| 1 | /* |
|---|---|
| 2 | * CDDL HEADER START |
| 3 | * |
| 4 | * The contents of this file are subject to the terms of the |
| 5 | * Common Development and Distribution License (the "License"). |
| 6 | * You may not use this file except in compliance with the License. |
| 7 | * |
| 8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| 9 | * or http://www.opensolaris.org/os/licensing. |
| 10 | * See the License for the specific language governing permissions |
| 11 | * and limitations under the License. |
| 12 | * |
| 13 | * When distributing Covered Code, include this CDDL HEADER in each |
| 14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| 15 | * If applicable, add the following below this CDDL HEADER, with the |
| 16 | * fields enclosed by brackets "[]" replaced with your own identifying |
| 17 | * information: Portions Copyright [yyyy] [name of copyright owner] |
| 18 | * |
| 19 | * CDDL HEADER END |
| 20 | */ |
| 21 | |
| 22 | /* |
| 23 | * Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
| 24 | * Use is subject to license terms. |
| 25 | */ |
| 26 | |
| 27 | #include <stdarg.h> |
| 28 | #include <string.h> |
| 29 | #include <sys/malloc.h> |
| 30 | #include <sys/time.h> |
| 31 | #include <sys/dtrace.h> |
| 32 | #include <sys/dtrace_impl.h> |
| 33 | #include <sys/proc_internal.h> |
| 34 | #include <sys/vnode.h> |
| 35 | #include <kern/debug.h> |
| 36 | #include <kern/sched_prim.h> |
| 37 | #include <kern/task.h> |
| 38 | |
| 39 | #if CONFIG_CSR |
| 40 | #include <sys/codesign.h> |
| 41 | #include <sys/csr.h> |
| 42 | |
| 43 | #if defined(KERNEL_INTEGRITY_KTRR) || defined(KERNEL_INTEGRITY_CTRR) |
| 44 | extern bool csr_unsafe_kernel_text; |
| 45 | #endif |
| 46 | #endif |
| 47 | |
| 48 | /* |
| 49 | * APPLE NOTE: Solaris proc_t is the struct. |
| 50 | * Darwin's proc_t is a pointer to it. |
| 51 | */ |
| 52 | #define proc_t struct proc /* Steer clear of the Darwin typedef for proc_t */ |
| 53 | |
| 54 | |
| 55 | /* Copied from an arch specific dtrace_subr.c. */ |
| 56 | int (*dtrace_fasttrap_probe_ptr)(struct regs *); |
| 57 | |
| 58 | /* |
| 59 | * Following DTrace hooks are taken from Solaris' dtrace_subr.c |
| 60 | * They're assigned in dtrace.c but Darwin never calls them. |
| 61 | */ |
| 62 | void (*dtrace_cpu_init)(processorid_t); |
| 63 | int (*dtrace_modload)(struct kmod_info *, uint32_t); |
| 64 | int (*dtrace_modunload)(struct kmod_info *); |
| 65 | void (*dtrace_helpers_cleanup)(proc_t *); |
| 66 | void (*dtrace_helpers_fork)(proc_t *, proc_t *); |
| 67 | void (*dtrace_cpustart_init)(void); |
| 68 | void (*dtrace_cpustart_fini)(void); |
| 69 | |
| 70 | void (*dtrace_debugger_init)(void); |
| 71 | void (*dtrace_debugger_fini)(void); |
| 72 | |
| 73 | dtrace_vtime_state_t dtrace_vtime_active = 0; |
| 74 | dtrace_cacheid_t dtrace_predcache_id = DTRACE_CACHEIDNONE + 1; |
| 75 | |
| 76 | void (*dtrace_fasttrap_fork_ptr)(proc_t *, proc_t *); |
| 77 | void (*dtrace_fasttrap_exec_ptr)(proc_t *); |
| 78 | void (*dtrace_fasttrap_exit_ptr)(proc_t *); |
| 79 | |
| 80 | /* |
| 81 | * This function is called by cfork() in the event that it appears that |
| 82 | * there may be dtrace tracepoints active in the parent process's address |
| 83 | * space. This first confirms the existence of dtrace tracepoints in the |
| 84 | * parent process and calls into the fasttrap module to remove the |
| 85 | * corresponding tracepoints from the child. By knowing that there are |
| 86 | * existing tracepoints, and ensuring they can't be removed, we can rely |
| 87 | * on the fasttrap module remaining loaded. |
| 88 | */ |
| 89 | void |
| 90 | dtrace_fasttrap_fork(proc_t *p, proc_t *cp) |
| 91 | { |
| 92 | if (dtrace_fasttrap_fork_ptr) { |
| 93 | (*dtrace_fasttrap_fork_ptr)(p, cp); |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | |
| 98 | /* |
| 99 | * DTrace wait for process execution |
| 100 | * |
| 101 | * This feature is using a list of entries, each entry containing a pointer |
| 102 | * on a process description. The description is provided by a client, and it |
| 103 | * contains the command we want to wait for along with a reserved space for |
| 104 | * the caught process id. |
| 105 | * |
| 106 | * Once an awaited process has been spawned, it will be suspended before |
| 107 | * notifying the client. Once the client has been back to userland, it's its |
| 108 | * duty to resume the task. |
| 109 | */ |
| 110 | |
| 111 | LCK_MTX_DECLARE_ATTR(dtrace_procwaitfor_lock, &dtrace_lck_grp, &dtrace_lck_attr); |
| 112 | |
| 113 | typedef struct dtrace_proc_awaited_entry { |
| 114 | struct dtrace_procdesc *pdesc; |
| 115 | LIST_ENTRY(dtrace_proc_awaited_entry) entries; |
| 116 | } dtrace_proc_awaited_entry_t; |
| 117 | |
| 118 | LIST_HEAD(listhead, dtrace_proc_awaited_entry) dtrace_proc_awaited_head |
| 119 | = LIST_HEAD_INITIALIZER(dtrace_proc_awaited_head); |
| 120 | |
| 121 | void (*dtrace_proc_waitfor_exec_ptr)(proc_t*) = NULL; |
| 122 | |
| 123 | static int |
| 124 | dtrace_proc_get_execpath(proc_t *p, char *buffer, int *maxlen) |
| 125 | { |
| 126 | int err = 0, vid = 0; |
| 127 | vnode_t tvp = NULLVP, nvp = NULLVP; |
| 128 | |
| 129 | ASSERT(p); |
| 130 | ASSERT(buffer); |
| 131 | ASSERT(maxlen); |
| 132 | |
| 133 | if ((tvp = p->p_textvp) == NULLVP) |
| 134 | return ESRCH; |
| 135 | |
| 136 | vid = vnode_vid(vp: tvp); |
| 137 | if ((err = vnode_getwithvid(tvp, vid)) != 0) |
| 138 | return err; |
| 139 | |
| 140 | if ((err = vn_getpath_fsenter(vp: tvp, pathbuf: buffer, len: maxlen)) != 0) |
| 141 | return err; |
| 142 | vnode_put(vp: tvp); |
| 143 | |
| 144 | if ((err = vnode_lookup(path: buffer, flags: 0, vpp: &nvp, ctx: vfs_context_current())) != 0) |
| 145 | return err; |
| 146 | if (nvp != NULLVP) |
| 147 | vnode_put(vp: nvp); |
| 148 | |
| 149 | return 0; |
| 150 | } |
| 151 | |
| 152 | |
| 153 | static void |
| 154 | dtrace_proc_exec_notification(proc_t *p) { |
| 155 | dtrace_proc_awaited_entry_t *entry, *tmp; |
| 156 | static char execpath[MAXPATHLEN]; |
| 157 | |
| 158 | ASSERT(p); |
| 159 | ASSERT(proc_getpid(p) != -1); |
| 160 | ASSERT(current_task() != proc_task(p)); |
| 161 | |
| 162 | lck_mtx_lock(lck: &dtrace_procwaitfor_lock); |
| 163 | |
| 164 | LIST_FOREACH_SAFE(entry, &dtrace_proc_awaited_head, entries, tmp) { |
| 165 | /* By default consider we're using p_comm. */ |
| 166 | char *pname = p->p_comm; |
| 167 | |
| 168 | /* Already matched with another process. */ |
| 169 | if (((entry->pdesc->p_pid) != -1)) |
| 170 | continue; |
| 171 | |
| 172 | /* p_comm is too short, use the execpath. */ |
| 173 | if (entry->pdesc->p_name_length >= MAXCOMLEN) { |
| 174 | /* |
| 175 | * Retrieve the executable path. After the call, length contains |
| 176 | * the length of the string + 1. |
| 177 | */ |
| 178 | int length = sizeof(execpath); |
| 179 | if (dtrace_proc_get_execpath(p, buffer: execpath, maxlen: &length) != 0) |
| 180 | continue; |
| 181 | /* Move the cursor to the position after the last / */ |
| 182 | pname = &execpath[length - 1]; |
| 183 | while (pname != execpath && *pname != '/') |
| 184 | pname--; |
| 185 | pname = (*pname == '/') ? pname + 1 : pname; |
| 186 | } |
| 187 | |
| 188 | if (!strcmp(s1: entry->pdesc->p_name, s2: pname)) { |
| 189 | entry->pdesc->p_pid = proc_getpid(p); |
| 190 | task_pidsuspend(task: proc_task(p)); |
| 191 | wakeup(chan: entry); |
| 192 | } |
| 193 | } |
| 194 | |
| 195 | lck_mtx_unlock(lck: &dtrace_procwaitfor_lock); |
| 196 | } |
| 197 | |
| 198 | int |
| 199 | dtrace_proc_waitfor(dtrace_procdesc_t* pdesc) { |
| 200 | dtrace_proc_awaited_entry_t entry; |
| 201 | int res; |
| 202 | |
| 203 | ASSERT(pdesc); |
| 204 | ASSERT(pdesc->p_name); |
| 205 | |
| 206 | /* |
| 207 | * Never trust user input, compute the length of the process name and ensure the |
| 208 | * string is null terminated. |
| 209 | */ |
| 210 | pdesc->p_name_length = (int) strnlen(s: pdesc->p_name, n: sizeof(pdesc->p_name)); |
| 211 | if (pdesc->p_name_length >= (int) sizeof(pdesc->p_name)) |
| 212 | return -1; |
| 213 | |
| 214 | lck_mtx_lock(lck: &dtrace_procwaitfor_lock); |
| 215 | |
| 216 | /* Initialize and insert the entry, then install the hook. */ |
| 217 | pdesc->p_pid = -1; |
| 218 | entry.pdesc = pdesc; |
| 219 | LIST_INSERT_HEAD(&dtrace_proc_awaited_head, &entry, entries); |
| 220 | dtrace_proc_waitfor_exec_ptr = &dtrace_proc_exec_notification; |
| 221 | |
| 222 | /* Sleep until the process has been executed */ |
| 223 | res = msleep(chan: &entry, mtx: &dtrace_procwaitfor_lock, PCATCH, wmesg: "dtrace_proc_waitfor", NULL); |
| 224 | |
| 225 | /* Remove the entry and the hook if it is not needed anymore. */ |
| 226 | LIST_REMOVE(&entry, entries); |
| 227 | if (LIST_EMPTY(&dtrace_proc_awaited_head)) |
| 228 | dtrace_proc_waitfor_exec_ptr = NULL; |
| 229 | |
| 230 | lck_mtx_unlock(lck: &dtrace_procwaitfor_lock); |
| 231 | |
| 232 | return res; |
| 233 | } |
| 234 | |
| 235 | |
| 236 | typedef struct dtrace_invop_hdlr { |
| 237 | int (*dtih_func)(uintptr_t, uintptr_t *, uintptr_t); |
| 238 | struct dtrace_invop_hdlr *dtih_next; |
| 239 | } dtrace_invop_hdlr_t; |
| 240 | |
| 241 | dtrace_invop_hdlr_t *dtrace_invop_hdlr; |
| 242 | |
| 243 | int |
| 244 | dtrace_invop(uintptr_t, uintptr_t *, uintptr_t); |
| 245 | |
| 246 | int |
| 247 | dtrace_invop(uintptr_t addr, uintptr_t *stack, uintptr_t eax) |
| 248 | { |
| 249 | dtrace_invop_hdlr_t *hdlr; |
| 250 | int rval; |
| 251 | |
| 252 | for (hdlr = dtrace_invop_hdlr; hdlr != NULL; hdlr = hdlr->dtih_next) { |
| 253 | if ((rval = hdlr->dtih_func(addr, stack, eax)) != 0) |
| 254 | return (rval); |
| 255 | } |
| 256 | |
| 257 | return (0); |
| 258 | } |
| 259 | |
| 260 | void |
| 261 | dtrace_invop_add(int (*func)(uintptr_t, uintptr_t *, uintptr_t)) |
| 262 | { |
| 263 | dtrace_invop_hdlr_t *hdlr; |
| 264 | |
| 265 | hdlr = kmem_alloc(sizeof (dtrace_invop_hdlr_t), KM_SLEEP); |
| 266 | hdlr->dtih_func = func; |
| 267 | hdlr->dtih_next = dtrace_invop_hdlr; |
| 268 | dtrace_invop_hdlr = hdlr; |
| 269 | } |
| 270 | |
| 271 | void |
| 272 | dtrace_invop_remove(int (*func)(uintptr_t, uintptr_t *, uintptr_t)) |
| 273 | { |
| 274 | dtrace_invop_hdlr_t *hdlr = dtrace_invop_hdlr, *prev = NULL; |
| 275 | |
| 276 | for (;;) { |
| 277 | if (hdlr == NULL) |
| 278 | panic("attempt to remove non-existent invop handler"); |
| 279 | |
| 280 | if (hdlr->dtih_func == func) |
| 281 | break; |
| 282 | |
| 283 | prev = hdlr; |
| 284 | hdlr = hdlr->dtih_next; |
| 285 | } |
| 286 | |
| 287 | if (prev == NULL) { |
| 288 | ASSERT(dtrace_invop_hdlr == hdlr); |
| 289 | dtrace_invop_hdlr = hdlr->dtih_next; |
| 290 | } else { |
| 291 | ASSERT(dtrace_invop_hdlr != hdlr); |
| 292 | prev->dtih_next = hdlr->dtih_next; |
| 293 | } |
| 294 | |
| 295 | kmem_free(hdlr, sizeof (dtrace_invop_hdlr_t)); |
| 296 | } |
| 297 | |
| 298 | void* |
| 299 | dtrace_ptrauth_strip(void *ptr, uint64_t key) |
| 300 | { |
| 301 | #pragma unused(key) |
| 302 | #if __has_feature(ptrauth_calls) |
| 303 | /* |
| 304 | * The key argument to ptrauth_strip needs to be a compile-time |
| 305 | * constant |
| 306 | */ |
| 307 | switch (key) { |
| 308 | case ptrauth_key_asia: |
| 309 | return ptrauth_strip(ptr, ptrauth_key_asia); |
| 310 | case ptrauth_key_asib: |
| 311 | return ptrauth_strip(ptr, ptrauth_key_asib); |
| 312 | case ptrauth_key_asda: |
| 313 | return ptrauth_strip(ptr, ptrauth_key_asda); |
| 314 | case ptrauth_key_asdb: |
| 315 | return ptrauth_strip(ptr, ptrauth_key_asdb); |
| 316 | default: |
| 317 | return ptr; |
| 318 | } |
| 319 | #else |
| 320 | return ptr; |
| 321 | #endif // __has_feature(ptrauth_calls) |
| 322 | } |
| 323 | |
| 324 | int |
| 325 | dtrace_is_valid_ptrauth_key(uint64_t key) |
| 326 | { |
| 327 | #pragma unused(key) |
| 328 | #if __has_feature(ptrauth_calls) |
| 329 | return (key == ptrauth_key_asia) || (key == ptrauth_key_asib) || |
| 330 | (key == ptrauth_key_asda) || (key == ptrauth_key_asdb); |
| 331 | #else |
| 332 | return (1); |
| 333 | #endif /* __has_feature(ptrauth_calls) */ |
| 334 | } |
| 335 | |
| 336 | uint64_t |
| 337 | dtrace_physmem_read(uint64_t addr, size_t size) |
| 338 | { |
| 339 | switch (size) { |
| 340 | case 1: |
| 341 | return (uint64_t)ml_phys_read_byte_64(paddr: (addr64_t)addr); |
| 342 | case 2: |
| 343 | return (uint64_t)ml_phys_read_half_64(paddr: (addr64_t)addr); |
| 344 | case 4: |
| 345 | return (uint64_t)ml_phys_read_64(paddr: (addr64_t)addr); |
| 346 | case 8: |
| 347 | return (uint64_t)ml_phys_read_double_64(paddr: (addr64_t)addr); |
| 348 | } |
| 349 | DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); |
| 350 | |
| 351 | return (0); |
| 352 | } |
| 353 | |
| 354 | void |
| 355 | dtrace_physmem_write(uint64_t addr, uint64_t data, size_t size) |
| 356 | { |
| 357 | switch (size) { |
| 358 | case 1: |
| 359 | ml_phys_write_byte_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
| 360 | break; |
| 361 | case 2: |
| 362 | ml_phys_write_half_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
| 363 | break; |
| 364 | case 4: |
| 365 | ml_phys_write_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
| 366 | break; |
| 367 | case 8: |
| 368 | ml_phys_write_double_64(paddr: (addr64_t)addr, data: (unsigned long long)data); |
| 369 | break; |
| 370 | default: |
| 371 | DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); |
| 372 | } |
| 373 | } |
| 374 | |
| 375 | static minor_t next_minor = 0; |
| 376 | static dtrace_state_t* dtrace_clients[DTRACE_NCLIENTS] = {NULL}; |
| 377 | |
| 378 | |
| 379 | minor_t |
| 380 | dtrace_state_reserve(void) |
| 381 | { |
| 382 | for (int i = 0; i < DTRACE_NCLIENTS; i++) { |
| 383 | minor_t minor = os_atomic_inc_orig(&next_minor, relaxed) % DTRACE_NCLIENTS; |
| 384 | if (dtrace_clients[minor] == NULL) |
| 385 | return minor; |
| 386 | } |
| 387 | return 0; |
| 388 | } |
| 389 | |
| 390 | dtrace_state_t* |
| 391 | dtrace_state_get(minor_t minor) |
| 392 | { |
| 393 | ASSERT(minor < DTRACE_NCLIENTS); |
| 394 | return dtrace_clients[minor]; |
| 395 | } |
| 396 | |
| 397 | dtrace_state_t* |
| 398 | dtrace_state_allocate(minor_t minor) |
| 399 | { |
| 400 | dtrace_state_t *state = kalloc_type(dtrace_state_t, Z_ZERO | Z_WAITOK); |
| 401 | if (dtrace_casptr(&dtrace_clients[minor], NULL, state) != NULL) { |
| 402 | // We have been raced by another client for this number, abort |
| 403 | kfree_type(dtrace_state_t, state); |
| 404 | return NULL; |
| 405 | } |
| 406 | return state; |
| 407 | } |
| 408 | |
| 409 | void |
| 410 | dtrace_state_free(minor_t minor) |
| 411 | { |
| 412 | dtrace_state_t *state = dtrace_clients[minor]; |
| 413 | dtrace_clients[minor] = NULL; |
| 414 | kfree_type(dtrace_state_t, state); |
| 415 | } |
| 416 | |
| 417 | |
| 418 | |
| 419 | void |
| 420 | dtrace_restriction_policy_load(void) |
| 421 | { |
| 422 | } |
| 423 | |
| 424 | /* |
| 425 | * Check if DTrace has been restricted by the current security policy. |
| 426 | */ |
| 427 | boolean_t |
| 428 | dtrace_is_restricted(void) |
| 429 | { |
| 430 | #if CONFIG_CSR |
| 431 | if (csr_check(CSR_ALLOW_UNRESTRICTED_DTRACE) != 0) |
| 432 | return TRUE; |
| 433 | #endif |
| 434 | |
| 435 | return FALSE; |
| 436 | } |
| 437 | |
| 438 | boolean_t |
| 439 | dtrace_are_restrictions_relaxed(void) |
| 440 | { |
| 441 | #if CONFIG_CSR |
| 442 | if (csr_check(CSR_ALLOW_APPLE_INTERNAL) == 0) |
| 443 | return TRUE; |
| 444 | #endif |
| 445 | |
| 446 | return FALSE; |
| 447 | } |
| 448 | |
| 449 | boolean_t |
| 450 | dtrace_fbt_probes_restricted(void) |
| 451 | { |
| 452 | |
| 453 | #if CONFIG_CSR |
| 454 | if (dtrace_is_restricted() && !dtrace_are_restrictions_relaxed()) |
| 455 | return TRUE; |
| 456 | #endif |
| 457 | |
| 458 | return FALSE; |
| 459 | } |
| 460 | |
| 461 | boolean_t |
| 462 | dtrace_sdt_probes_restricted(void) |
| 463 | { |
| 464 | |
| 465 | return FALSE; |
| 466 | } |
| 467 | |
| 468 | /* |
| 469 | * Check if the process can be attached. |
| 470 | */ |
| 471 | boolean_t |
| 472 | dtrace_can_attach_to_proc(proc_t *proc) |
| 473 | { |
| 474 | #pragma unused(proc) |
| 475 | ASSERT(proc != NULL); |
| 476 | |
| 477 | #if CONFIG_CSR |
| 478 | if (cs_restricted(proc)) |
| 479 | return FALSE; |
| 480 | #endif |
| 481 | |
| 482 | return TRUE; |
| 483 | } |
| 484 | |
| 485 |
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.