1 | /* |
2 | * CDDL HEADER START |
3 | * |
4 | * The contents of this file are subject to the terms of the |
5 | * Common Development and Distribution License (the "License"). |
6 | * You may not use this file except in compliance with the License. |
7 | * |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
9 | * or http://www.opensolaris.org/os/licensing. |
10 | * See the License for the specific language governing permissions |
11 | * and limitations under the License. |
12 | * |
13 | * When distributing Covered Code, include this CDDL HEADER in each |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
15 | * If applicable, add the following below this CDDL HEADER, with the |
16 | * fields enclosed by brackets "[]" replaced with your own identifying |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] |
18 | * |
19 | * CDDL HEADER END |
20 | */ |
21 | |
22 | /* |
23 | * Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
24 | * Use is subject to license terms. |
25 | */ |
26 | |
27 | #include <stdarg.h> |
28 | #include <string.h> |
29 | #include <sys/malloc.h> |
30 | #include <sys/time.h> |
31 | #include <sys/dtrace.h> |
32 | #include <sys/dtrace_impl.h> |
33 | #include <sys/proc_internal.h> |
34 | #include <sys/vnode.h> |
35 | #include <kern/debug.h> |
36 | #include <kern/sched_prim.h> |
37 | #include <kern/task.h> |
38 | |
39 | #if CONFIG_CSR |
40 | #include <sys/codesign.h> |
41 | #include <sys/csr.h> |
42 | |
43 | #if defined(KERNEL_INTEGRITY_KTRR) || defined(KERNEL_INTEGRITY_CTRR) |
44 | extern bool csr_unsafe_kernel_text; |
45 | #endif |
46 | #endif |
47 | |
48 | /* |
49 | * APPLE NOTE: Solaris proc_t is the struct. |
50 | * Darwin's proc_t is a pointer to it. |
51 | */ |
52 | #define proc_t struct proc /* Steer clear of the Darwin typedef for proc_t */ |
53 | |
54 | |
55 | /* Copied from an arch specific dtrace_subr.c. */ |
56 | int (*dtrace_fasttrap_probe_ptr)(struct regs *); |
57 | |
58 | /* |
59 | * Following DTrace hooks are taken from Solaris' dtrace_subr.c |
60 | * They're assigned in dtrace.c but Darwin never calls them. |
61 | */ |
62 | void (*dtrace_cpu_init)(processorid_t); |
63 | int (*dtrace_modload)(struct kmod_info *, uint32_t); |
64 | int (*dtrace_modunload)(struct kmod_info *); |
65 | void (*dtrace_helpers_cleanup)(proc_t *); |
66 | void (*dtrace_helpers_fork)(proc_t *, proc_t *); |
67 | void (*dtrace_cpustart_init)(void); |
68 | void (*dtrace_cpustart_fini)(void); |
69 | |
70 | void (*dtrace_debugger_init)(void); |
71 | void (*dtrace_debugger_fini)(void); |
72 | |
73 | dtrace_vtime_state_t dtrace_vtime_active = 0; |
74 | dtrace_cacheid_t dtrace_predcache_id = DTRACE_CACHEIDNONE + 1; |
75 | |
76 | void (*dtrace_fasttrap_fork_ptr)(proc_t *, proc_t *); |
77 | void (*dtrace_fasttrap_exec_ptr)(proc_t *); |
78 | void (*dtrace_fasttrap_exit_ptr)(proc_t *); |
79 | |
80 | /* |
81 | * This function is called by cfork() in the event that it appears that |
82 | * there may be dtrace tracepoints active in the parent process's address |
83 | * space. This first confirms the existence of dtrace tracepoints in the |
84 | * parent process and calls into the fasttrap module to remove the |
85 | * corresponding tracepoints from the child. By knowing that there are |
86 | * existing tracepoints, and ensuring they can't be removed, we can rely |
87 | * on the fasttrap module remaining loaded. |
88 | */ |
89 | void |
90 | dtrace_fasttrap_fork(proc_t *p, proc_t *cp) |
91 | { |
92 | if (dtrace_fasttrap_fork_ptr) { |
93 | (*dtrace_fasttrap_fork_ptr)(p, cp); |
94 | } |
95 | } |
96 | |
97 | |
98 | /* |
99 | * DTrace wait for process execution |
100 | * |
101 | * This feature is using a list of entries, each entry containing a pointer |
102 | * on a process description. The description is provided by a client, and it |
103 | * contains the command we want to wait for along with a reserved space for |
104 | * the caught process id. |
105 | * |
106 | * Once an awaited process has been spawned, it will be suspended before |
107 | * notifying the client. Once the client has been back to userland, it's its |
108 | * duty to resume the task. |
109 | */ |
110 | |
111 | LCK_MTX_DECLARE_ATTR(dtrace_procwaitfor_lock, &dtrace_lck_grp, &dtrace_lck_attr); |
112 | |
113 | typedef struct dtrace_proc_awaited_entry { |
114 | struct dtrace_procdesc *pdesc; |
115 | LIST_ENTRY(dtrace_proc_awaited_entry) entries; |
116 | } dtrace_proc_awaited_entry_t; |
117 | |
118 | LIST_HEAD(listhead, dtrace_proc_awaited_entry) dtrace_proc_awaited_head |
119 | = LIST_HEAD_INITIALIZER(dtrace_proc_awaited_head); |
120 | |
121 | void (*dtrace_proc_waitfor_exec_ptr)(proc_t*) = NULL; |
122 | |
123 | static int |
124 | dtrace_proc_get_execpath(proc_t *p, char *buffer, int *maxlen) |
125 | { |
126 | int err = 0, vid = 0; |
127 | vnode_t tvp = NULLVP, nvp = NULLVP; |
128 | |
129 | ASSERT(p); |
130 | ASSERT(buffer); |
131 | ASSERT(maxlen); |
132 | |
133 | if ((tvp = p->p_textvp) == NULLVP) |
134 | return ESRCH; |
135 | |
136 | vid = vnode_vid(vp: tvp); |
137 | if ((err = vnode_getwithvid(tvp, vid)) != 0) |
138 | return err; |
139 | |
140 | if ((err = vn_getpath_fsenter(vp: tvp, pathbuf: buffer, len: maxlen)) != 0) |
141 | return err; |
142 | vnode_put(vp: tvp); |
143 | |
144 | if ((err = vnode_lookup(path: buffer, flags: 0, vpp: &nvp, ctx: vfs_context_current())) != 0) |
145 | return err; |
146 | if (nvp != NULLVP) |
147 | vnode_put(vp: nvp); |
148 | |
149 | return 0; |
150 | } |
151 | |
152 | |
153 | static void |
154 | dtrace_proc_exec_notification(proc_t *p) { |
155 | dtrace_proc_awaited_entry_t *entry, *tmp; |
156 | static char execpath[MAXPATHLEN]; |
157 | |
158 | ASSERT(p); |
159 | ASSERT(proc_getpid(p) != -1); |
160 | ASSERT(current_task() != proc_task(p)); |
161 | |
162 | lck_mtx_lock(lck: &dtrace_procwaitfor_lock); |
163 | |
164 | LIST_FOREACH_SAFE(entry, &dtrace_proc_awaited_head, entries, tmp) { |
165 | /* By default consider we're using p_comm. */ |
166 | char *pname = p->p_comm; |
167 | |
168 | /* Already matched with another process. */ |
169 | if (((entry->pdesc->p_pid) != -1)) |
170 | continue; |
171 | |
172 | /* p_comm is too short, use the execpath. */ |
173 | if (entry->pdesc->p_name_length >= MAXCOMLEN) { |
174 | /* |
175 | * Retrieve the executable path. After the call, length contains |
176 | * the length of the string + 1. |
177 | */ |
178 | int length = sizeof(execpath); |
179 | if (dtrace_proc_get_execpath(p, buffer: execpath, maxlen: &length) != 0) |
180 | continue; |
181 | /* Move the cursor to the position after the last / */ |
182 | pname = &execpath[length - 1]; |
183 | while (pname != execpath && *pname != '/') |
184 | pname--; |
185 | pname = (*pname == '/') ? pname + 1 : pname; |
186 | } |
187 | |
188 | if (!strcmp(s1: entry->pdesc->p_name, s2: pname)) { |
189 | entry->pdesc->p_pid = proc_getpid(p); |
190 | task_pidsuspend(task: proc_task(p)); |
191 | wakeup(chan: entry); |
192 | } |
193 | } |
194 | |
195 | lck_mtx_unlock(lck: &dtrace_procwaitfor_lock); |
196 | } |
197 | |
198 | int |
199 | dtrace_proc_waitfor(dtrace_procdesc_t* pdesc) { |
200 | dtrace_proc_awaited_entry_t entry; |
201 | int res; |
202 | |
203 | ASSERT(pdesc); |
204 | ASSERT(pdesc->p_name); |
205 | |
206 | /* |
207 | * Never trust user input, compute the length of the process name and ensure the |
208 | * string is null terminated. |
209 | */ |
210 | pdesc->p_name_length = (int) strnlen(s: pdesc->p_name, n: sizeof(pdesc->p_name)); |
211 | if (pdesc->p_name_length >= (int) sizeof(pdesc->p_name)) |
212 | return -1; |
213 | |
214 | lck_mtx_lock(lck: &dtrace_procwaitfor_lock); |
215 | |
216 | /* Initialize and insert the entry, then install the hook. */ |
217 | pdesc->p_pid = -1; |
218 | entry.pdesc = pdesc; |
219 | LIST_INSERT_HEAD(&dtrace_proc_awaited_head, &entry, entries); |
220 | dtrace_proc_waitfor_exec_ptr = &dtrace_proc_exec_notification; |
221 | |
222 | /* Sleep until the process has been executed */ |
223 | res = msleep(chan: &entry, mtx: &dtrace_procwaitfor_lock, PCATCH, wmesg: "dtrace_proc_waitfor" , NULL); |
224 | |
225 | /* Remove the entry and the hook if it is not needed anymore. */ |
226 | LIST_REMOVE(&entry, entries); |
227 | if (LIST_EMPTY(&dtrace_proc_awaited_head)) |
228 | dtrace_proc_waitfor_exec_ptr = NULL; |
229 | |
230 | lck_mtx_unlock(lck: &dtrace_procwaitfor_lock); |
231 | |
232 | return res; |
233 | } |
234 | |
235 | |
236 | typedef struct dtrace_invop_hdlr { |
237 | int (*dtih_func)(uintptr_t, uintptr_t *, uintptr_t); |
238 | struct dtrace_invop_hdlr *dtih_next; |
239 | } dtrace_invop_hdlr_t; |
240 | |
241 | dtrace_invop_hdlr_t *dtrace_invop_hdlr; |
242 | |
243 | int |
244 | dtrace_invop(uintptr_t, uintptr_t *, uintptr_t); |
245 | |
246 | int |
247 | dtrace_invop(uintptr_t addr, uintptr_t *stack, uintptr_t eax) |
248 | { |
249 | dtrace_invop_hdlr_t *hdlr; |
250 | int rval; |
251 | |
252 | for (hdlr = dtrace_invop_hdlr; hdlr != NULL; hdlr = hdlr->dtih_next) { |
253 | if ((rval = hdlr->dtih_func(addr, stack, eax)) != 0) |
254 | return (rval); |
255 | } |
256 | |
257 | return (0); |
258 | } |
259 | |
260 | void |
261 | dtrace_invop_add(int (*func)(uintptr_t, uintptr_t *, uintptr_t)) |
262 | { |
263 | dtrace_invop_hdlr_t *hdlr; |
264 | |
265 | hdlr = kmem_alloc(sizeof (dtrace_invop_hdlr_t), KM_SLEEP); |
266 | hdlr->dtih_func = func; |
267 | hdlr->dtih_next = dtrace_invop_hdlr; |
268 | dtrace_invop_hdlr = hdlr; |
269 | } |
270 | |
271 | void |
272 | dtrace_invop_remove(int (*func)(uintptr_t, uintptr_t *, uintptr_t)) |
273 | { |
274 | dtrace_invop_hdlr_t *hdlr = dtrace_invop_hdlr, *prev = NULL; |
275 | |
276 | for (;;) { |
277 | if (hdlr == NULL) |
278 | panic("attempt to remove non-existent invop handler" ); |
279 | |
280 | if (hdlr->dtih_func == func) |
281 | break; |
282 | |
283 | prev = hdlr; |
284 | hdlr = hdlr->dtih_next; |
285 | } |
286 | |
287 | if (prev == NULL) { |
288 | ASSERT(dtrace_invop_hdlr == hdlr); |
289 | dtrace_invop_hdlr = hdlr->dtih_next; |
290 | } else { |
291 | ASSERT(dtrace_invop_hdlr != hdlr); |
292 | prev->dtih_next = hdlr->dtih_next; |
293 | } |
294 | |
295 | kmem_free(hdlr, sizeof (dtrace_invop_hdlr_t)); |
296 | } |
297 | |
298 | void* |
299 | dtrace_ptrauth_strip(void *ptr, uint64_t key) |
300 | { |
301 | #pragma unused(key) |
302 | #if __has_feature(ptrauth_calls) |
303 | /* |
304 | * The key argument to ptrauth_strip needs to be a compile-time |
305 | * constant |
306 | */ |
307 | switch (key) { |
308 | case ptrauth_key_asia: |
309 | return ptrauth_strip(ptr, ptrauth_key_asia); |
310 | case ptrauth_key_asib: |
311 | return ptrauth_strip(ptr, ptrauth_key_asib); |
312 | case ptrauth_key_asda: |
313 | return ptrauth_strip(ptr, ptrauth_key_asda); |
314 | case ptrauth_key_asdb: |
315 | return ptrauth_strip(ptr, ptrauth_key_asdb); |
316 | default: |
317 | return ptr; |
318 | } |
319 | #else |
320 | return ptr; |
321 | #endif // __has_feature(ptrauth_calls) |
322 | } |
323 | |
324 | int |
325 | dtrace_is_valid_ptrauth_key(uint64_t key) |
326 | { |
327 | #pragma unused(key) |
328 | #if __has_feature(ptrauth_calls) |
329 | return (key == ptrauth_key_asia) || (key == ptrauth_key_asib) || |
330 | (key == ptrauth_key_asda) || (key == ptrauth_key_asdb); |
331 | #else |
332 | return (1); |
333 | #endif /* __has_feature(ptrauth_calls) */ |
334 | } |
335 | |
336 | uint64_t |
337 | dtrace_physmem_read(uint64_t addr, size_t size) |
338 | { |
339 | switch (size) { |
340 | case 1: |
341 | return (uint64_t)ml_phys_read_byte_64(paddr: (addr64_t)addr); |
342 | case 2: |
343 | return (uint64_t)ml_phys_read_half_64(paddr: (addr64_t)addr); |
344 | case 4: |
345 | return (uint64_t)ml_phys_read_64(paddr: (addr64_t)addr); |
346 | case 8: |
347 | return (uint64_t)ml_phys_read_double_64(paddr: (addr64_t)addr); |
348 | } |
349 | DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); |
350 | |
351 | return (0); |
352 | } |
353 | |
354 | void |
355 | dtrace_physmem_write(uint64_t addr, uint64_t data, size_t size) |
356 | { |
357 | switch (size) { |
358 | case 1: |
359 | ml_phys_write_byte_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
360 | break; |
361 | case 2: |
362 | ml_phys_write_half_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
363 | break; |
364 | case 4: |
365 | ml_phys_write_64(paddr: (addr64_t)addr, data: (unsigned int)data); |
366 | break; |
367 | case 8: |
368 | ml_phys_write_double_64(paddr: (addr64_t)addr, data: (unsigned long long)data); |
369 | break; |
370 | default: |
371 | DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); |
372 | } |
373 | } |
374 | |
375 | static minor_t next_minor = 0; |
376 | static dtrace_state_t* dtrace_clients[DTRACE_NCLIENTS] = {NULL}; |
377 | |
378 | |
379 | minor_t |
380 | dtrace_state_reserve(void) |
381 | { |
382 | for (int i = 0; i < DTRACE_NCLIENTS; i++) { |
383 | minor_t minor = os_atomic_inc_orig(&next_minor, relaxed) % DTRACE_NCLIENTS; |
384 | if (dtrace_clients[minor] == NULL) |
385 | return minor; |
386 | } |
387 | return 0; |
388 | } |
389 | |
390 | dtrace_state_t* |
391 | dtrace_state_get(minor_t minor) |
392 | { |
393 | ASSERT(minor < DTRACE_NCLIENTS); |
394 | return dtrace_clients[minor]; |
395 | } |
396 | |
397 | dtrace_state_t* |
398 | dtrace_state_allocate(minor_t minor) |
399 | { |
400 | dtrace_state_t *state = kalloc_type(dtrace_state_t, Z_ZERO | Z_WAITOK); |
401 | if (dtrace_casptr(&dtrace_clients[minor], NULL, state) != NULL) { |
402 | // We have been raced by another client for this number, abort |
403 | kfree_type(dtrace_state_t, state); |
404 | return NULL; |
405 | } |
406 | return state; |
407 | } |
408 | |
409 | void |
410 | dtrace_state_free(minor_t minor) |
411 | { |
412 | dtrace_state_t *state = dtrace_clients[minor]; |
413 | dtrace_clients[minor] = NULL; |
414 | kfree_type(dtrace_state_t, state); |
415 | } |
416 | |
417 | |
418 | |
419 | void |
420 | dtrace_restriction_policy_load(void) |
421 | { |
422 | } |
423 | |
424 | /* |
425 | * Check if DTrace has been restricted by the current security policy. |
426 | */ |
427 | boolean_t |
428 | dtrace_is_restricted(void) |
429 | { |
430 | #if CONFIG_CSR |
431 | if (csr_check(CSR_ALLOW_UNRESTRICTED_DTRACE) != 0) |
432 | return TRUE; |
433 | #endif |
434 | |
435 | return FALSE; |
436 | } |
437 | |
438 | boolean_t |
439 | dtrace_are_restrictions_relaxed(void) |
440 | { |
441 | #if CONFIG_CSR |
442 | if (csr_check(CSR_ALLOW_APPLE_INTERNAL) == 0) |
443 | return TRUE; |
444 | #endif |
445 | |
446 | return FALSE; |
447 | } |
448 | |
449 | boolean_t |
450 | dtrace_fbt_probes_restricted(void) |
451 | { |
452 | |
453 | #if CONFIG_CSR |
454 | if (dtrace_is_restricted() && !dtrace_are_restrictions_relaxed()) |
455 | return TRUE; |
456 | #endif |
457 | |
458 | return FALSE; |
459 | } |
460 | |
461 | boolean_t |
462 | dtrace_sdt_probes_restricted(void) |
463 | { |
464 | |
465 | return FALSE; |
466 | } |
467 | |
468 | /* |
469 | * Check if the process can be attached. |
470 | */ |
471 | boolean_t |
472 | dtrace_can_attach_to_proc(proc_t *proc) |
473 | { |
474 | #pragma unused(proc) |
475 | ASSERT(proc != NULL); |
476 | |
477 | #if CONFIG_CSR |
478 | if (cs_restricted(proc)) |
479 | return FALSE; |
480 | #endif |
481 | |
482 | return TRUE; |
483 | } |
484 | |
485 | |