64
1375
1376	/ Last one /
1377	#define TASK_BTINFO_FLAGS 0xAFF /* uint32_t */
1378	#define TASK_BTINFO_FLAG_BT_TRUNCATED 0x1
1379	#define TASK_BTINFO_FLAG_ASYNC_BT_TRUNCATED 0x2
1380	#define TASK_BTINFO_FLAG_TASK_TERMINATED 0x4 /* task is terminated */
1381	#define TASK_BTINFO_FLAG_KCDATA_INCOMPLETE 0x8 /* lw corpse collection is incomplete */
1382
1383	#define TASK_BTINFO_END KCDATA_TYPE_BUFFER_END
1384
1385	/************* definitions for os reasons ******************/
1386
1387	#define EXIT_REASON_SNAPSHOT 0x1001
1388	#define EXIT_REASON_USER_DESC 0x1002 /* string description of reason */
1389	#define EXIT_REASON_USER_PAYLOAD 0x1003 /* user payload data */
1390	#define EXIT_REASON_CODESIGNING_INFO 0x1004
1391	#define EXIT_REASON_WORKLOOP_ID 0x1005
1392	#define EXIT_REASON_DISPATCH_QUEUE_NO 0x1006
1393
1394	struct exit_reason_snapshot {
1395	uint32_t ers_namespace;
1396	uint64_t ers_code;
1397	/ end of version 1 of exit_reason_snapshot. sizeof v1 was 12 /
1398	uint64_t ers_flags;
1399	} __attribute__((packed));
1400
1401	#define EXIT_REASON_CODESIG_PATH_MAX 1024
1402
1403	struct codesigning_exit_reason_info {
1404	uint64_t ceri_virt_addr;
1405	uint64_t ceri_file_offset;
1406	char ceri_pathname[EXIT_REASON_CODESIG_PATH_MAX];
1407	char ceri_filename[EXIT_REASON_CODESIG_PATH_MAX];
1408	uint64_t ceri_codesig_modtime_secs;
1409	uint64_t ceri_codesig_modtime_nsecs;
1410	uint64_t ceri_page_modtime_secs;
1411	uint64_t ceri_page_modtime_nsecs;
1412	uint8_t ceri_path_truncated;
1413	uint8_t ceri_object_codesigned;
1414	uint8_t ceri_page_codesig_validated;
1415	uint8_t ceri_page_codesig_tainted;
1416	uint8_t ceri_page_codesig_nx;
1417	uint8_t ceri_page_wpmapped;
1418	uint8_t ceri_page_slid;
1419	uint8_t ceri_page_dirty;
1420	uint32_t ceri_page_shadow_depth;
1421	} __attribute__((packed));
1422
1423	#define EXIT_REASON_USER_DESC_MAX_LEN 1024
1424	#define EXIT_REASON_PAYLOAD_MAX_LEN 2048
1425	/************* safe iterators ******************/
1426	#if !__has_ptrcheck
1427
1428	typedef struct kcdata_iter {
1429	kcdata_item_t item;
1430	void *end;
1431	} kcdata_iter_t;
1432
1433
1434	static inline
1435	kcdata_iter_t
1436	kcdata_iter(void buffer, unsigned* long size)
1437	{
1438	kcdata_iter_t iter;
1439	iter.item = (kcdata_item_t) buffer;
1440	iter.end = (void*) (((uintptr_t)buffer) + size);
1441	return iter;
1442	}
1443
1444	static inline
1445	kcdata_iter_t kcdata_iter_unsafe(void buffer) __attribute__*((deprecated));
1446
1447	static inline
1448	kcdata_iter_t
1449	kcdata_iter_unsafe(void *buffer)
1450	{
1451	kcdata_iter_t iter;
1452	iter.item = (kcdata_item_t) buffer;
1453	iter.end = (void*) (uintptr_t) ~`0`;
1454	return iter;
1455	}
1456
1457	static const kcdata_iter_t kcdata_invalid_iter = { .item = NULL, .end = NULL };
1458
1459	static inline
1460	int
1461	kcdata_iter_valid(kcdata_iter_t iter)
1462	{
1463	return
1464	((uintptr_t)iter.item + sizeof(struct kcdata_item) <= (uintptr_t)iter.end) &&
1465	((uintptr_t)iter.item + sizeof(struct kcdata_item) + iter.item->size <= (uintptr_t)iter.end);
1466	}
1467
1468
1469	static inline
1470	kcdata_iter_t
1471	kcdata_iter_next(kcdata_iter_t iter)
1472	{
1473	iter.item = (kcdata_item_t) (((uintptr_t)iter.item) + sizeof(struct kcdata_item) + (iter.item->size));
1474	return iter;
1475	}
1476
1477	static inline uint32_t
1478	kcdata_iter_type(kcdata_iter_t iter)
1479	{
1480	if ((iter.item->type & ~`0xfu`) == KCDATA_TYPE_ARRAY_PAD0) {
1481	return KCDATA_TYPE_ARRAY;
1482	} else {
1483	return iter.item->type;
1484	}
1485	}
1486
1487	static inline uint32_t
1488	kcdata_calc_padding(uint32_t size)
1489	{
1490	/ calculate number of bytes to add to size to get something divisible by 16 /
1491	return (-size) & `0xf`;
1492	}
1493
1494	static inline uint32_t
1495	kcdata_flags_get_padding(uint64_t flags)
1496	{
1497	return flags & KCDATA_FLAGS_STRUCT_PADDING_MASK;
1498	}
1499
1500	/ see comment above about has_padding /
1501	static inline int
1502	kcdata_iter_is_legacy_item(kcdata_iter_t iter, uint32_t legacy_size)
1503	{
1504	uint32_t legacy_size_padded = legacy_size + kcdata_calc_padding(size: legacy_size);
1505	return iter.item->size == legacy_size_padded &&
1506	(iter.item->flags & (KCDATA_FLAGS_STRUCT_PADDING_MASK \| KCDATA_FLAGS_STRUCT_HAS_PADDING)) == `0`;
1507	}
1508
1509	static inline uint32_t
1510	kcdata_iter_size(kcdata_iter_t iter)
1511	{
1512	uint32_t legacy_size = `0`;
1513
1514	switch (kcdata_iter_type(iter)) {
1515	case KCDATA_TYPE_ARRAY:
1516	case KCDATA_TYPE_CONTAINER_BEGIN:
1517	return iter.item->size;
1518	case STACKSHOT_KCTYPE_THREAD_SNAPSHOT: {
1519	legacy_size = sizeof(struct thread_snapshot_v2);
1520	if (kcdata_iter_is_legacy_item(iter, legacy_size)) {
1521	return legacy_size;
1522	}
1523
1524	goto not_legacy;
1525	}
1526	case STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO: {
1527	legacy_size = sizeof(struct dyld_uuid_info_64);
1528	if (kcdata_iter_is_legacy_item(iter, legacy_size)) {
1529	return legacy_size;
1530	}
1531
1532	goto not_legacy;
1533	}
1534	not_legacy:
1535	default:
1536	if (iter.item->size < kcdata_flags_get_padding(flags: iter.item->flags)) {
1537	return `0`;
1538	} else {
1539	return iter.item->size - kcdata_flags_get_padding(flags: iter.item->flags);
1540	}
1541	}
1542	}
1543
1544	static inline uint64_t
1545	kcdata_iter_flags(kcdata_iter_t iter)
1546	{
1547	return iter.item->flags;
1548	}
1549
1550	static inline
1551	void *
1552	kcdata_iter_payload(kcdata_iter_t iter)
1553	{
1554	return &iter.item->data;
1555	}
1556
1557
1558	static inline
1559	uint32_t
1560	kcdata_iter_array_elem_type(kcdata_iter_t iter)
1561	{
1562	return (iter.item->flags >> `32`) & UINT32_MAX;
1563	}
1564
1565	static inline
1566	uint32_t
1567	kcdata_iter_array_elem_count(kcdata_iter_t iter)
1568	{
1569	return (iter.item->flags) & UINT32_MAX;
1570	}
1571
1572	/ KCDATA_TYPE_ARRAY is ambiguous about the size of the array elements. Size is*
1573	* calculated as total_size / elements_count, but total size got padded out to a
1574	* 16 byte alignment. New kernels will generate KCDATA_TYPE_ARRAY_PAD* instead
1575	* to explicitly tell us how much padding was used. Here we have a fixed, never
1576	* to be altered list of the sizes of array elements that were used before I
1577	* discovered this issue. If you find a KCDATA_TYPE_ARRAY that is not one of
1578	* these types, treat it as invalid data. */
1579
1580	static inline
1581	uint32_t
1582	kcdata_iter_array_size_switch(kcdata_iter_t iter)
1583	{
1584	switch (kcdata_iter_array_elem_type(iter)) {
1585	case KCDATA_TYPE_LIBRARY_LOADINFO:
1586	return sizeof(struct dyld_uuid_info_32);
1587	case KCDATA_TYPE_LIBRARY_LOADINFO64:
1588	return sizeof(struct dyld_uuid_info_64);
1589	case STACKSHOT_KCTYPE_KERN_STACKFRAME:
1590	case STACKSHOT_KCTYPE_USER_STACKFRAME:
1591	return sizeof(struct stack_snapshot_frame32);
1592	case STACKSHOT_KCTYPE_KERN_STACKFRAME64:
1593	case STACKSHOT_KCTYPE_USER_STACKFRAME64:
1594	return sizeof(struct stack_snapshot_frame64);
1595	case STACKSHOT_KCTYPE_DONATING_PIDS:
1596	return sizeof(int32_t);
1597	case STACKSHOT_KCTYPE_THREAD_DELTA_SNAPSHOT:
1598	return sizeof(struct thread_delta_snapshot_v2);
1599	// This one is only here to make some unit tests work. It should be OK to
1600	// remove.
1601	case TASK_CRASHINFO_CRASHED_THREADID:
1602	return sizeof(uint64_t);
1603	default:
1604	return `0`;
1605	}
1606	}
1607
1608	static inline
1609	int
1610	kcdata_iter_array_valid(kcdata_iter_t iter)
1611	{
1612	if (!kcdata_iter_valid(iter)) {
1613	return `0`;
1614	}
1615	if (kcdata_iter_type(iter) != KCDATA_TYPE_ARRAY) {
1616	return `0`;
1617	}
1618	if (kcdata_iter_array_elem_count(iter) == `0`) {
1619	return iter.item->size == `0`;
1620	}
1621	if (iter.item->type == KCDATA_TYPE_ARRAY) {
1622	uint32_t elem_size = kcdata_iter_array_size_switch(iter);
1623	if (elem_size == `0`) {
1624	return `0`;
1625	}
1626	/ sizes get aligned to the nearest 16. /
1627	return
1628	kcdata_iter_array_elem_count(iter) <= iter.item->size / elem_size &&
1629	iter.item->size % kcdata_iter_array_elem_count(iter) < `16`;
1630	} else {
1631	return
1632	(iter.item->type & `0xf`) <= iter.item->size &&
1633	kcdata_iter_array_elem_count(iter) <= iter.item->size - (iter.item->type & `0xf`) &&
1634	(iter.item->size - (iter.item->type & `0xf`)) % kcdata_iter_array_elem_count(iter) == `0`;
1635	}
1636	}
1637
1638
1639	static inline
1640	uint32_t
1641	kcdata_iter_array_elem_size(kcdata_iter_t iter)
1642	{
1643	if (iter.item->type == KCDATA_TYPE_ARRAY) {
1644	return kcdata_iter_array_size_switch(iter);
1645	}
1646	if (kcdata_iter_array_elem_count(iter) == `0`) {
1647	return `0`;
1648	}
1649	return (iter.item->size - (iter.item->type & `0xf`)) / kcdata_iter_array_elem_count(iter);
1650	}
1651
1652	static inline
1653	int
1654	kcdata_iter_container_valid(kcdata_iter_t iter)
1655	{
1656	return
1657	kcdata_iter_valid(iter) &&
1658	kcdata_iter_type(iter) == KCDATA_TYPE_CONTAINER_BEGIN &&
1659	iter.item->size >= sizeof(uint32_t);
1660	}
1661
1662	static inline
1663	uint32_t
1664	kcdata_iter_container_type(kcdata_iter_t iter)
1665	{
1666	return (uint32_t ) kcdata_iter_payload(iter);
1667	}
1668
1669	static inline
1670	uint64_t
1671	kcdata_iter_container_id(kcdata_iter_t iter)
1672	{
1673	return iter.item->flags;
1674	}
1675
1676
1677	#define KCDATA_ITER_FOREACH(iter) for(; kcdata_iter_valid(iter) && iter.item->type != KCDATA_TYPE_BUFFER_END; iter = kcdata_iter_next(iter))
1678	#define KCDATA_ITER_FOREACH_FAILED(iter) (!kcdata_iter_valid(iter) \|\| (iter).item->type != KCDATA_TYPE_BUFFER_END)
1679
1680	static inline
1681	kcdata_iter_t
1682	kcdata_iter_find_type(kcdata_iter_t iter, uint32_t type)
1683	{
1684	KCDATA_ITER_FOREACH(iter)
1685	{
1686	if (kcdata_iter_type(iter) == type) {
1687	return iter;
1688	}
1689	}
1690	return kcdata_invalid_iter;
1691	}
1692
1693	static inline
1694	int
1695	kcdata_iter_data_with_desc_valid(kcdata_iter_t iter, uint32_t minsize)
1696	{
1697	return
1698	kcdata_iter_valid(iter) &&
1699	kcdata_iter_size(iter) >= KCDATA_DESC_MAXLEN + minsize &&
1700	((char*)kcdata_iter_payload(iter))[KCDATA_DESC_MAXLEN - `1`] == `0`;
1701	}
1702
1703	static inline
1704	char *
1705	kcdata_iter_string(kcdata_iter_t iter, uint32_t offset)
1706	{
1707	if (offset > kcdata_iter_size(iter)) {
1708	return NULL;
1709	}
1710	uint32_t maxlen = kcdata_iter_size(iter) - offset;
1711	char s = ((char**)kcdata_iter_payload(iter)) + offset;
1712	if (strnlen(s, n: maxlen) < maxlen) {
1713	return s;
1714	} else {
1715	return NULL;
1716	}
1717	}
1718
1719	static inline void
1720	kcdata_iter_get_data_with_desc(kcdata_iter_t iter, char *desc_ptr, void* *data_ptr, uint32_t size_ptr)
1721	{
1722	if (desc_ptr) {
1723	desc_ptr = (char* *)kcdata_iter_payload(iter);
1724	}
1725	if (data_ptr) {
1726	data_ptr = (void* *)((uintptr_t)kcdata_iter_payload(iter) + KCDATA_DESC_MAXLEN);
1727	}
1728	if (size_ptr) {
1729	*size_ptr = kcdata_iter_size(iter) - KCDATA_DESC_MAXLEN;
1730	}
1731	}
1732
1733	#endif /* !__has_ptrcheck */
1734	#endif
1735

Browse the source code of xnu/osfmk/kern/kcdata.h