1 | /* |
2 | * Copyright (c) 2000-2019 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | * |
28 | * |
29 | * Copyright (c) 1982, 1986, 1989, 1993 |
30 | * The Regents of the University of California. All rights reserved. |
31 | * |
32 | * This code is derived from software contributed to Berkeley by |
33 | * Mike Karels at Berkeley Software Design, Inc. |
34 | * |
35 | * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD |
36 | * project, to make these variables more userfriendly. |
37 | * |
38 | * Redistribution and use in source and binary forms, with or without |
39 | * modification, are permitted provided that the following conditions |
40 | * are met: |
41 | * 1. Redistributions of source code must retain the above copyright |
42 | * notice, this list of conditions and the following disclaimer. |
43 | * 2. Redistributions in binary form must reproduce the above copyright |
44 | * notice, this list of conditions and the following disclaimer in the |
45 | * documentation and/or other materials provided with the distribution. |
46 | * 3. All advertising materials mentioning features or use of this software |
47 | * must display the following acknowledgement: |
48 | * This product includes software developed by the University of |
49 | * California, Berkeley and its contributors. |
50 | * 4. Neither the name of the University nor the names of its contributors |
51 | * may be used to endorse or promote products derived from this software |
52 | * without specific prior written permission. |
53 | * |
54 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
55 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
56 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
57 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
58 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
59 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
60 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
61 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
62 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
63 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
64 | * SUCH DAMAGE. |
65 | * |
66 | * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 |
67 | */ |
68 | |
69 | |
70 | #include <kern/counter.h> |
71 | #include <sys/param.h> |
72 | #include <sys/buf.h> |
73 | #include <sys/kernel.h> |
74 | #include <sys/sysctl.h> |
75 | #include <sys/malloc.h> |
76 | #include <sys/proc_internal.h> |
77 | #include <sys/kauth.h> |
78 | #include <sys/systm.h> |
79 | #include <sys/sysproto.h> |
80 | |
81 | #include <os/atomic_private.h> |
82 | |
83 | #include <security/audit/audit.h> |
84 | #include <pexpert/pexpert.h> |
85 | |
86 | #include <IOKit/IOBSD.h> |
87 | |
88 | #if CONFIG_MACF |
89 | #include <security/mac_framework.h> |
90 | #endif |
91 | |
92 | #if defined(HAS_APPLE_PAC) |
93 | #include <os/hash.h> |
94 | #include <ptrauth.h> |
95 | #endif /* defined(HAS_APPLE_PAC) */ |
96 | |
97 | #include <libkern/coreanalytics/coreanalytics.h> |
98 | |
99 | #if DEBUG || DEVELOPMENT |
100 | #include <os/system_event_log.h> |
101 | #endif /* DEBUG || DEVELOPMENT */ |
102 | |
103 | static LCK_GRP_DECLARE(sysctl_lock_group, "sysctl" ); |
104 | static LCK_RW_DECLARE(sysctl_geometry_lock, &sysctl_lock_group); |
105 | static LCK_MTX_DECLARE(sysctl_unlocked_node_lock, &sysctl_lock_group); |
106 | |
107 | /* |
108 | * Conditionally allow dtrace to see these functions for debugging purposes. |
109 | */ |
110 | #ifdef STATIC |
111 | #undef STATIC |
112 | #endif |
113 | #if 0 |
114 | #define STATIC |
115 | #else |
116 | #define STATIC static |
117 | #endif |
118 | |
119 | /* forward declarations of static functions */ |
120 | STATIC void sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i); |
121 | STATIC int sysctl_sysctl_debug(struct sysctl_oid *oidp, void *arg1, |
122 | int arg2, struct sysctl_req *req); |
123 | STATIC int sysctl_sysctl_name(struct sysctl_oid *oidp, void *arg1, |
124 | int arg2, struct sysctl_req *req); |
125 | STATIC int sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, |
126 | int *name, u_int namelen, int *next, int *len, int level, |
127 | struct sysctl_oid **oidpp); |
128 | STATIC int sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l); |
129 | STATIC int sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l); |
130 | STATIC int name2oid(char *name, int *oid, size_t *len); |
131 | STATIC int sysctl_sysctl_name2oid(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); |
132 | STATIC int sysctl_sysctl_next(struct sysctl_oid *oidp, void *arg1, int arg2, |
133 | struct sysctl_req *req); |
134 | STATIC int sysctl_sysctl_oidfmt(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); |
135 | STATIC int sysctl_old_user(struct sysctl_req *req, const void *p, size_t l); |
136 | STATIC int sysctl_new_user(struct sysctl_req *req, void *p, size_t l); |
137 | |
138 | STATIC void sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp, |
139 | size_t oldlen, user_addr_t newp, size_t newlen); |
140 | STATIC int sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, size_t namelen, struct sysctl_req *req); |
141 | |
142 | int kernel_sysctl(struct proc *p, int *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); |
143 | int kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen); |
144 | int userland_sysctl(boolean_t string_is_canonical, |
145 | char *namestring, size_t namestringlen, |
146 | int *name, u_int namelen, struct sysctl_req *req, |
147 | size_t *retval); |
148 | |
149 | SECURITY_READ_ONLY_LATE(struct sysctl_oid_list) sysctl__children; /* root list */ |
150 | __SYSCTL_EXTENSION_NODE(); |
151 | |
152 | /* |
153 | * Initialization of the MIB tree. |
154 | * |
155 | * Order by number in each list. |
156 | */ |
157 | |
158 | static void |
159 | sysctl_register_oid_locked(struct sysctl_oid *new_oidp, |
160 | struct sysctl_oid *oidp) |
161 | { |
162 | struct sysctl_oid_list *parent = new_oidp->oid_parent; |
163 | struct sysctl_oid_list *parent_rw = NULL; |
164 | struct sysctl_oid *p, **prevp; |
165 | |
166 | p = SLIST_FIRST(parent); |
167 | if (p && p->oid_number == OID_MUTABLE_ANCHOR) { |
168 | parent_rw = p->oid_arg1; |
169 | } |
170 | |
171 | if (oidp->oid_number == OID_AUTO) { |
172 | int n = OID_AUTO_START; |
173 | |
174 | /* |
175 | * If this oid has a number OID_AUTO, give it a number which |
176 | * is greater than any current oid. Make sure it is at least |
177 | * OID_AUTO_START to leave space for pre-assigned oid numbers. |
178 | */ |
179 | |
180 | SLIST_FOREACH_PREVPTR(p, prevp, parent, oid_link) { |
181 | if (p->oid_number >= n) { |
182 | n = p->oid_number + 1; |
183 | } |
184 | } |
185 | |
186 | if (parent_rw) { |
187 | SLIST_FOREACH_PREVPTR(p, prevp, parent_rw, oid_link) { |
188 | if (p->oid_number >= n) { |
189 | n = p->oid_number + 1; |
190 | } |
191 | } |
192 | } |
193 | |
194 | /* |
195 | * Reflect the number in an allocated OID into the template |
196 | * of the caller for sysctl_unregister_oid() compares. |
197 | */ |
198 | oidp->oid_number = new_oidp->oid_number = n; |
199 | } else { |
200 | /* |
201 | * Insert the oid into the parent's list in order. |
202 | */ |
203 | SLIST_FOREACH_PREVPTR(p, prevp, parent, oid_link) { |
204 | if (oidp->oid_number == p->oid_number) { |
205 | panic("attempting to register a sysctl at previously registered slot : %d" , |
206 | oidp->oid_number); |
207 | } else if (oidp->oid_number < p->oid_number) { |
208 | break; |
209 | } |
210 | } |
211 | |
212 | if (parent_rw) { |
213 | SLIST_FOREACH_PREVPTR(p, prevp, parent_rw, oid_link) { |
214 | if (oidp->oid_number == p->oid_number) { |
215 | panic("attempting to register a sysctl at previously registered slot : %d" , |
216 | oidp->oid_number); |
217 | } else if (oidp->oid_number < p->oid_number) { |
218 | break; |
219 | } |
220 | } |
221 | } |
222 | } |
223 | |
224 | #if defined(HAS_APPLE_PAC) |
225 | if (oidp->oid_handler) { |
226 | /* |
227 | * Sign oid_handler address-discriminated upon installation to make it |
228 | * harder to replace with an arbitrary function pointer. Blend with |
229 | * a hash of oid_arg1 for robustness against memory corruption. |
230 | */ |
231 | oidp->oid_handler = ptrauth_auth_and_resign(oidp->oid_handler, |
232 | ptrauth_key_function_pointer, |
233 | ptrauth_function_pointer_type_discriminator(typeof(oidp->oid_handler)), |
234 | ptrauth_key_function_pointer, |
235 | ptrauth_blend_discriminator(&oidp->oid_handler, |
236 | os_hash_kernel_pointer(oidp->oid_arg1))); |
237 | } |
238 | #endif /* defined(HAS_APPLE_PAC) */ |
239 | |
240 | SLIST_NEXT(oidp, oid_link) = *prevp; |
241 | *prevp = oidp; |
242 | } |
243 | |
244 | void |
245 | sysctl_register_oid(struct sysctl_oid *new_oidp) |
246 | { |
247 | struct sysctl_oid *oidp; |
248 | |
249 | if (new_oidp->oid_number < OID_AUTO) { |
250 | panic("trying to register a node %p with an invalid oid_number: %d" , |
251 | new_oidp, new_oidp->oid_number); |
252 | } |
253 | if (new_oidp->oid_kind & CTLFLAG_PERMANENT) { |
254 | panic("Use sysctl_register_oid_early to register permanent nodes" ); |
255 | } |
256 | |
257 | /* |
258 | * The OID can be old-style (needs copy), new style without an earlier |
259 | * version (also needs copy), or new style with a matching version (no |
260 | * copy needed). Later versions are rejected (presumably, the OID |
261 | * structure was changed for a necessary reason). |
262 | */ |
263 | if (!(new_oidp->oid_kind & CTLFLAG_OID2)) { |
264 | #if __x86_64__ |
265 | oidp = kalloc_type(struct sysctl_oid, Z_WAITOK | Z_ZERO | Z_NOFAIL); |
266 | /* |
267 | * Copy the structure only through the oid_fmt field, which |
268 | * is the last field in a non-OID2 OID structure. |
269 | * |
270 | * Note: We may want to set the oid_descr to the |
271 | * oid_name (or "") at some future date. |
272 | */ |
273 | memcpy(oidp, new_oidp, offsetof(struct sysctl_oid, oid_descr)); |
274 | #else |
275 | panic("Old style sysctl without a version number isn't supported" ); |
276 | #endif |
277 | } else { |
278 | /* It's a later version; handle the versions we know about */ |
279 | switch (new_oidp->oid_version) { |
280 | case SYSCTL_OID_VERSION: |
281 | /* current version */ |
282 | oidp = new_oidp; |
283 | break; |
284 | default: |
285 | return; /* rejects unknown version */ |
286 | } |
287 | } |
288 | |
289 | lck_rw_lock_exclusive(lck: &sysctl_geometry_lock); |
290 | sysctl_register_oid_locked(new_oidp, oidp); |
291 | lck_rw_unlock_exclusive(lck: &sysctl_geometry_lock); |
292 | } |
293 | |
294 | __startup_func |
295 | void |
296 | sysctl_register_oid_early(struct sysctl_oid *oidp) |
297 | { |
298 | assert((oidp->oid_kind & CTLFLAG_OID2) && |
299 | (oidp->oid_kind & CTLFLAG_PERMANENT) && |
300 | oidp->oid_version == SYSCTL_OID_VERSION); |
301 | assert(startup_phase < STARTUP_SUB_SYSCTL); |
302 | |
303 | /* |
304 | * Clear the flag so that callers can use sysctl_register_oid_early |
305 | * again if they wish to register their node. |
306 | */ |
307 | if (oidp->oid_kind & CTLFLAG_NOAUTO) { |
308 | oidp->oid_kind &= ~CTLFLAG_NOAUTO; |
309 | return; |
310 | } |
311 | |
312 | sysctl_register_oid_locked(new_oidp: oidp, oidp); |
313 | } |
314 | |
315 | void |
316 | sysctl_unregister_oid(struct sysctl_oid *oidp) |
317 | { |
318 | struct sysctl_oid *removed_oidp = NULL; /* OID removed from tree */ |
319 | #if __x86_64__ |
320 | struct sysctl_oid *old_oidp = NULL; /* OID compatibility copy */ |
321 | #endif |
322 | struct sysctl_oid_list *lsp; |
323 | |
324 | /* Get the write lock to modify the geometry */ |
325 | lck_rw_lock_exclusive(lck: &sysctl_geometry_lock); |
326 | |
327 | lsp = oidp->oid_parent; |
328 | if (SLIST_FIRST(lsp) && SLIST_FIRST(lsp)->oid_number == OID_MUTABLE_ANCHOR) { |
329 | lsp = SLIST_FIRST(lsp)->oid_arg1; |
330 | } |
331 | |
332 | if (oidp->oid_kind & CTLFLAG_PERMANENT) { |
333 | panic("Trying to unregister permanent sysctl %p" , oidp); |
334 | } |
335 | |
336 | if (!(oidp->oid_kind & CTLFLAG_OID2)) { |
337 | #if __x86_64__ |
338 | /* |
339 | * We're using a copy so we can get the new fields in an |
340 | * old structure, so we have to iterate to compare the |
341 | * partial structure; when we find a match, we remove it |
342 | * normally and free the memory. |
343 | */ |
344 | SLIST_FOREACH(old_oidp, lsp, oid_link) { |
345 | if (!memcmp(&oidp->oid_number, &old_oidp->oid_number, (offsetof(struct sysctl_oid, oid_descr) - offsetof(struct sysctl_oid, oid_number)))) { |
346 | break; |
347 | } |
348 | } |
349 | if (old_oidp != NULL) { |
350 | SLIST_REMOVE(lsp, old_oidp, sysctl_oid, oid_link); |
351 | removed_oidp = old_oidp; |
352 | } |
353 | #else |
354 | panic("Old style sysctl without a version number isn't supported" ); |
355 | #endif |
356 | } else { |
357 | /* It's a later version; handle the versions we know about */ |
358 | switch (oidp->oid_version) { |
359 | case SYSCTL_OID_VERSION: |
360 | /* We can just remove the OID directly... */ |
361 | SLIST_REMOVE(lsp, oidp, sysctl_oid, oid_link); |
362 | removed_oidp = oidp; |
363 | break; |
364 | default: |
365 | /* XXX: Can't happen; probably tree coruption.*/ |
366 | break; /* rejects unknown version */ |
367 | } |
368 | } |
369 | |
370 | #if defined(HAS_APPLE_PAC) |
371 | if (removed_oidp && removed_oidp->oid_handler) { |
372 | /* |
373 | * Revert address-discriminated signing performed by |
374 | * sysctl_register_oid() (in case this oid is registered again). |
375 | */ |
376 | removed_oidp->oid_handler = ptrauth_auth_and_resign(removed_oidp->oid_handler, |
377 | ptrauth_key_function_pointer, |
378 | ptrauth_blend_discriminator(&removed_oidp->oid_handler, |
379 | os_hash_kernel_pointer(removed_oidp->oid_arg1)), |
380 | ptrauth_key_function_pointer, |
381 | ptrauth_function_pointer_type_discriminator(typeof(removed_oidp->oid_handler))); |
382 | } |
383 | #endif /* defined(HAS_APPLE_PAC) */ |
384 | |
385 | /* |
386 | * We've removed it from the list at this point, but we don't want |
387 | * to return to the caller until all handler references have drained |
388 | * out. Doing things in this order prevent other people coming in |
389 | * and starting new operations against the OID node we want removed. |
390 | * |
391 | * Note: oidp could be NULL if it wasn't found. |
392 | */ |
393 | while (removed_oidp && removed_oidp->oid_refcnt) { |
394 | lck_rw_sleep(lck: &sysctl_geometry_lock, lck_sleep_action: LCK_SLEEP_EXCLUSIVE, |
395 | event: &removed_oidp->oid_refcnt, THREAD_UNINT); |
396 | } |
397 | |
398 | /* Release the write lock */ |
399 | lck_rw_unlock_exclusive(lck: &sysctl_geometry_lock); |
400 | |
401 | #if __x86_64__ |
402 | /* If it was allocated, free it after dropping the lock */ |
403 | kfree_type(struct sysctl_oid, old_oidp); |
404 | #endif |
405 | } |
406 | |
407 | /* |
408 | * Exported in BSDKernel.exports, kept for binary compatibility |
409 | */ |
410 | #if defined(__x86_64__) |
411 | void |
412 | sysctl_register_fixed(void) |
413 | { |
414 | } |
415 | #endif |
416 | |
417 | /* |
418 | * New handler interface |
419 | * If the sysctl caller (user mode or kernel mode) is interested in the |
420 | * value (req->oldptr != NULL), we copy the data (bigValue etc.) out, |
421 | * if the caller wants to set the value (req->newptr), we copy |
422 | * the data in (*pValue etc.). |
423 | */ |
424 | |
425 | int |
426 | sysctl_io_number(struct sysctl_req *req, long long bigValue, size_t valueSize, void *pValue, int *changed) |
427 | { |
428 | int smallValue; |
429 | int error; |
430 | |
431 | if (changed) { |
432 | *changed = 0; |
433 | } |
434 | |
435 | /* |
436 | * Handle the various combinations of caller buffer size and |
437 | * data value size. We are generous in the case where the |
438 | * caller has specified a 32-bit buffer but the value is 64-bit |
439 | * sized. |
440 | */ |
441 | |
442 | /* 32 bit value expected or 32 bit buffer offered */ |
443 | if (((valueSize == sizeof(int)) || |
444 | ((req->oldlen == sizeof(int)) && (valueSize == sizeof(long long)))) |
445 | && (req->oldptr)) { |
446 | smallValue = (int)bigValue; |
447 | if ((long long)smallValue != bigValue) { |
448 | return ERANGE; |
449 | } |
450 | error = SYSCTL_OUT(req, &smallValue, sizeof(smallValue)); |
451 | } else { |
452 | /* any other case is either size-equal or a bug */ |
453 | error = SYSCTL_OUT(req, &bigValue, valueSize); |
454 | } |
455 | /* error or nothing to set */ |
456 | if (error || !req->newptr) { |
457 | return error; |
458 | } |
459 | |
460 | /* set request for constant */ |
461 | if (pValue == NULL) { |
462 | return EPERM; |
463 | } |
464 | |
465 | /* set request needs to convert? */ |
466 | if ((req->newlen == sizeof(int)) && (valueSize == sizeof(long long))) { |
467 | /* new value is 32 bits, upconvert to 64 bits */ |
468 | error = SYSCTL_IN(req, &smallValue, sizeof(smallValue)); |
469 | if (!error) { |
470 | *(long long *)pValue = (long long)smallValue; |
471 | } |
472 | } else if ((req->newlen == sizeof(long long)) && (valueSize == sizeof(int))) { |
473 | /* new value is 64 bits, downconvert to 32 bits and range check */ |
474 | error = SYSCTL_IN(req, &bigValue, sizeof(bigValue)); |
475 | if (!error) { |
476 | smallValue = (int)bigValue; |
477 | if ((long long)smallValue != bigValue) { |
478 | return ERANGE; |
479 | } |
480 | *(int *)pValue = smallValue; |
481 | } |
482 | } else { |
483 | /* sizes match, just copy in */ |
484 | error = SYSCTL_IN(req, pValue, valueSize); |
485 | } |
486 | if (!error && changed) { |
487 | *changed = 1; |
488 | } |
489 | return error; |
490 | } |
491 | |
492 | int |
493 | sysctl_io_string(struct sysctl_req *req, char *pValue, size_t valueSize, int trunc, int *changed) |
494 | { |
495 | int error; |
496 | size_t len = strlen(s: pValue) + 1; |
497 | |
498 | if (changed) { |
499 | *changed = 0; |
500 | } |
501 | |
502 | if (trunc && req->oldptr && req->oldlen && (req->oldlen < len)) { |
503 | /* If trunc != 0, if you give it a too small (but larger than |
504 | * 0 bytes) buffer, instead of returning ENOMEM, it truncates the |
505 | * returned string to the buffer size. This preserves the semantics |
506 | * of some library routines implemented via sysctl, which truncate |
507 | * their returned data, rather than simply returning an error. The |
508 | * returned string is always nul (ascii '\0') terminated. */ |
509 | error = SYSCTL_OUT(req, pValue, req->oldlen - 1); |
510 | if (!error) { |
511 | char c = '\0'; |
512 | error = SYSCTL_OUT(req, &c, 1); |
513 | } |
514 | } else { |
515 | /* Copy string out */ |
516 | error = SYSCTL_OUT(req, pValue, len); |
517 | } |
518 | |
519 | /* error or no new value */ |
520 | if (error || !req->newptr) { |
521 | return error; |
522 | } |
523 | |
524 | /* attempt to set read-only value */ |
525 | if (valueSize == 0) { |
526 | return EPERM; |
527 | } |
528 | |
529 | /* make sure there's room for the new string */ |
530 | if (req->newlen >= valueSize) { |
531 | return EINVAL; |
532 | } |
533 | |
534 | /* copy the string in and force nul termination */ |
535 | error = SYSCTL_IN(req, pValue, req->newlen); |
536 | pValue[req->newlen] = '\0'; |
537 | |
538 | if (!error && changed) { |
539 | *changed = 1; |
540 | } |
541 | return error; |
542 | } |
543 | |
544 | int |
545 | sysctl_io_opaque(struct sysctl_req *req, void *pValue, size_t valueSize, int *changed) |
546 | { |
547 | int error; |
548 | |
549 | if (changed) { |
550 | *changed = 0; |
551 | } |
552 | |
553 | /* Copy blob out */ |
554 | error = SYSCTL_OUT(req, pValue, valueSize); |
555 | |
556 | /* error or nothing to set */ |
557 | if (error || !req->newptr) { |
558 | return error; |
559 | } |
560 | |
561 | error = SYSCTL_IN(req, pValue, valueSize); |
562 | |
563 | if (!error && changed) { |
564 | *changed = 1; |
565 | } |
566 | return error; |
567 | } |
568 | |
569 | /* |
570 | * SYSCTL_OID enumerators |
571 | * |
572 | * Because system OIDs are immutable, they are composed of 2 lists hanging from |
573 | * a first dummy OID_MUTABLE_ANCHOR node that has an immutable list hanging from |
574 | * its `oid_parent` field and a mutable list hanging from its oid_arg1 one. |
575 | * |
576 | * Those enumerators abstract away the implicit merging of those two lists in |
577 | * two possible order: |
578 | * - oid_number order (which will interleave both sorted lists) |
579 | * - system order which will list the immutable list first, |
580 | * and the mutable list second. |
581 | */ |
582 | struct sysctl_oid_iterator { |
583 | struct sysctl_oid *a; |
584 | struct sysctl_oid *b; |
585 | }; |
586 | |
587 | static struct sysctl_oid_iterator |
588 | sysctl_oid_iterator_begin(struct sysctl_oid_list *l) |
589 | { |
590 | struct sysctl_oid_iterator it = { }; |
591 | struct sysctl_oid *a = SLIST_FIRST(l); |
592 | |
593 | if (a == NULL) { |
594 | return it; |
595 | } |
596 | |
597 | if (a->oid_number == OID_MUTABLE_ANCHOR) { |
598 | it.a = SLIST_NEXT(a, oid_link); |
599 | it.b = SLIST_FIRST((struct sysctl_oid_list *)a->oid_arg1); |
600 | } else { |
601 | it.a = a; |
602 | } |
603 | return it; |
604 | } |
605 | |
606 | static struct sysctl_oid * |
607 | sysctl_oid_iterator_next_num_order(struct sysctl_oid_iterator *it) |
608 | { |
609 | struct sysctl_oid *a = it->a; |
610 | struct sysctl_oid *b = it->b; |
611 | |
612 | if (a == NULL && b == NULL) { |
613 | return NULL; |
614 | } |
615 | |
616 | if (a == NULL) { |
617 | it->b = SLIST_NEXT(b, oid_link); |
618 | return b; |
619 | } |
620 | |
621 | if (b == NULL || a->oid_number <= b->oid_number) { |
622 | it->a = SLIST_NEXT(a, oid_link); |
623 | return a; |
624 | } |
625 | |
626 | it->b = SLIST_NEXT(b, oid_link); |
627 | return b; |
628 | } |
629 | |
630 | #define SYSCTL_OID_FOREACH_NUM_ORDER(oidp, l) \ |
631 | for (struct sysctl_oid_iterator it = sysctl_oid_iterator_begin(l); \ |
632 | ((oidp) = sysctl_oid_iterator_next_num_order(&it)); ) |
633 | |
634 | static struct sysctl_oid * |
635 | sysctl_oid_iterator_next_system_order(struct sysctl_oid_iterator *it) |
636 | { |
637 | struct sysctl_oid *a = it->a; |
638 | struct sysctl_oid *b = it->b; |
639 | |
640 | if (a) { |
641 | it->a = SLIST_NEXT(a, oid_link); |
642 | return a; |
643 | } |
644 | |
645 | if (b) { |
646 | it->b = SLIST_NEXT(b, oid_link); |
647 | return b; |
648 | } |
649 | |
650 | return NULL; |
651 | } |
652 | |
653 | #define SYSCTL_OID_FOREACH_SYS_ORDER(oidp, l) \ |
654 | for (struct sysctl_oid_iterator it = sysctl_oid_iterator_begin(l); \ |
655 | ((oidp) = sysctl_oid_iterator_next_system_order(&it)); ) |
656 | |
657 | /* |
658 | * "Staff-functions" |
659 | * |
660 | * These functions implement a presently undocumented interface |
661 | * used by the sysctl program to walk the tree, and get the type |
662 | * so it can print the value. |
663 | * This interface is under work and consideration, and should probably |
664 | * be killed with a big axe by the first person who can find the time. |
665 | * (be aware though, that the proper interface isn't as obvious as it |
666 | * may seem, there are various conflicting requirements. |
667 | * |
668 | * {0,0} printf the entire MIB-tree. |
669 | * {0,1,...} return the name of the "..." OID. |
670 | * {0,2,...} return the next OID. |
671 | * {0,3} return the OID of the name in "new" |
672 | * {0,4,...} return the kind & format info for the "..." OID. |
673 | */ |
674 | |
675 | /* |
676 | * sysctl_sysctl_debug_dump_node |
677 | * |
678 | * Description: Dump debug information for a given sysctl_oid_list at the |
679 | * given oid depth out to the kernel log, via printf |
680 | * |
681 | * Parameters: l sysctl_oid_list pointer |
682 | * i current node depth |
683 | * |
684 | * Returns: (void) |
685 | * |
686 | * Implicit: kernel log, modified |
687 | * |
688 | * Locks: Assumes sysctl_geometry_lock is held prior to calling |
689 | * |
690 | * Notes: This function may call itself recursively to resolve Node |
691 | * values, which potentially have an inferioer sysctl_oid_list |
692 | * |
693 | * This function is only callable indirectly via the function |
694 | * sysctl_sysctl_debug() |
695 | * |
696 | * Bugs: The node depth indentation does not work; this may be an |
697 | * artifact of leading space removal by the log daemon itself |
698 | * or some intermediate routine. |
699 | */ |
700 | STATIC void |
701 | sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i) |
702 | { |
703 | struct sysctl_oid *oidp; |
704 | struct sysctl_oid_list *lp; |
705 | const char *what; |
706 | |
707 | SYSCTL_OID_FOREACH_SYS_ORDER(oidp, l) { |
708 | switch (oidp->oid_kind & CTLTYPE) { |
709 | case CTLTYPE_NODE: |
710 | lp = oidp->oid_arg1; |
711 | what = "Node " ; |
712 | if (lp && SLIST_FIRST(lp) && |
713 | SLIST_FIRST(lp)->oid_number == OID_MUTABLE_ANCHOR) { |
714 | what = "NodeExt" ; |
715 | } else { |
716 | } |
717 | break; |
718 | case CTLTYPE_INT: |
719 | what = "Int " ; |
720 | break; |
721 | case CTLTYPE_STRING: |
722 | what = "String " ; |
723 | break; |
724 | case CTLTYPE_QUAD: |
725 | what = "Quad " ; |
726 | break; |
727 | case CTLTYPE_OPAQUE: |
728 | what = "Opaque " ; |
729 | break; |
730 | default: |
731 | what = "Unknown" ; |
732 | break; |
733 | } |
734 | |
735 | printf("%*s%-3d[%c%c%c%c%c] %s %s\n" , i, "" , oidp->oid_number, |
736 | oidp->oid_kind & CTLFLAG_LOCKED ? 'L':' ', |
737 | oidp->oid_kind & CTLFLAG_RD ? 'R':' ', |
738 | oidp->oid_kind & CTLFLAG_WR ? 'W':' ', |
739 | oidp->oid_kind & CTLFLAG_PERMANENT ? ' ':'*', |
740 | oidp->oid_handler ? 'h' : ' ', |
741 | what, oidp->oid_name); |
742 | |
743 | if ((oidp->oid_kind & CTLTYPE) == CTLTYPE_NODE) { |
744 | if (!oidp->oid_handler) { |
745 | sysctl_sysctl_debug_dump_node(l: lp, i: i + 2); |
746 | } |
747 | } |
748 | } |
749 | } |
750 | |
751 | /* |
752 | * sysctl_sysctl_debug |
753 | * |
754 | * Description: This function implements the "sysctl.debug" portion of the |
755 | * OID space for sysctl. |
756 | * |
757 | * OID: 0, 0 |
758 | * |
759 | * Parameters: __unused |
760 | * |
761 | * Returns: ENOENT |
762 | * |
763 | * Implicit: kernel log, modified |
764 | * |
765 | * Locks: Acquires and then releases a read lock on the |
766 | * sysctl_geometry_lock |
767 | */ |
768 | STATIC int |
769 | sysctl_sysctl_debug(__unused struct sysctl_oid *oidp, __unused void *arg1, |
770 | __unused int arg2, __unused struct sysctl_req *req) |
771 | { |
772 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
773 | sysctl_sysctl_debug_dump_node(l: &sysctl__children, i: 0); |
774 | lck_rw_done(lck: &sysctl_geometry_lock); |
775 | return ENOENT; |
776 | } |
777 | |
778 | SYSCTL_PROC(_sysctl, 0, debug, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_LOCKED, |
779 | 0, 0, sysctl_sysctl_debug, "-" , "" ); |
780 | |
781 | /* |
782 | * sysctl_sysctl_name |
783 | * |
784 | * Description: Convert an OID into a string name; this is used by the user |
785 | * space sysctl() command line utility; this is done in a purely |
786 | * advisory capacity (e.g. to provide node names for "sysctl -A" |
787 | * output). |
788 | * |
789 | * OID: 0, 1 |
790 | * |
791 | * Parameters: oidp __unused |
792 | * arg1 A pointer to the OID name list |
793 | * integer array, beginning at |
794 | * adjusted option base 2 |
795 | * arg2 The number of elements which |
796 | * remain in the name array |
797 | * |
798 | * Returns: 0 Success |
799 | * SYSCTL_OUT:EPERM Permission denied |
800 | * SYSCTL_OUT:EFAULT Bad user supplied buffer |
801 | * SYSCTL_OUT:??? Return value from user function |
802 | * for SYSCTL_PROC leaf node |
803 | * |
804 | * Implict: Contents of user request buffer, modified |
805 | * |
806 | * Locks: Acquires and then releases a read lock on the |
807 | * sysctl_geometry_lock |
808 | * |
809 | * Notes: SPI (System Programming Interface); this is subject to change |
810 | * and may not be relied upon by third party applications; use |
811 | * a subprocess to communicate with the "sysctl" command line |
812 | * command instead, if you believe you need this functionality. |
813 | * Preferrably, use sysctlbyname() instead. |
814 | * |
815 | * Setting of the NULL termination of the output string is |
816 | * delayed until after the geometry lock is dropped. If there |
817 | * are no Entries remaining in the OID name list when this |
818 | * function is called, it will still write out the termination |
819 | * byte. |
820 | * |
821 | * This function differs from other sysctl functions in that |
822 | * it can not take an output buffer length of 0 to determine the |
823 | * space which will be required. It is suggested that the buffer |
824 | * length be PATH_MAX, and that authors of new sysctl's refrain |
825 | * from exceeding this string length. |
826 | */ |
827 | STATIC int |
828 | sysctl_sysctl_name(__unused struct sysctl_oid *oidp, void *arg1, int arg2, |
829 | struct sysctl_req *req) |
830 | { |
831 | int *name = (int *) arg1; |
832 | u_int namelen = arg2; |
833 | int error = 0; |
834 | struct sysctl_oid *oid; |
835 | struct sysctl_oid_list *lsp = &sysctl__children, *lsp2; |
836 | char tempbuf[10] = {}; |
837 | |
838 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
839 | while (namelen) { |
840 | if (!lsp) { |
841 | snprintf(tempbuf, count: sizeof(tempbuf), "%d" , *name); |
842 | if (req->oldidx) { |
843 | error = SYSCTL_OUT(req, "." , 1); |
844 | } |
845 | if (!error) { |
846 | error = SYSCTL_OUT(req, tempbuf, strlen(tempbuf)); |
847 | } |
848 | if (error) { |
849 | lck_rw_done(lck: &sysctl_geometry_lock); |
850 | return error; |
851 | } |
852 | namelen--; |
853 | name++; |
854 | continue; |
855 | } |
856 | lsp2 = 0; |
857 | SYSCTL_OID_FOREACH_NUM_ORDER(oid, lsp) { |
858 | if (oid->oid_number != *name) { |
859 | continue; |
860 | } |
861 | |
862 | if (req->oldidx) { |
863 | error = SYSCTL_OUT(req, "." , 1); |
864 | } |
865 | if (!error) { |
866 | error = SYSCTL_OUT(req, oid->oid_name, |
867 | strlen(oid->oid_name)); |
868 | } |
869 | if (error) { |
870 | lck_rw_done(lck: &sysctl_geometry_lock); |
871 | return error; |
872 | } |
873 | |
874 | namelen--; |
875 | name++; |
876 | |
877 | if ((oid->oid_kind & CTLTYPE) != CTLTYPE_NODE) { |
878 | break; |
879 | } |
880 | |
881 | if (oid->oid_handler) { |
882 | break; |
883 | } |
884 | |
885 | lsp2 = (struct sysctl_oid_list *)oid->oid_arg1; |
886 | break; |
887 | } |
888 | lsp = lsp2; |
889 | } |
890 | lck_rw_done(lck: &sysctl_geometry_lock); |
891 | return SYSCTL_OUT(req, "" , 1); |
892 | } |
893 | |
894 | SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_name, "" ); |
895 | |
896 | /* |
897 | * sysctl_sysctl_next_ls |
898 | * |
899 | * Description: For a given OID name value, return the next consecutive OID |
900 | * name value within the geometry tree |
901 | * |
902 | * Parameters: lsp The OID list to look in |
903 | * name The OID name to start from |
904 | * namelen The length of the OID name |
905 | * next Pointer to new oid storage to |
906 | * fill in |
907 | * len Pointer to receive new OID |
908 | * length value of storage written |
909 | * level OID tree depth (used to compute |
910 | * len value) |
911 | * oidpp Pointer to OID list entry |
912 | * pointer; used to walk the list |
913 | * forward across recursion |
914 | * |
915 | * Returns: 0 Returning a new entry |
916 | * 1 End of geometry list reached |
917 | * |
918 | * Implicit: *next Modified to contain the new OID |
919 | * *len Modified to contain new length |
920 | * |
921 | * Locks: Assumes sysctl_geometry_lock is held prior to calling |
922 | * |
923 | * Notes: This function will not return OID values that have special |
924 | * handlers, since we can not tell wheter these handlers consume |
925 | * elements from the OID space as parameters. For this reason, |
926 | * we STRONGLY discourage these types of handlers |
927 | */ |
928 | STATIC int |
929 | sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, |
930 | int *next, int *len, int level, struct sysctl_oid **oidpp) |
931 | { |
932 | struct sysctl_oid *oidp; |
933 | |
934 | *len = level; |
935 | SYSCTL_OID_FOREACH_NUM_ORDER(oidp, lsp) { |
936 | *next = oidp->oid_number; |
937 | *oidpp = oidp; |
938 | |
939 | if (!namelen) { |
940 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { |
941 | return 0; |
942 | } |
943 | if (oidp->oid_handler) { |
944 | /* We really should call the handler here...*/ |
945 | return 0; |
946 | } |
947 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; |
948 | |
949 | if (!SLIST_FIRST(lsp)) { |
950 | /* This node had no children - skip it! */ |
951 | continue; |
952 | } |
953 | |
954 | if (!sysctl_sysctl_next_ls(lsp, name: 0, namelen: 0, next: next + 1, |
955 | len, level: level + 1, oidpp)) { |
956 | return 0; |
957 | } |
958 | goto next; |
959 | } |
960 | |
961 | if (oidp->oid_number < *name) { |
962 | continue; |
963 | } |
964 | |
965 | if (oidp->oid_number > *name) { |
966 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { |
967 | return 0; |
968 | } |
969 | if (oidp->oid_handler) { |
970 | return 0; |
971 | } |
972 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; |
973 | if (!sysctl_sysctl_next_ls(lsp, name: name + 1, namelen: namelen - 1, |
974 | next: next + 1, len, level: level + 1, oidpp)) { |
975 | return 0; |
976 | } |
977 | goto next; |
978 | } |
979 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { |
980 | continue; |
981 | } |
982 | |
983 | if (oidp->oid_handler) { |
984 | continue; |
985 | } |
986 | |
987 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; |
988 | if (!sysctl_sysctl_next_ls(lsp, name: name + 1, namelen: namelen - 1, next: next + 1, |
989 | len, level: level + 1, oidpp)) { |
990 | return 0; |
991 | } |
992 | next: |
993 | namelen = 1; |
994 | *len = level; |
995 | } |
996 | return 1; |
997 | } |
998 | |
999 | /* |
1000 | * sysctl_sysctl_next |
1001 | * |
1002 | * Description: This is an iterator function designed to iterate the oid tree |
1003 | * and provide a list of OIDs for use by the user space "sysctl" |
1004 | * command line tool |
1005 | * |
1006 | * OID: 0, 2 |
1007 | * |
1008 | * Parameters: oidp __unused |
1009 | * arg1 Pointer to start OID name |
1010 | * arg2 Start OID name length |
1011 | * req Pointer to user request buffer |
1012 | * |
1013 | * Returns: 0 Success |
1014 | * ENOENT Reached end of OID space |
1015 | * SYSCTL_OUT:EPERM Permission denied |
1016 | * SYSCTL_OUT:EFAULT Bad user supplied buffer |
1017 | * SYSCTL_OUT:??? Return value from user function |
1018 | * for SYSCTL_PROC leaf node |
1019 | * |
1020 | * Implict: Contents of user request buffer, modified |
1021 | * |
1022 | * Locks: Acquires and then releases a read lock on the |
1023 | * sysctl_geometry_lock |
1024 | * |
1025 | * Notes: SPI (System Programming Interface); this is subject to change |
1026 | * and may not be relied upon by third party applications; use |
1027 | * a subprocess to communicate with the "sysctl" command line |
1028 | * command instead, if you believe you need this functionality. |
1029 | * Preferrably, use sysctlbyname() instead. |
1030 | * |
1031 | * This function differs from other sysctl functions in that |
1032 | * it can not take an output buffer length of 0 to determine the |
1033 | * space which will be required. It is suggested that the buffer |
1034 | * length be PATH_MAX, and that authors of new sysctl's refrain |
1035 | * from exceeding this string length. |
1036 | */ |
1037 | STATIC int |
1038 | sysctl_sysctl_next(__unused struct sysctl_oid *oidp, void *arg1, int arg2, |
1039 | struct sysctl_req *req) |
1040 | { |
1041 | int *name = (int *) arg1; |
1042 | u_int namelen = arg2; |
1043 | int i, j, error; |
1044 | struct sysctl_oid *oid; |
1045 | struct sysctl_oid_list *lsp = &sysctl__children; |
1046 | int newoid[CTL_MAXNAME] = {}; |
1047 | |
1048 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
1049 | i = sysctl_sysctl_next_ls(lsp, name, namelen, next: newoid, len: &j, level: 1, oidpp: &oid); |
1050 | lck_rw_done(lck: &sysctl_geometry_lock); |
1051 | if (i) { |
1052 | return ENOENT; |
1053 | } |
1054 | error = SYSCTL_OUT(req, newoid, j * sizeof(int)); |
1055 | return error; |
1056 | } |
1057 | |
1058 | SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_next, "" ); |
1059 | |
1060 | /* |
1061 | * name2oid |
1062 | * |
1063 | * Description: Support function for use by sysctl_sysctl_name2oid(); looks |
1064 | * up an OID name given a string name. |
1065 | * |
1066 | * Parameters: name NULL terminated string name |
1067 | * oid Pointer to receive OID name |
1068 | * len Pointer to receive OID length |
1069 | * pointer value (see "Notes") |
1070 | * |
1071 | * Returns: 0 Success |
1072 | * ENOENT Entry not found |
1073 | * |
1074 | * Implicit: *oid Modified to contain OID value |
1075 | * *len Modified to contain OID length |
1076 | * |
1077 | * Locks: Assumes sysctl_geometry_lock is held prior to calling |
1078 | */ |
1079 | STATIC int |
1080 | name2oid(char *name, int *oid, size_t *len) |
1081 | { |
1082 | struct sysctl_oid_iterator it; |
1083 | struct sysctl_oid *oidp; |
1084 | char *p; |
1085 | char i; |
1086 | |
1087 | if (!*name) { |
1088 | return ENOENT; |
1089 | } |
1090 | |
1091 | p = name + strlen(s: name) - 1; |
1092 | if (*p == '.') { |
1093 | *p = '\0'; |
1094 | } |
1095 | |
1096 | *len = 0; |
1097 | |
1098 | for (p = name; *p && *p != '.'; p++) { |
1099 | ; |
1100 | } |
1101 | i = *p; |
1102 | if (i == '.') { |
1103 | *p = '\0'; |
1104 | } |
1105 | |
1106 | it = sysctl_oid_iterator_begin(l: &sysctl__children); |
1107 | oidp = sysctl_oid_iterator_next_system_order(it: &it); |
1108 | |
1109 | while (oidp && *len < CTL_MAXNAME) { |
1110 | if (strcmp(s1: name, s2: oidp->oid_name)) { |
1111 | oidp = sysctl_oid_iterator_next_system_order(it: &it); |
1112 | continue; |
1113 | } |
1114 | *oid++ = oidp->oid_number; |
1115 | (*len)++; |
1116 | |
1117 | if (i == '\0') { |
1118 | return 0; |
1119 | } |
1120 | |
1121 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { |
1122 | break; |
1123 | } |
1124 | |
1125 | if (oidp->oid_handler) { |
1126 | break; |
1127 | } |
1128 | |
1129 | it = sysctl_oid_iterator_begin(l: oidp->oid_arg1); |
1130 | oidp = sysctl_oid_iterator_next_system_order(it: &it); |
1131 | |
1132 | *p = i; /* restore */ |
1133 | name = p + 1; |
1134 | for (p = name; *p && *p != '.'; p++) { |
1135 | ; |
1136 | } |
1137 | i = *p; |
1138 | if (i == '.') { |
1139 | *p = '\0'; |
1140 | } |
1141 | } |
1142 | return ENOENT; |
1143 | } |
1144 | |
1145 | /* |
1146 | * sysctl_sysctl_name2oid |
1147 | * |
1148 | * Description: Translate a string name to an OID name value; this is used by |
1149 | * the sysctlbyname() function as well as by the "sysctl" command |
1150 | * line command. |
1151 | * |
1152 | * OID: 0, 3 |
1153 | * |
1154 | * Parameters: oidp __unused |
1155 | * arg1 __unused |
1156 | * arg2 __unused |
1157 | * req Request structure |
1158 | * |
1159 | * Returns: ENOENT Input length too short |
1160 | * ENAMETOOLONG Input length too long |
1161 | * ENOMEM Could not allocate work area |
1162 | * SYSCTL_IN/OUT:EPERM Permission denied |
1163 | * SYSCTL_IN/OUT:EFAULT Bad user supplied buffer |
1164 | * SYSCTL_IN/OUT:??? Return value from user function |
1165 | * name2oid:ENOENT Not found |
1166 | * |
1167 | * Implicit: *req Contents of request, modified |
1168 | * |
1169 | * Locks: Acquires and then releases a read lock on the |
1170 | * sysctl_geometry_lock |
1171 | * |
1172 | * Notes: SPI (System Programming Interface); this is subject to change |
1173 | * and may not be relied upon by third party applications; use |
1174 | * a subprocess to communicate with the "sysctl" command line |
1175 | * command instead, if you believe you need this functionality. |
1176 | * Preferrably, use sysctlbyname() instead. |
1177 | * |
1178 | * This function differs from other sysctl functions in that |
1179 | * it can not take an output buffer length of 0 to determine the |
1180 | * space which will be required. It is suggested that the buffer |
1181 | * length be PATH_MAX, and that authors of new sysctl's refrain |
1182 | * from exceeding this string length. |
1183 | */ |
1184 | STATIC int |
1185 | sysctl_sysctl_name2oid(__unused struct sysctl_oid *oidp, __unused void *arg1, |
1186 | __unused int arg2, struct sysctl_req *req) |
1187 | { |
1188 | char *p; |
1189 | int error, oid[CTL_MAXNAME] = {}; |
1190 | size_t len = 0; /* set by name2oid() */ |
1191 | |
1192 | if (req->newlen < 1) { |
1193 | return ENOENT; |
1194 | } |
1195 | if (req->newlen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */ |
1196 | return ENAMETOOLONG; |
1197 | } |
1198 | |
1199 | p = (char *)kalloc_data(req->newlen + 1, Z_WAITOK); |
1200 | if (!p) { |
1201 | return ENOMEM; |
1202 | } |
1203 | |
1204 | error = SYSCTL_IN(req, p, req->newlen); |
1205 | if (error) { |
1206 | kfree_data(p, req->newlen + 1); |
1207 | return error; |
1208 | } |
1209 | |
1210 | p[req->newlen] = '\0'; |
1211 | |
1212 | /* |
1213 | * Note: We acquire and release the geometry lock here to |
1214 | * avoid making name2oid needlessly complex. |
1215 | */ |
1216 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
1217 | error = name2oid(name: p, oid, len: &len); |
1218 | lck_rw_done(lck: &sysctl_geometry_lock); |
1219 | |
1220 | kfree_data(p, req->newlen + 1); |
1221 | |
1222 | if (error) { |
1223 | return error; |
1224 | } |
1225 | |
1226 | error = SYSCTL_OUT(req, oid, len * sizeof *oid); |
1227 | return error; |
1228 | } |
1229 | |
1230 | SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_KERN | CTLFLAG_LOCKED, 0, 0, |
1231 | sysctl_sysctl_name2oid, "I" , "" ); |
1232 | |
1233 | /* |
1234 | * sysctl_sysctl_oidfmt |
1235 | * |
1236 | * Description: For a given OID name, determine the format of the data which |
1237 | * is associated with it. This is used by the "sysctl" command |
1238 | * line command. |
1239 | * |
1240 | * OID: 0, 4 |
1241 | * |
1242 | * Parameters: oidp __unused |
1243 | * arg1 The OID name to look up |
1244 | * arg2 The length of the OID name |
1245 | * req Pointer to user request buffer |
1246 | * |
1247 | * Returns: 0 Success |
1248 | * EISDIR Malformed request |
1249 | * ENOENT No such OID name |
1250 | * SYSCTL_OUT:EPERM Permission denied |
1251 | * SYSCTL_OUT:EFAULT Bad user supplied buffer |
1252 | * SYSCTL_OUT:??? Return value from user function |
1253 | * |
1254 | * Implict: Contents of user request buffer, modified |
1255 | * |
1256 | * Locks: Acquires and then releases a read lock on the |
1257 | * sysctl_geometry_lock |
1258 | * |
1259 | * Notes: SPI (System Programming Interface); this is subject to change |
1260 | * and may not be relied upon by third party applications; use |
1261 | * a subprocess to communicate with the "sysctl" command line |
1262 | * command instead, if you believe you need this functionality. |
1263 | * |
1264 | * This function differs from other sysctl functions in that |
1265 | * it can not take an output buffer length of 0 to determine the |
1266 | * space which will be required. It is suggested that the buffer |
1267 | * length be PATH_MAX, and that authors of new sysctl's refrain |
1268 | * from exceeding this string length. |
1269 | */ |
1270 | STATIC int |
1271 | sysctl_sysctl_oidfmt(__unused struct sysctl_oid *oidp, void *arg1, int arg2, |
1272 | struct sysctl_req *req) |
1273 | { |
1274 | int *name = (int *) arg1; |
1275 | int error = ENOENT; /* default error: not found */ |
1276 | u_int namelen = arg2; |
1277 | u_int indx; |
1278 | struct sysctl_oid_iterator it; |
1279 | struct sysctl_oid *oid; |
1280 | |
1281 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
1282 | |
1283 | it = sysctl_oid_iterator_begin(l: &sysctl__children); |
1284 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1285 | |
1286 | indx = 0; |
1287 | while (oid && indx < CTL_MAXNAME) { |
1288 | if (oid->oid_number == name[indx]) { |
1289 | indx++; |
1290 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { |
1291 | if (oid->oid_handler) { |
1292 | goto found; |
1293 | } |
1294 | if (indx == namelen) { |
1295 | goto found; |
1296 | } |
1297 | it = sysctl_oid_iterator_begin(l: oid->oid_arg1); |
1298 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1299 | } else { |
1300 | if (indx != namelen) { |
1301 | error = EISDIR; |
1302 | goto err; |
1303 | } |
1304 | goto found; |
1305 | } |
1306 | } else { |
1307 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1308 | } |
1309 | } |
1310 | /* Not found */ |
1311 | goto err; |
1312 | |
1313 | found: |
1314 | if (!oid->oid_fmt) { |
1315 | goto err; |
1316 | } |
1317 | error = SYSCTL_OUT(req, |
1318 | &oid->oid_kind, sizeof(oid->oid_kind)); |
1319 | if (!error) { |
1320 | error = SYSCTL_OUT(req, oid->oid_fmt, |
1321 | strlen(oid->oid_fmt) + 1); |
1322 | } |
1323 | err: |
1324 | lck_rw_done(lck: &sysctl_geometry_lock); |
1325 | return error; |
1326 | } |
1327 | |
1328 | SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_oidfmt, "" ); |
1329 | |
1330 | |
1331 | /* |
1332 | * Default "handler" functions. |
1333 | */ |
1334 | |
1335 | /* |
1336 | * Handle an int, signed or unsigned. |
1337 | * Two cases: |
1338 | * a variable: point arg1 at it. |
1339 | * a constant: pass it in arg2. |
1340 | */ |
1341 | |
1342 | int |
1343 | sysctl_handle_int(__unused struct sysctl_oid *oidp, void *arg1, int arg2, |
1344 | struct sysctl_req *req) |
1345 | { |
1346 | return sysctl_io_number(req, bigValue: arg1? *(int*)arg1: arg2, valueSize: sizeof(int), pValue: arg1, NULL); |
1347 | } |
1348 | |
1349 | /* |
1350 | * Handle a long, signed or unsigned. arg1 points to it. |
1351 | */ |
1352 | |
1353 | int |
1354 | sysctl_handle_long(__unused struct sysctl_oid *oidp, void *arg1, |
1355 | __unused int arg2, struct sysctl_req *req) |
1356 | { |
1357 | if (!arg1) { |
1358 | return EINVAL; |
1359 | } |
1360 | return sysctl_io_number(req, bigValue: *(long*)arg1, valueSize: sizeof(long), pValue: arg1, NULL); |
1361 | } |
1362 | |
1363 | /* |
1364 | * Handle a quad, signed or unsigned. arg1 points to it. |
1365 | */ |
1366 | |
1367 | int |
1368 | sysctl_handle_quad(__unused struct sysctl_oid *oidp, void *arg1, |
1369 | __unused int arg2, struct sysctl_req *req) |
1370 | { |
1371 | if (!arg1) { |
1372 | return EINVAL; |
1373 | } |
1374 | return sysctl_io_number(req, bigValue: *(long long*)arg1, valueSize: sizeof(long long), pValue: arg1, NULL); |
1375 | } |
1376 | |
1377 | /* |
1378 | * Expose an int value as a quad. |
1379 | * |
1380 | * This interface allows us to support interfaces defined |
1381 | * as using quad values while the implementation is still |
1382 | * using ints. |
1383 | */ |
1384 | int |
1385 | sysctl_handle_int2quad(__unused struct sysctl_oid *oidp, void *arg1, |
1386 | __unused int arg2, struct sysctl_req *req) |
1387 | { |
1388 | int error = 0; |
1389 | long long val; |
1390 | int newval; |
1391 | |
1392 | if (!arg1) { |
1393 | return EINVAL; |
1394 | } |
1395 | val = (long long)*(int *)arg1; |
1396 | error = SYSCTL_OUT(req, &val, sizeof(long long)); |
1397 | |
1398 | if (error || !req->newptr) { |
1399 | return error; |
1400 | } |
1401 | |
1402 | error = SYSCTL_IN(req, &val, sizeof(long long)); |
1403 | if (!error) { |
1404 | /* |
1405 | * Value must be representable; check by |
1406 | * casting and then casting back. |
1407 | */ |
1408 | newval = (int)val; |
1409 | if ((long long)newval != val) { |
1410 | error = ERANGE; |
1411 | } else { |
1412 | *(int *)arg1 = newval; |
1413 | } |
1414 | } |
1415 | return error; |
1416 | } |
1417 | |
1418 | /* |
1419 | * Handle our generic '\0' terminated 'C' string. |
1420 | * Two cases: |
1421 | * a variable string: point arg1 at it, arg2 is max length. |
1422 | * a constant string: point arg1 at it, arg2 is zero. |
1423 | */ |
1424 | |
1425 | int |
1426 | sysctl_handle_string( __unused struct sysctl_oid *oidp, void *arg1, int arg2, |
1427 | struct sysctl_req *req) |
1428 | { |
1429 | return sysctl_io_string(req, pValue: arg1, valueSize: arg2, trunc: 0, NULL); |
1430 | } |
1431 | |
1432 | /* |
1433 | * Handle any kind of opaque data. |
1434 | * arg1 points to it, arg2 is the size. |
1435 | */ |
1436 | |
1437 | int |
1438 | sysctl_handle_opaque(__unused struct sysctl_oid *oidp, void *arg1, int arg2, |
1439 | struct sysctl_req *req) |
1440 | { |
1441 | return sysctl_io_opaque(req, pValue: arg1, valueSize: arg2, NULL); |
1442 | } |
1443 | |
1444 | /* |
1445 | * Transfer functions to/from kernel space. |
1446 | */ |
1447 | STATIC int |
1448 | sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l) |
1449 | { |
1450 | size_t i = 0; |
1451 | |
1452 | if (req->oldptr) { |
1453 | i = l; |
1454 | if (i > req->oldlen - req->oldidx) { |
1455 | i = req->oldlen - req->oldidx; |
1456 | } |
1457 | if (i > 0) { |
1458 | bcopy(src: (const void*)p, CAST_DOWN(char *, (req->oldptr + req->oldidx)), n: i); |
1459 | } |
1460 | } |
1461 | req->oldidx += l; |
1462 | if (req->oldptr && i != l) { |
1463 | return ENOMEM; |
1464 | } |
1465 | return 0; |
1466 | } |
1467 | |
1468 | STATIC int |
1469 | sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l) |
1470 | { |
1471 | if (!req->newptr) { |
1472 | return 0; |
1473 | } |
1474 | if (req->newlen - req->newidx < l) { |
1475 | return EINVAL; |
1476 | } |
1477 | bcopy(CAST_DOWN(char *, (req->newptr + req->newidx)), dst: p, n: l); |
1478 | req->newidx += l; |
1479 | return 0; |
1480 | } |
1481 | |
1482 | int |
1483 | kernel_sysctl(struct proc *p, int *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen) |
1484 | { |
1485 | int error = 0; |
1486 | struct sysctl_req req; |
1487 | |
1488 | /* |
1489 | * Construct request. |
1490 | */ |
1491 | bzero(s: &req, n: sizeof req); |
1492 | req.p = p; |
1493 | if (oldlenp) { |
1494 | req.oldlen = *oldlenp; |
1495 | } |
1496 | if (old) { |
1497 | req.oldptr = CAST_USER_ADDR_T(old); |
1498 | } |
1499 | if (newlen) { |
1500 | req.newlen = newlen; |
1501 | req.newptr = CAST_USER_ADDR_T(new); |
1502 | } |
1503 | req.oldfunc = sysctl_old_kernel; |
1504 | req.newfunc = sysctl_new_kernel; |
1505 | req.lock = 1; |
1506 | |
1507 | /* make the request */ |
1508 | error = sysctl_root(TRUE, FALSE, NULL, namestringlen: 0, name, namelen, req: &req); |
1509 | |
1510 | if (error && error != ENOMEM) { |
1511 | return error; |
1512 | } |
1513 | |
1514 | if (oldlenp) { |
1515 | *oldlenp = req.oldidx; |
1516 | } |
1517 | |
1518 | return error; |
1519 | } |
1520 | |
1521 | /* |
1522 | * Transfer function to/from user space. |
1523 | */ |
1524 | STATIC int |
1525 | sysctl_old_user(struct sysctl_req *req, const void *p, size_t l) |
1526 | { |
1527 | int error = 0; |
1528 | size_t i = 0; |
1529 | |
1530 | if (req->oldptr) { |
1531 | if (req->oldlen - req->oldidx < l) { |
1532 | return ENOMEM; |
1533 | } |
1534 | i = l; |
1535 | if (i > req->oldlen - req->oldidx) { |
1536 | i = req->oldlen - req->oldidx; |
1537 | } |
1538 | if (i > 0) { |
1539 | error = copyout((const void*)p, (req->oldptr + req->oldidx), i); |
1540 | } |
1541 | } |
1542 | req->oldidx += l; |
1543 | if (error) { |
1544 | return error; |
1545 | } |
1546 | if (req->oldptr && i < l) { |
1547 | return ENOMEM; |
1548 | } |
1549 | return 0; |
1550 | } |
1551 | |
1552 | STATIC int |
1553 | sysctl_new_user(struct sysctl_req *req, void *p, size_t l) |
1554 | { |
1555 | int error; |
1556 | |
1557 | if (!req->newptr) { |
1558 | return 0; |
1559 | } |
1560 | if (req->newlen - req->newidx < l) { |
1561 | return EINVAL; |
1562 | } |
1563 | error = copyin((req->newptr + req->newidx), p, l); |
1564 | req->newidx += l; |
1565 | return error; |
1566 | } |
1567 | |
1568 | #define WRITE_EXPERIMENT_FACTORS_ENTITLEMENT "com.apple.private.write-kr-experiment-factors" |
1569 | /* |
1570 | * Is the current task allowed to write to experiment factors? |
1571 | * tasks with the WRITE_EXPERIMENT_FACTORS_ENTITLEMENT are always allowed to write these. |
1572 | * In the development / debug kernel we also allow root to write them. |
1573 | */ |
1574 | STATIC bool |
1575 | can_write_experiment_factors(__unused struct sysctl_req *req) |
1576 | { |
1577 | if (IOCurrentTaskHasEntitlement(WRITE_EXPERIMENT_FACTORS_ENTITLEMENT)) { |
1578 | return true; |
1579 | } |
1580 | #if DEBUG || DEVELOPMENT |
1581 | return !proc_suser(req->p); |
1582 | #else |
1583 | return false; |
1584 | #endif /* DEBUG || DEVELOPMENT */ |
1585 | } |
1586 | |
1587 | /* |
1588 | * Traverse our tree, and find the right node, execute whatever it points |
1589 | * at, and return the resulting error code. |
1590 | */ |
1591 | |
1592 | int |
1593 | sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, |
1594 | char *namestring, size_t namestringlen, |
1595 | int *name, size_t namelen, struct sysctl_req *req) |
1596 | { |
1597 | u_int indx; |
1598 | int i; |
1599 | struct sysctl_oid_iterator it; |
1600 | struct sysctl_oid *oid; |
1601 | sysctl_handler_t oid_handler = NULL; |
1602 | int error; |
1603 | boolean_t unlocked_node_found = FALSE; |
1604 | boolean_t namestring_started = FALSE; |
1605 | |
1606 | /* Get the read lock on the geometry */ |
1607 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
1608 | |
1609 | if (string_is_canonical) { |
1610 | /* namestring is actually canonical, name/namelen needs to be populated */ |
1611 | error = name2oid(name: namestring, oid: name, len: &namelen); |
1612 | if (error) { |
1613 | goto err; |
1614 | } |
1615 | } |
1616 | |
1617 | it = sysctl_oid_iterator_begin(l: &sysctl__children); |
1618 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1619 | |
1620 | indx = 0; |
1621 | while (oid && indx < CTL_MAXNAME) { |
1622 | if (oid->oid_number == name[indx]) { |
1623 | if (!from_kernel && !string_is_canonical) { |
1624 | if (namestring_started) { |
1625 | if (strlcat(dst: namestring, src: "." , n: namestringlen) >= namestringlen) { |
1626 | error = ENAMETOOLONG; |
1627 | goto err; |
1628 | } |
1629 | } |
1630 | |
1631 | if (strlcat(dst: namestring, src: oid->oid_name, n: namestringlen) >= namestringlen) { |
1632 | error = ENAMETOOLONG; |
1633 | goto err; |
1634 | } |
1635 | namestring_started = TRUE; |
1636 | } |
1637 | |
1638 | indx++; |
1639 | if (!(oid->oid_kind & CTLFLAG_LOCKED)) { |
1640 | unlocked_node_found = TRUE; |
1641 | } |
1642 | if (oid->oid_kind & CTLFLAG_NOLOCK) { |
1643 | req->lock = 0; |
1644 | } |
1645 | /* |
1646 | * For SYSCTL_PROC() functions which are for sysctl's |
1647 | * which have parameters at the end of their OID |
1648 | * space, you need to OR CTLTYPE_NODE into their |
1649 | * access value. |
1650 | * |
1651 | * NOTE: For binary backward compatibility ONLY! Do |
1652 | * NOT add new sysctl's that do this! Existing |
1653 | * sysctl's which do this will eventually have |
1654 | * compatibility code in user space, and this method |
1655 | * will become unsupported. |
1656 | */ |
1657 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { |
1658 | if (oid->oid_handler) { |
1659 | goto found; |
1660 | } |
1661 | if (indx == namelen) { |
1662 | error = ENOENT; |
1663 | goto err; |
1664 | } |
1665 | |
1666 | it = sysctl_oid_iterator_begin(l: oid->oid_arg1); |
1667 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1668 | } else { |
1669 | if (indx != namelen) { |
1670 | error = EISDIR; |
1671 | goto err; |
1672 | } |
1673 | goto found; |
1674 | } |
1675 | } else { |
1676 | oid = sysctl_oid_iterator_next_system_order(it: &it); |
1677 | } |
1678 | } |
1679 | error = ENOENT; |
1680 | goto err; |
1681 | found: |
1682 | |
1683 | /* |
1684 | * indx is the index of the first remaining OID name, |
1685 | * for sysctls that take them as arguments |
1686 | */ |
1687 | if (!from_kernel && !string_is_canonical && (indx < namelen)) { |
1688 | char tempbuf[10]; |
1689 | u_int indx2; |
1690 | |
1691 | for (indx2 = indx; indx2 < namelen; indx2++) { |
1692 | snprintf(tempbuf, count: sizeof(tempbuf), "%d" , name[indx2]); |
1693 | |
1694 | if (namestring_started) { |
1695 | if (strlcat(dst: namestring, src: "." , n: namestringlen) >= namestringlen) { |
1696 | error = ENAMETOOLONG; |
1697 | goto err; |
1698 | } |
1699 | } |
1700 | |
1701 | if (strlcat(dst: namestring, src: tempbuf, n: namestringlen) >= namestringlen) { |
1702 | error = ENAMETOOLONG; |
1703 | goto err; |
1704 | } |
1705 | namestring_started = TRUE; |
1706 | } |
1707 | } |
1708 | |
1709 | /* If writing isn't allowed */ |
1710 | if (req->newptr && (!(oid->oid_kind & CTLFLAG_WR) || |
1711 | ((oid->oid_kind & CTLFLAG_SECURE) && securelevel > 0))) { |
1712 | error = (EPERM); |
1713 | goto err; |
1714 | } |
1715 | |
1716 | /* |
1717 | * If we're inside the kernel, the OID must be marked as kernel-valid. |
1718 | */ |
1719 | if (from_kernel && !(oid->oid_kind & CTLFLAG_KERN)) { |
1720 | error = (EPERM); |
1721 | goto err; |
1722 | } |
1723 | |
1724 | if (req->newptr && req->p) { |
1725 | if (oid->oid_kind & CTLFLAG_EXPERIMENT) { |
1726 | /* |
1727 | * Experiment factors have different permissions since they need to be |
1728 | * writable by procs with WRITE_EXPERIMENT_FACTORS_ENTITLEMENT. |
1729 | */ |
1730 | if (!can_write_experiment_factors(req)) { |
1731 | error = (EPERM); |
1732 | goto err; |
1733 | } |
1734 | } else { |
1735 | /* |
1736 | * This is where legacy enforcement of permissions occurs. If the |
1737 | * flag does not say CTLFLAG_ANYBODY, then we prohibit anyone but |
1738 | * root from writing new values down. If local enforcement happens |
1739 | * at the leaf node, then it needs to be set as CTLFLAG_ANYBODY. In |
1740 | * addition, if the leaf node is set this way, then in order to do |
1741 | * specific enforcement, it has to be of type SYSCTL_PROC. |
1742 | */ |
1743 | if (!(oid->oid_kind & CTLFLAG_ANYBODY) && |
1744 | (error = proc_suser(p: req->p))) { |
1745 | goto err; |
1746 | } |
1747 | } |
1748 | } |
1749 | |
1750 | /* |
1751 | * sysctl_unregister_oid() may change the handler value, so grab it |
1752 | * under the lock. |
1753 | */ |
1754 | oid_handler = oid->oid_handler; |
1755 | if (!oid_handler) { |
1756 | error = EINVAL; |
1757 | goto err; |
1758 | } |
1759 | |
1760 | /* |
1761 | * Reference the OID and drop the geometry lock; this prevents the |
1762 | * OID from being deleted out from under the handler call, but does |
1763 | * not prevent other calls into handlers or calls to manage the |
1764 | * geometry elsewhere from blocking... |
1765 | */ |
1766 | if ((oid->oid_kind & CTLFLAG_PERMANENT) == 0) { |
1767 | OSAddAtomic(1, &oid->oid_refcnt); |
1768 | } |
1769 | |
1770 | lck_rw_done(lck: &sysctl_geometry_lock); |
1771 | |
1772 | #if CONFIG_MACF |
1773 | if (!from_kernel) { |
1774 | error = mac_system_check_sysctlbyname(cred: kauth_cred_get(), |
1775 | namestring, |
1776 | name, |
1777 | namelen, |
1778 | oldctl: req->oldptr, |
1779 | oldlen: req->oldlen, |
1780 | newctl: req->newptr, |
1781 | newlen: req->newlen); |
1782 | if (error) { |
1783 | goto dropref; |
1784 | } |
1785 | } |
1786 | #endif |
1787 | |
1788 | /* |
1789 | * ...however, we still have to grab the mutex for those calls which |
1790 | * may be into code whose reentrancy is protected by it. |
1791 | */ |
1792 | if (unlocked_node_found) { |
1793 | lck_mtx_lock(lck: &sysctl_unlocked_node_lock); |
1794 | } |
1795 | |
1796 | #if defined(HAS_APPLE_PAC) |
1797 | /* |
1798 | * oid_handler is signed address-discriminated by sysctl_register_oid(). |
1799 | */ |
1800 | oid_handler = ptrauth_auth_and_resign(oid_handler, |
1801 | ptrauth_key_function_pointer, |
1802 | ptrauth_blend_discriminator(&oid->oid_handler, |
1803 | os_hash_kernel_pointer(oid->oid_arg1)), |
1804 | ptrauth_key_function_pointer, |
1805 | ptrauth_function_pointer_type_discriminator(typeof(oid_handler))); |
1806 | #endif /* defined(HAS_APPLE_PAC) */ |
1807 | |
1808 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { |
1809 | i = oid_handler(oid, name + indx, (int)(namelen - indx), req); |
1810 | } else { |
1811 | i = oid_handler(oid, oid->oid_arg1, oid->oid_arg2, req); |
1812 | } |
1813 | error = i; |
1814 | |
1815 | if (unlocked_node_found) { |
1816 | lck_mtx_unlock(lck: &sysctl_unlocked_node_lock); |
1817 | } |
1818 | |
1819 | #if CONFIG_MACF |
1820 | /* only used from another CONFIG_MACF block */ |
1821 | dropref: |
1822 | #endif |
1823 | |
1824 | /* |
1825 | * This is tricky... we re-grab the geometry lock in order to drop |
1826 | * the reference and wake on the address; since the geometry |
1827 | * lock is a reader/writer lock rather than a mutex, we have to |
1828 | * wake on all apparent 1->0 transitions. This abuses the drop |
1829 | * after the reference decrement in order to wake any lck_rw_sleep() |
1830 | * in progress in sysctl_unregister_oid() that slept because of a |
1831 | * non-zero reference count. |
1832 | * |
1833 | * Note: OSAddAtomic() is defined to return the previous value; |
1834 | * we use this and the fact that the lock itself is a |
1835 | * barrier to avoid waking every time through on "hot" |
1836 | * OIDs. |
1837 | */ |
1838 | lck_rw_lock_shared(lck: &sysctl_geometry_lock); |
1839 | |
1840 | if ((oid->oid_kind & CTLFLAG_PERMANENT) == 0) { |
1841 | if (OSAddAtomic(-1, &oid->oid_refcnt) == 1) { |
1842 | wakeup(chan: &oid->oid_refcnt); |
1843 | } |
1844 | } |
1845 | |
1846 | err: |
1847 | lck_rw_done(lck: &sysctl_geometry_lock); |
1848 | return error; |
1849 | } |
1850 | |
1851 | void |
1852 | sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp, |
1853 | size_t oldlen, user_addr_t newp, size_t newlen) |
1854 | { |
1855 | bzero(s: req, n: sizeof(*req)); |
1856 | |
1857 | req->p = p; |
1858 | |
1859 | req->oldlen = oldlen; |
1860 | req->oldptr = oldp; |
1861 | |
1862 | if (newlen) { |
1863 | req->newlen = newlen; |
1864 | req->newptr = newp; |
1865 | } |
1866 | |
1867 | req->oldfunc = sysctl_old_user; |
1868 | req->newfunc = sysctl_new_user; |
1869 | req->lock = 1; |
1870 | |
1871 | return; |
1872 | } |
1873 | |
1874 | int |
1875 | sysctl(proc_t p, struct sysctl_args *uap, __unused int32_t *retval) |
1876 | { |
1877 | int error, new_error; |
1878 | size_t oldlen = 0, newlen; |
1879 | int name[CTL_MAXNAME]; |
1880 | struct sysctl_req req; |
1881 | char *namestring; |
1882 | size_t namestringlen = MAXPATHLEN; |
1883 | |
1884 | /* |
1885 | * all top-level sysctl names are non-terminal |
1886 | */ |
1887 | if (uap->namelen > CTL_MAXNAME || uap->namelen < 2) { |
1888 | return EINVAL; |
1889 | } |
1890 | error = copyin(uap->name, &name[0], uap->namelen * sizeof(int)); |
1891 | if (error) { |
1892 | return error; |
1893 | } |
1894 | |
1895 | AUDIT_ARG(ctlname, name, uap->namelen); |
1896 | |
1897 | if (uap->newlen > SIZE_T_MAX) { |
1898 | return EINVAL; |
1899 | } |
1900 | newlen = (size_t)uap->newlen; |
1901 | |
1902 | if (uap->oldlenp != USER_ADDR_NULL) { |
1903 | uint64_t oldlen64 = fuulong(addr: uap->oldlenp); |
1904 | |
1905 | /* |
1906 | * If more than 4G, clamp to 4G |
1907 | */ |
1908 | if (oldlen64 > SIZE_T_MAX) { |
1909 | oldlen = SIZE_T_MAX; |
1910 | } else { |
1911 | oldlen = (size_t)oldlen64; |
1912 | } |
1913 | } |
1914 | |
1915 | sysctl_create_user_req(req: &req, p, oldp: uap->old, oldlen, newp: uap->new, newlen); |
1916 | |
1917 | /* Guess that longest length for the passed-in MIB, if we can be more aggressive than MAXPATHLEN */ |
1918 | if (uap->namelen == 2) { |
1919 | if (name[0] == CTL_KERN && name[1] < KERN_MAXID) { |
1920 | namestringlen = 32; /* "kern.speculative_reads_disabled" */ |
1921 | } else if (name[0] == CTL_HW && name[1] < HW_MAXID) { |
1922 | namestringlen = 32; /* "hw.cachelinesize_compat" */ |
1923 | } |
1924 | } |
1925 | |
1926 | namestring = (char *)kalloc_data(namestringlen, Z_WAITOK); |
1927 | if (!namestring) { |
1928 | oldlen = 0; |
1929 | goto err; |
1930 | } |
1931 | |
1932 | error = userland_sysctl(FALSE, namestring, namestringlen, name, namelen: uap->namelen, req: &req, retval: &oldlen); |
1933 | |
1934 | kfree_data(namestring, namestringlen); |
1935 | |
1936 | if ((error) && (error != ENOMEM)) { |
1937 | return error; |
1938 | } |
1939 | |
1940 | err: |
1941 | if (uap->oldlenp != USER_ADDR_NULL) { |
1942 | /* |
1943 | * Only overwrite the old error value on a new error |
1944 | */ |
1945 | new_error = suulong(addr: uap->oldlenp, ulongword: oldlen); |
1946 | |
1947 | if (new_error) { |
1948 | error = new_error; |
1949 | } |
1950 | } |
1951 | |
1952 | return error; |
1953 | } |
1954 | |
1955 | // sysctlbyname is also exported as KPI to kexts |
1956 | // and the syscall name cannot conflict with it |
1957 | int |
1958 | sys_sysctlbyname(proc_t p, struct sysctlbyname_args *uap, __unused int32_t *retval) |
1959 | { |
1960 | int error, new_error; |
1961 | size_t oldlen = 0, newlen; |
1962 | char *name; |
1963 | size_t namelen = 0; |
1964 | struct sysctl_req req; |
1965 | int oid[CTL_MAXNAME]; |
1966 | |
1967 | if (uap->namelen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */ |
1968 | return ENAMETOOLONG; |
1969 | } |
1970 | namelen = (size_t)uap->namelen; |
1971 | |
1972 | name = (char *)kalloc_data(namelen + 1, Z_WAITOK); |
1973 | if (!name) { |
1974 | return ENOMEM; |
1975 | } |
1976 | |
1977 | error = copyin(uap->name, name, namelen); |
1978 | if (error) { |
1979 | kfree_data(name, namelen + 1); |
1980 | return error; |
1981 | } |
1982 | name[namelen] = '\0'; |
1983 | |
1984 | /* XXX |
1985 | * AUDIT_ARG(ctlname, name, uap->namelen); |
1986 | */ |
1987 | |
1988 | if (uap->newlen > SIZE_T_MAX) { |
1989 | kfree_data(name, namelen + 1); |
1990 | return EINVAL; |
1991 | } |
1992 | newlen = (size_t)uap->newlen; |
1993 | |
1994 | if (uap->oldlenp != USER_ADDR_NULL) { |
1995 | uint64_t oldlen64 = fuulong(addr: uap->oldlenp); |
1996 | |
1997 | /* |
1998 | * If more than 4G, clamp to 4G |
1999 | */ |
2000 | if (oldlen64 > SIZE_T_MAX) { |
2001 | oldlen = SIZE_T_MAX; |
2002 | } else { |
2003 | oldlen = (size_t)oldlen64; |
2004 | } |
2005 | } |
2006 | |
2007 | sysctl_create_user_req(req: &req, p, oldp: uap->old, oldlen, newp: uap->new, newlen); |
2008 | |
2009 | error = userland_sysctl(TRUE, namestring: name, namestringlen: namelen + 1, name: oid, CTL_MAXNAME, req: &req, retval: &oldlen); |
2010 | |
2011 | kfree_data(name, namelen + 1); |
2012 | |
2013 | if ((error) && (error != ENOMEM)) { |
2014 | return error; |
2015 | } |
2016 | |
2017 | if (uap->oldlenp != USER_ADDR_NULL) { |
2018 | /* |
2019 | * Only overwrite the old error value on a new error |
2020 | */ |
2021 | new_error = suulong(addr: uap->oldlenp, ulongword: oldlen); |
2022 | |
2023 | if (new_error) { |
2024 | error = new_error; |
2025 | } |
2026 | } |
2027 | |
2028 | return error; |
2029 | } |
2030 | |
2031 | /* |
2032 | * This is used from various compatibility syscalls too. That's why name |
2033 | * must be in kernel space. |
2034 | */ |
2035 | int |
2036 | userland_sysctl(boolean_t string_is_canonical, |
2037 | char *namestring, size_t namestringlen, |
2038 | int *name, u_int namelen, struct sysctl_req *req, |
2039 | size_t *retval) |
2040 | { |
2041 | int error = 0; |
2042 | struct sysctl_req req2; |
2043 | |
2044 | do { |
2045 | /* if EAGAIN, reset output cursor */ |
2046 | req2 = *req; |
2047 | if (!string_is_canonical) { |
2048 | namestring[0] = '\0'; |
2049 | } |
2050 | |
2051 | error = sysctl_root(FALSE, string_is_canonical, namestring, namestringlen, name, namelen, req: &req2); |
2052 | } while (error == EAGAIN); |
2053 | |
2054 | if (error && error != ENOMEM) { |
2055 | return error; |
2056 | } |
2057 | |
2058 | if (retval) { |
2059 | if (req2.oldptr && req2.oldidx > req2.oldlen) { |
2060 | *retval = req2.oldlen; |
2061 | } else { |
2062 | *retval = req2.oldidx; |
2063 | } |
2064 | } |
2065 | return error; |
2066 | } |
2067 | |
2068 | /* |
2069 | * Kernel versions of the userland sysctl helper functions. |
2070 | * |
2071 | * These allow sysctl to be used in the same fashion in both |
2072 | * userland and the kernel. |
2073 | * |
2074 | * Note that some sysctl handlers use copyin/copyout, which |
2075 | * may not work correctly. |
2076 | * |
2077 | * The "sysctlbyname" KPI for use by kexts is aliased to this function. |
2078 | */ |
2079 | |
2080 | int |
2081 | kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen) |
2082 | { |
2083 | int oid[CTL_MAXNAME]; |
2084 | int name2mib_oid[2]; |
2085 | int error; |
2086 | size_t oidlen; |
2087 | |
2088 | /* look up the OID with magic service node */ |
2089 | name2mib_oid[0] = 0; |
2090 | name2mib_oid[1] = 3; |
2091 | |
2092 | oidlen = sizeof(oid); |
2093 | error = kernel_sysctl(p: current_proc(), name: name2mib_oid, namelen: 2, old: oid, oldlenp: &oidlen, __DECONST(void *, name), newlen: strlen(s: name)); |
2094 | oidlen /= sizeof(int); |
2095 | if (oidlen > UINT_MAX) { |
2096 | error = EDOM; |
2097 | } |
2098 | |
2099 | /* now use the OID */ |
2100 | if (error == 0) { |
2101 | error = kernel_sysctl(p: current_proc(), name: oid, namelen: (u_int)oidlen, old: oldp, oldlenp, new: newp, newlen); |
2102 | } |
2103 | return error; |
2104 | } |
2105 | |
2106 | int |
2107 | scalable_counter_sysctl_handler SYSCTL_HANDLER_ARGS |
2108 | { |
2109 | #pragma unused(arg2, oidp) |
2110 | scalable_counter_t counter = *(scalable_counter_t*) arg1; |
2111 | uint64_t value = counter_load(&counter); |
2112 | return SYSCTL_OUT(req, &value, sizeof(value)); |
2113 | } |
2114 | |
2115 | #define X(name, T) \ |
2116 | int \ |
2117 | experiment_factor_##name##_handler SYSCTL_HANDLER_ARGS \ |
2118 | { \ |
2119 | int error, changed = 0; \ |
2120 | T *ptr; \ |
2121 | T new_value, current_value; \ |
2122 | struct experiment_spec *spec = (struct experiment_spec *) arg1; \ |
2123 | if (!arg1) { \ |
2124 | return EINVAL; \ |
2125 | } \ |
2126 | ptr = (T *)(spec->ptr); \ |
2127 | current_value = *ptr; \ |
2128 | error = sysctl_io_number(req, current_value, sizeof(T), &new_value, &changed); \ |
2129 | if (error != 0) { \ |
2130 | return error; \ |
2131 | } \ |
2132 | if (changed) { \ |
2133 | if (new_value < (T) spec->min_value || new_value > (T) spec->max_value) { \ |
2134 | return EINVAL; \ |
2135 | } \ |
2136 | if (os_atomic_cmpxchg(&spec->modified, false, true, acq_rel)) { \ |
2137 | spec->original_value = current_value; \ |
2138 | } \ |
2139 | os_atomic_store_wide(ptr, new_value, relaxed); \ |
2140 | } \ |
2141 | return 0; \ |
2142 | } |
2143 | |
2144 | experiment_factor_numeric_types |
2145 | #undef X |
2146 | |
2147 | #if DEBUG || DEVELOPMENT |
2148 | static int |
2149 | sysctl_test_handler SYSCTL_HANDLER_ARGS |
2150 | { |
2151 | int error; |
2152 | int64_t value, out = 0; |
2153 | |
2154 | error = SYSCTL_IN(req, &value, sizeof(value)); |
2155 | /* Only run test when new value was provided to prevent just reading or |
2156 | * querying from triggering the test, but still allow for sysctl |
2157 | * presence tests via read requests with NULL oldptr */ |
2158 | if (error == 0 && req->newptr) { |
2159 | /* call the test that was specified in SYSCTL_TEST_REGISTER */ |
2160 | error = ((int (*)(int64_t, int64_t *))(uintptr_t)arg1)(value, &out); |
2161 | } |
2162 | if (error == 0) { |
2163 | error = SYSCTL_OUT(req, &out, sizeof(out)); |
2164 | } |
2165 | return error; |
2166 | } |
2167 | |
2168 | void |
2169 | sysctl_register_test_startup(struct sysctl_test_setup_spec *spec) |
2170 | { |
2171 | struct sysctl_oid *oid = zalloc_permanent_type(struct sysctl_oid); |
2172 | |
2173 | *oid = (struct sysctl_oid){ |
2174 | .oid_parent = &sysctl__debug_test_children, |
2175 | .oid_number = OID_AUTO, |
2176 | .oid_kind = CTLTYPE_QUAD | CTLFLAG_OID2 | CTLFLAG_WR | |
2177 | CTLFLAG_PERMANENT | CTLFLAG_LOCKED | CTLFLAG_MASKED, |
2178 | .oid_arg1 = (void *)(uintptr_t)spec->st_func, |
2179 | .oid_name = spec->st_name, |
2180 | .oid_handler = sysctl_test_handler, |
2181 | .oid_fmt = "Q" , |
2182 | .oid_version = SYSCTL_OID_VERSION, |
2183 | .oid_descr = "" , |
2184 | }; |
2185 | sysctl_register_oid_early(oid); |
2186 | } |
2187 | |
2188 | |
2189 | extern void vm_analytics_tick(void *arg0, void *arg1); |
2190 | |
2191 | /* Manual trigger of vm_analytics_tick for testing on dev/debug kernel. */ |
2192 | static int |
2193 | sysctl_vm_analytics_tick SYSCTL_HANDLER_ARGS |
2194 | { |
2195 | #pragma unused(arg1, arg2) |
2196 | int error, val = 0; |
2197 | error = sysctl_handle_int(oidp, &val, 0, req); |
2198 | if (error || !req->newptr) { |
2199 | return error; |
2200 | } |
2201 | vm_analytics_tick(NULL, NULL); |
2202 | return 0; |
2203 | } |
2204 | |
2205 | SYSCTL_PROC(_vm, OID_AUTO, analytics_report, CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_LOCKED | CTLFLAG_MASKED, 0, 0, &sysctl_vm_analytics_tick, "I" , "" ); |
2206 | |
2207 | /* Manual trigger of record_system_event for testing on dev/debug kernel */ |
2208 | static int |
2209 | sysctl_test_record_system_event SYSCTL_HANDLER_ARGS |
2210 | { |
2211 | #pragma unused(arg1, arg2) |
2212 | int error, val = 0; |
2213 | error = sysctl_handle_int(oidp, &val, 0, req); |
2214 | if (error || !req->newptr) { |
2215 | return error; |
2216 | } |
2217 | record_system_event(SYSTEM_EVENT_TYPE_INFO, SYSTEM_EVENT_SUBSYSTEM_TEST, "sysctl test" , "this is a test %s" , "message" ); |
2218 | return 0; |
2219 | } |
2220 | |
2221 | SYSCTL_PROC(_kern, OID_AUTO, test_record_system_event, CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_LOCKED | CTLFLAG_MASKED, 0, 0, &sysctl_test_record_system_event, "-" , "" ); |
2222 | |
2223 | #endif /* DEBUG || DEVELOPMENT */ |
2224 | |
2225 | |
2226 | CA_EVENT(ca_test_event, |
2227 | CA_INT, TestKey, |
2228 | CA_BOOL, TestBool, |
2229 | CA_STATIC_STRING(CA_UUID_LEN), TestString); |
2230 | |
2231 | /* |
2232 | * Manual testing of sending a CoreAnalytics event |
2233 | */ |
2234 | static int |
2235 | sysctl_test_ca_event SYSCTL_HANDLER_ARGS |
2236 | { |
2237 | #pragma unused(arg1, arg2) |
2238 | int error, val = 0; |
2239 | /* |
2240 | * Only send on write |
2241 | */ |
2242 | error = sysctl_handle_int(oidp, arg1: &val, arg2: 0, req); |
2243 | if (error || !req->newptr) { |
2244 | return error; |
2245 | } |
2246 | |
2247 | ca_event_t event = CA_EVENT_ALLOCATE(ca_test_event); |
2248 | CA_EVENT_TYPE(ca_test_event) * event_data = event->data; |
2249 | event_data->TestKey = val; |
2250 | event_data->TestBool = true; |
2251 | uuid_string_t test_str = "sysctl_test_ca_event" ; |
2252 | strlcpy(dst: event_data->TestString, src: test_str, CA_UUID_LEN); |
2253 | CA_EVENT_SEND(event); |
2254 | return 0; |
2255 | } |
2256 | |
2257 | SYSCTL_PROC(_kern, OID_AUTO, test_ca_event, CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_LOCKED | CTLFLAG_MASKED, 0, 0, &sysctl_test_ca_event, "I" , "" ); |
2258 | |
2259 | |
2260 | #if DEVELOPMENT || DEBUG |
2261 | kern_return_t |
2262 | run_compressor_perf_test( |
2263 | user_addr_t buf, |
2264 | size_t buffer_size, |
2265 | uint64_t *time, |
2266 | uint64_t *bytes_compressed, |
2267 | uint64_t *compressor_growth); |
2268 | |
2269 | struct perf_compressor_data { |
2270 | user_addr_t buffer; |
2271 | size_t buffer_size; |
2272 | uint64_t benchmark_time; |
2273 | uint64_t bytes_processed; |
2274 | uint64_t compressor_growth; |
2275 | }; |
2276 | |
2277 | static int |
2278 | sysctl_perf_compressor SYSCTL_HANDLER_ARGS |
2279 | { |
2280 | int error = EINVAL; |
2281 | size_t len = sizeof(struct perf_compressor_data); |
2282 | struct perf_compressor_data benchmark_data = {0}; |
2283 | |
2284 | if (req->oldptr == USER_ADDR_NULL || req->oldlen != len || |
2285 | req->newptr == USER_ADDR_NULL || req->newlen != len) { |
2286 | return EINVAL; |
2287 | } |
2288 | |
2289 | error = SYSCTL_IN(req, &benchmark_data, len); |
2290 | if (error) { |
2291 | return error; |
2292 | } |
2293 | |
2294 | kern_return_t ret = run_compressor_perf_test(benchmark_data.buffer, benchmark_data.buffer_size, |
2295 | &benchmark_data.benchmark_time, &benchmark_data.bytes_processed, &benchmark_data.compressor_growth); |
2296 | switch (ret) { |
2297 | case KERN_SUCCESS: |
2298 | error = 0; |
2299 | break; |
2300 | case KERN_NOT_SUPPORTED: |
2301 | error = ENOTSUP; |
2302 | break; |
2303 | case KERN_INVALID_ARGUMENT: |
2304 | error = EINVAL; |
2305 | break; |
2306 | case KERN_RESOURCE_SHORTAGE: |
2307 | error = EAGAIN; |
2308 | break; |
2309 | default: |
2310 | error = ret; |
2311 | break; |
2312 | } |
2313 | if (error != 0) { |
2314 | return error; |
2315 | } |
2316 | |
2317 | return SYSCTL_OUT(req, &benchmark_data, len); |
2318 | } |
2319 | |
2320 | /* |
2321 | * Compressor & swap performance test |
2322 | */ |
2323 | SYSCTL_PROC(_kern, OID_AUTO, perf_compressor, CTLFLAG_WR | CTLFLAG_MASKED | CTLTYPE_STRUCT, |
2324 | 0, 0, sysctl_perf_compressor, "S" , "Compressor & swap benchmark" ); |
2325 | #endif /* DEVELOPMENT || DEBUG */ |
2326 | |
2327 | #if CONFIG_JETSAM |
2328 | extern uint32_t swapout_sleep_threshold; |
2329 | #if DEVELOPMENT || DEBUG |
2330 | SYSCTL_UINT(_vm, OID_AUTO, swapout_sleep_threshold, CTLFLAG_RW | CTLFLAG_LOCKED, &swapout_sleep_threshold, 0, "" ); |
2331 | #else /* DEVELOPMENT || DEBUG */ |
2332 | SYSCTL_UINT(_vm, OID_AUTO, swapout_sleep_threshold, CTLFLAG_RD | CTLFLAG_LOCKED, &swapout_sleep_threshold, 0, "" ); |
2333 | #endif /* DEVELOPMENT || DEBUG */ |
2334 | #endif /* CONFIG_JETSAM */ |
2335 | |