1 | /* |
2 | * Copyright (c) 2000-2020 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ |
29 | /* |
30 | * Copyright (c) 1982, 1986, 1989, 1991, 1993 |
31 | * The Regents of the University of California. All rights reserved. |
32 | * |
33 | * Redistribution and use in source and binary forms, with or without |
34 | * modification, are permitted provided that the following conditions |
35 | * are met: |
36 | * 1. Redistributions of source code must retain the above copyright |
37 | * notice, this list of conditions and the following disclaimer. |
38 | * 2. Redistributions in binary form must reproduce the above copyright |
39 | * notice, this list of conditions and the following disclaimer in the |
40 | * documentation and/or other materials provided with the distribution. |
41 | * 3. All advertising materials mentioning features or use of this software |
42 | * must display the following acknowledgement: |
43 | * This product includes software developed by the University of |
44 | * California, Berkeley and its contributors. |
45 | * 4. Neither the name of the University nor the names of its contributors |
46 | * may be used to endorse or promote products derived from this software |
47 | * without specific prior written permission. |
48 | * |
49 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
59 | * SUCH DAMAGE. |
60 | * |
61 | * @(#)kern_proc.c 8.4 (Berkeley) 1/4/94 |
62 | */ |
63 | /* |
64 | * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce |
65 | * support for mandatory and extensible security protections. This notice |
66 | * is included in support of clause 2.2 (b) of the Apple Public License, |
67 | * Version 2.0. |
68 | */ |
69 | /* HISTORY |
70 | * 04-Aug-97 Umesh Vaishampayan (umeshv@apple.com) |
71 | * Added current_proc_EXTERNAL() function for the use of kernel |
72 | * lodable modules. |
73 | * |
74 | * 05-Jun-95 Mac Gillon (mgillon) at NeXT |
75 | * New version based on 3.3NS and 4.4 |
76 | */ |
77 | |
78 | |
79 | #include <sys/param.h> |
80 | #include <sys/systm.h> |
81 | #include <sys/kernel.h> |
82 | #include <sys/proc_internal.h> |
83 | #include <sys/acct.h> |
84 | #include <sys/wait.h> |
85 | #include <sys/file_internal.h> |
86 | #include <sys/uio.h> |
87 | #include <sys/malloc.h> |
88 | #include <sys/lock.h> |
89 | #include <sys/mbuf.h> |
90 | #include <sys/ioctl.h> |
91 | #include <sys/tty.h> |
92 | #include <sys/signalvar.h> |
93 | #include <sys/syslog.h> |
94 | #include <sys/sysctl.h> |
95 | #include <sys/sysproto.h> |
96 | #include <sys/kauth.h> |
97 | #include <sys/codesign.h> |
98 | #include <sys/kernel_types.h> |
99 | #include <sys/ubc.h> |
100 | #include <kern/kalloc.h> |
101 | #include <kern/smr_hash.h> |
102 | #include <kern/task.h> |
103 | #include <kern/coalition.h> |
104 | #include <sys/coalition.h> |
105 | #include <kern/assert.h> |
106 | #include <kern/sched_prim.h> |
107 | #include <vm/vm_protos.h> |
108 | #include <vm/vm_map.h> /* vm_map_switch_protect() */ |
109 | #include <vm/vm_pageout.h> |
110 | #include <mach/task.h> |
111 | #include <mach/message.h> |
112 | #include <sys/priv.h> |
113 | #include <sys/proc_info.h> |
114 | #include <sys/bsdtask_info.h> |
115 | #include <sys/persona.h> |
116 | #include <sys/sysent.h> |
117 | #include <sys/reason.h> |
118 | #include <sys/proc_require.h> |
119 | #include <sys/kern_debug.h> |
120 | #include <IOKit/IOBSD.h> /* IOTaskHasEntitlement() */ |
121 | #include <kern/ipc_kobject.h> /* ipc_kobject_set_kobjidx() */ |
122 | #include <kern/ast.h> /* proc_filedesc_ast */ |
123 | #include <libkern/amfi/amfi.h> |
124 | #include <mach-o/loader.h> |
125 | #include <os/base.h> /* OS_STRINGIFY */ |
126 | |
127 | #if CONFIG_CSR |
128 | #include <sys/csr.h> |
129 | #endif |
130 | |
131 | #include <sys/kern_memorystatus.h> |
132 | |
133 | #if CONFIG_MACF |
134 | #include <security/mac_framework.h> |
135 | #include <security/mac_mach_internal.h> |
136 | #endif |
137 | |
138 | #include <libkern/crypto/sha1.h> |
139 | #include <IOKit/IOKitKeys.h> |
140 | |
141 | /* |
142 | * Structure associated with user cacheing. |
143 | */ |
144 | struct uidinfo { |
145 | LIST_ENTRY(uidinfo) ui_hash; |
146 | uid_t ui_uid; |
147 | size_t ui_proccnt; |
148 | }; |
149 | #define UIHASH(uid) (&uihashtbl[(uid) & uihash]) |
150 | static LIST_HEAD(uihashhead, uidinfo) * uihashtbl; |
151 | static u_long uihash; /* size of hash table - 1 */ |
152 | |
153 | /* |
154 | * Other process lists |
155 | */ |
156 | static struct smr_hash pid_hash; |
157 | static struct smr_hash pgrp_hash; |
158 | |
159 | SECURITY_READ_ONLY_LATE(struct sesshashhead *) sesshashtbl; |
160 | SECURITY_READ_ONLY_LATE(u_long) sesshash; |
161 | |
162 | #if PROC_REF_DEBUG |
163 | /* disable panics on leaked proc refs across syscall boundary */ |
164 | static TUNABLE(bool, proc_ref_tracking_disabled, "-disable_procref_tracking" , false); |
165 | #endif |
166 | |
167 | struct proclist allproc = LIST_HEAD_INITIALIZER(allproc); |
168 | struct proclist zombproc = LIST_HEAD_INITIALIZER(zombproc); |
169 | extern struct tty cons; |
170 | extern size_t proc_struct_size; |
171 | extern size_t proc_and_task_size; |
172 | |
173 | extern int cs_debug; |
174 | |
175 | #if DEVELOPMENT || DEBUG |
176 | static TUNABLE(bool, syscallfilter_disable, "-disable_syscallfilter" , false); |
177 | #endif // DEVELOPMENT || DEBUG |
178 | |
179 | #if DEBUG |
180 | #define __PROC_INTERNAL_DEBUG 1 |
181 | #endif |
182 | #if CONFIG_COREDUMP |
183 | /* Name to give to core files */ |
184 | #if defined(XNU_TARGET_OS_BRIDGE) |
185 | __XNU_PRIVATE_EXTERN const char * defaultcorefiledir = "/private/var/internal" ; |
186 | __XNU_PRIVATE_EXTERN char corefilename[MAXPATHLEN + 1] = {"/private/var/internal/%N.core" }; |
187 | __XNU_PRIVATE_EXTERN const char * defaultdrivercorefiledir = "/private/var/internal" ; |
188 | __XNU_PRIVATE_EXTERN char drivercorefilename[MAXPATHLEN + 1] = {"/private/var/internal/%N.core" }; |
189 | #elif defined(XNU_TARGET_OS_OSX) |
190 | __XNU_PRIVATE_EXTERN const char * defaultcorefiledir = "/cores" ; |
191 | __XNU_PRIVATE_EXTERN char corefilename[MAXPATHLEN + 1] = {"/cores/core.%P" }; |
192 | __XNU_PRIVATE_EXTERN const char * defaultdrivercorefiledir = "/private/var/dextcores" ; |
193 | __XNU_PRIVATE_EXTERN char drivercorefilename[MAXPATHLEN + 1] = {"/private/var/dextcores/%N.core" }; |
194 | #else |
195 | __XNU_PRIVATE_EXTERN const char * defaultcorefiledir = "/private/var/cores" ; |
196 | __XNU_PRIVATE_EXTERN char corefilename[MAXPATHLEN + 1] = {"/private/var/cores/%N.core" }; |
197 | __XNU_PRIVATE_EXTERN const char * defaultdrivercorefiledir = "/private/var/dextcores" ; |
198 | __XNU_PRIVATE_EXTERN char drivercorefilename[MAXPATHLEN + 1] = {"/private/var/dextcores/%N.core" }; |
199 | #endif |
200 | #endif |
201 | |
202 | #if PROC_REF_DEBUG |
203 | #include <kern/backtrace.h> |
204 | #endif |
205 | |
206 | static LCK_MTX_DECLARE_ATTR(proc_klist_mlock, &proc_mlock_grp, &proc_lck_attr); |
207 | |
208 | ZONE_DEFINE(pgrp_zone, "pgrp" , |
209 | sizeof(struct pgrp), ZC_ZFREE_CLEARMEM); |
210 | ZONE_DEFINE(session_zone, "session" , |
211 | sizeof(struct session), ZC_ZFREE_CLEARMEM); |
212 | ZONE_DEFINE_ID(ZONE_ID_PROC_RO, "proc_ro" , struct proc_ro, |
213 | ZC_READONLY | ZC_ZFREE_CLEARMEM); |
214 | |
215 | typedef uint64_t unaligned_u64 __attribute__((aligned(1))); |
216 | |
217 | static void orphanpg(struct pgrp * pg); |
218 | void proc_name_kdp(proc_t t, char * buf, int size); |
219 | boolean_t proc_binary_uuid_kdp(task_t task, uuid_t uuid); |
220 | boolean_t current_thread_aborted(void); |
221 | int proc_threadname_kdp(void * uth, char * buf, size_t size); |
222 | void proc_starttime_kdp(void * p, unaligned_u64 *tv_sec, unaligned_u64 *tv_usec, unaligned_u64 *abstime); |
223 | void proc_archinfo_kdp(void* p, cpu_type_t* cputype, cpu_subtype_t* cpusubtype); |
224 | uint64_t proc_getcsflags_kdp(void * p); |
225 | char * proc_name_address(void * p); |
226 | char * proc_longname_address(void *); |
227 | |
228 | static void pgrp_destroy(struct pgrp *pgrp); |
229 | static void pgrp_replace(proc_t p, struct pgrp *pgrp); |
230 | static int csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user_addr_t uaddittoken); |
231 | static boolean_t proc_parent_is_currentproc(proc_t p); |
232 | |
233 | #if CONFIG_PROC_RESOURCE_LIMITS |
234 | extern void task_filedesc_ast(task_t task, int current_size, int soft_limit, int hard_limit); |
235 | extern void task_kqworkloop_ast(task_t task, int current_size, int soft_limit, int hard_limit); |
236 | #endif |
237 | |
238 | struct fixjob_iterargs { |
239 | struct pgrp * pg; |
240 | struct session * mysession; |
241 | int entering; |
242 | }; |
243 | |
244 | int fixjob_callback(proc_t, void *); |
245 | |
246 | uint64_t |
247 | get_current_unique_pid(void) |
248 | { |
249 | proc_t p = current_proc(); |
250 | |
251 | if (p) { |
252 | return proc_uniqueid(p); |
253 | } else { |
254 | return 0; |
255 | } |
256 | } |
257 | |
258 | /* |
259 | * Initialize global process hashing structures. |
260 | */ |
261 | static void |
262 | procinit(void) |
263 | { |
264 | smr_hash_init(smrh: &pid_hash, size: maxproc / 4); |
265 | smr_hash_init(smrh: &pgrp_hash, size: maxproc / 4); |
266 | sesshashtbl = hashinit(count: maxproc / 4, M_PROC, hashmask: &sesshash); |
267 | uihashtbl = hashinit(count: maxproc / 16, M_PROC, hashmask: &uihash); |
268 | } |
269 | STARTUP(EARLY_BOOT, STARTUP_RANK_FIRST, procinit); |
270 | |
271 | /* |
272 | * Change the count associated with number of processes |
273 | * a given user is using. This routine protects the uihash |
274 | * with the list lock |
275 | */ |
276 | size_t |
277 | chgproccnt(uid_t uid, int diff) |
278 | { |
279 | struct uidinfo *uip; |
280 | struct uidinfo *newuip = NULL; |
281 | struct uihashhead *uipp; |
282 | size_t retval; |
283 | |
284 | again: |
285 | proc_list_lock(); |
286 | uipp = UIHASH(uid); |
287 | for (uip = uipp->lh_first; uip != 0; uip = uip->ui_hash.le_next) { |
288 | if (uip->ui_uid == uid) { |
289 | break; |
290 | } |
291 | } |
292 | if (uip) { |
293 | uip->ui_proccnt += diff; |
294 | if (uip->ui_proccnt > 0) { |
295 | retval = uip->ui_proccnt; |
296 | proc_list_unlock(); |
297 | goto out; |
298 | } |
299 | LIST_REMOVE(uip, ui_hash); |
300 | retval = 0; |
301 | proc_list_unlock(); |
302 | kfree_type(struct uidinfo, uip); |
303 | goto out; |
304 | } |
305 | if (diff <= 0) { |
306 | if (diff == 0) { |
307 | retval = 0; |
308 | proc_list_unlock(); |
309 | goto out; |
310 | } |
311 | panic("chgproccnt: lost user" ); |
312 | } |
313 | if (newuip != NULL) { |
314 | uip = newuip; |
315 | newuip = NULL; |
316 | LIST_INSERT_HEAD(uipp, uip, ui_hash); |
317 | uip->ui_uid = uid; |
318 | uip->ui_proccnt = diff; |
319 | retval = diff; |
320 | proc_list_unlock(); |
321 | goto out; |
322 | } |
323 | proc_list_unlock(); |
324 | newuip = kalloc_type(struct uidinfo, Z_WAITOK | Z_NOFAIL); |
325 | goto again; |
326 | out: |
327 | kfree_type(struct uidinfo, newuip); |
328 | return retval; |
329 | } |
330 | |
331 | /* |
332 | * Is p an inferior of the current process? |
333 | */ |
334 | int |
335 | inferior(proc_t p) |
336 | { |
337 | int retval = 0; |
338 | |
339 | proc_list_lock(); |
340 | for (; p != current_proc(); p = p->p_pptr) { |
341 | if (proc_getpid(p) == 0) { |
342 | goto out; |
343 | } |
344 | } |
345 | retval = 1; |
346 | out: |
347 | proc_list_unlock(); |
348 | return retval; |
349 | } |
350 | |
351 | /* |
352 | * Is p an inferior of t ? |
353 | */ |
354 | int |
355 | isinferior(proc_t p, proc_t t) |
356 | { |
357 | int retval = 0; |
358 | int nchecked = 0; |
359 | proc_t start = p; |
360 | |
361 | /* if p==t they are not inferior */ |
362 | if (p == t) { |
363 | return 0; |
364 | } |
365 | |
366 | proc_list_lock(); |
367 | for (; p != t; p = p->p_pptr) { |
368 | nchecked++; |
369 | |
370 | /* Detect here if we're in a cycle */ |
371 | if ((proc_getpid(p) == 0) || (p->p_pptr == start) || (nchecked >= nprocs)) { |
372 | goto out; |
373 | } |
374 | } |
375 | retval = 1; |
376 | out: |
377 | proc_list_unlock(); |
378 | return retval; |
379 | } |
380 | |
381 | int |
382 | proc_isinferior(int pid1, int pid2) |
383 | { |
384 | proc_t p = PROC_NULL; |
385 | proc_t t = PROC_NULL; |
386 | int retval = 0; |
387 | |
388 | if (((p = proc_find(pid: pid1)) != (proc_t)0) && ((t = proc_find(pid: pid2)) != (proc_t)0)) { |
389 | retval = isinferior(p, t); |
390 | } |
391 | |
392 | if (p != PROC_NULL) { |
393 | proc_rele(p); |
394 | } |
395 | if (t != PROC_NULL) { |
396 | proc_rele(p: t); |
397 | } |
398 | |
399 | return retval; |
400 | } |
401 | |
402 | /* |
403 | * Returns process identity of a given process. Calling this function is not |
404 | * racy for a current process or if a reference to the process is held. |
405 | */ |
406 | struct proc_ident |
407 | proc_ident(proc_t p) |
408 | { |
409 | struct proc_ident ident = { |
410 | .p_pid = proc_pid(p), |
411 | .p_uniqueid = proc_uniqueid(p), |
412 | .p_idversion = proc_pidversion(p), |
413 | }; |
414 | |
415 | return ident; |
416 | } |
417 | |
418 | proc_t |
419 | proc_find_ident(struct proc_ident const *ident) |
420 | { |
421 | proc_t proc = PROC_NULL; |
422 | |
423 | proc = proc_find(pid: ident->p_pid); |
424 | if (proc == PROC_NULL) { |
425 | return PROC_NULL; |
426 | } |
427 | |
428 | if (proc_uniqueid(proc) != ident->p_uniqueid || |
429 | proc_pidversion(proc) != ident->p_idversion) { |
430 | proc_rele(p: proc); |
431 | return PROC_NULL; |
432 | } |
433 | |
434 | return proc; |
435 | } |
436 | |
437 | void |
438 | uthread_reset_proc_refcount(uthread_t uth) |
439 | { |
440 | uth->uu_proc_refcount = 0; |
441 | |
442 | #if PROC_REF_DEBUG |
443 | if (proc_ref_tracking_disabled) { |
444 | return; |
445 | } |
446 | |
447 | struct uthread_proc_ref_info *upri = uth->uu_proc_ref_info; |
448 | uint32_t n = uth->uu_proc_ref_info->upri_pindex; |
449 | |
450 | uth->uu_proc_ref_info->upri_pindex = 0; |
451 | |
452 | if (n) { |
453 | for (unsigned i = 0; i < n; i++) { |
454 | btref_put(upri->upri_proc_stacks[i]); |
455 | } |
456 | bzero(upri->upri_proc_stacks, sizeof(btref_t) * n); |
457 | bzero(upri->upri_proc_ps, sizeof(proc_t) * n); |
458 | } |
459 | #endif |
460 | } |
461 | |
462 | #if PROC_REF_DEBUG |
463 | void |
464 | uthread_init_proc_refcount(uthread_t uth) |
465 | { |
466 | if (proc_ref_tracking_disabled) { |
467 | return; |
468 | } |
469 | |
470 | uth->uu_proc_ref_info = kalloc_type(struct uthread_proc_ref_info, |
471 | Z_ZERO | Z_WAITOK | Z_NOFAIL); |
472 | } |
473 | |
474 | void |
475 | uthread_destroy_proc_refcount(uthread_t uth) |
476 | { |
477 | if (proc_ref_tracking_disabled) { |
478 | return; |
479 | } |
480 | |
481 | struct uthread_proc_ref_info *upri = uth->uu_proc_ref_info; |
482 | uint32_t n = uth->uu_proc_ref_info->upri_pindex; |
483 | |
484 | for (unsigned i = 0; i < n; i++) { |
485 | btref_put(upri->upri_proc_stacks[i]); |
486 | } |
487 | |
488 | kfree_type(struct uthread_proc_ref_info, uth->uu_proc_ref_info); |
489 | } |
490 | |
491 | void |
492 | uthread_assert_zero_proc_refcount(uthread_t uth) |
493 | { |
494 | if (proc_ref_tracking_disabled) { |
495 | return; |
496 | } |
497 | |
498 | if (__improbable(uth->uu_proc_refcount != 0)) { |
499 | panic("Unexpected non zero uu_proc_refcount = %d (%p)" , |
500 | uth->uu_proc_refcount, uth); |
501 | } |
502 | } |
503 | #endif |
504 | |
505 | bool |
506 | proc_list_exited(proc_t p) |
507 | { |
508 | return os_ref_get_raw_mask(rc: &p->p_refcount) & P_REF_DEAD; |
509 | } |
510 | |
511 | #if CONFIG_DEBUG_SYSCALL_REJECTION |
512 | uint64_t |
513 | uthread_get_syscall_rejection_flags(void *uthread) |
514 | { |
515 | uthread_t uth = (uthread_t) uthread; |
516 | return uth->syscall_rejection_flags; |
517 | } |
518 | |
519 | uint64_t* |
520 | uthread_get_syscall_rejection_mask(void *uthread) |
521 | { |
522 | uthread_t uth = (uthread_t) uthread; |
523 | return uth->syscall_rejection_mask; |
524 | } |
525 | |
526 | uint64_t* |
527 | uthread_get_syscall_rejection_once_mask(void *uthread) |
528 | { |
529 | uthread_t uth = (uthread_t) uthread; |
530 | return uth->syscall_rejection_once_mask; |
531 | } |
532 | |
533 | bool |
534 | uthread_syscall_rejection_is_enabled(void *uthread) |
535 | { |
536 | uthread_t uth = (uthread_t) uthread; |
537 | return (debug_syscall_rejection_mode != 0) || (uth->syscall_rejection_flags & SYSCALL_REJECTION_FLAGS_FORCE_FATAL); |
538 | } |
539 | #endif /* CONFIG_DEBUG_SYSCALL_REJECTION */ |
540 | |
541 | #if PROC_REF_DEBUG |
542 | __attribute__((noinline)) |
543 | #endif /* PROC_REF_DEBUG */ |
544 | static void |
545 | record_procref(proc_t p __unused, int count) |
546 | { |
547 | uthread_t uth; |
548 | |
549 | uth = current_uthread(); |
550 | uth->uu_proc_refcount += count; |
551 | |
552 | #if PROC_REF_DEBUG |
553 | if (proc_ref_tracking_disabled) { |
554 | return; |
555 | } |
556 | struct uthread_proc_ref_info *upri = uth->uu_proc_ref_info; |
557 | |
558 | if (upri->upri_pindex < NUM_PROC_REFS_TO_TRACK) { |
559 | upri->upri_proc_stacks[upri->upri_pindex] = |
560 | btref_get(__builtin_frame_address(0), BTREF_GET_NOWAIT); |
561 | upri->upri_proc_ps[upri->upri_pindex] = p; |
562 | upri->upri_pindex++; |
563 | } |
564 | #endif /* PROC_REF_DEBUG */ |
565 | } |
566 | |
567 | /*! |
568 | * @function proc_ref_try_fast() |
569 | * |
570 | * @brief |
571 | * Tries to take a proc ref, unless it is in flux (being made, or dead). |
572 | * |
573 | * @returns |
574 | * - the new refcount value (including bits) on success, |
575 | * - 0 on failure. |
576 | */ |
577 | static inline uint32_t |
578 | proc_ref_try_fast(proc_t p) |
579 | { |
580 | uint32_t bits; |
581 | |
582 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
583 | |
584 | bits = os_ref_retain_try_mask(&p->p_refcount, P_REF_BITS, |
585 | P_REF_NEW | P_REF_DEAD, NULL); |
586 | if (bits) { |
587 | record_procref(p, count: 1); |
588 | } |
589 | return bits; |
590 | } |
591 | |
592 | /*! |
593 | * @function proc_ref_wait() |
594 | * |
595 | * @brief |
596 | * Waits for the specified bits to clear, on the specified event. |
597 | */ |
598 | __attribute__((noinline)) |
599 | static void |
600 | proc_ref_wait(proc_t p, event_t event, proc_ref_bits_t mask, bool locked) |
601 | { |
602 | assert_wait(event, THREAD_UNINT | THREAD_WAIT_NOREPORT); |
603 | |
604 | if (os_ref_get_raw_mask(rc: &p->p_refcount) & mask) { |
605 | uthread_t uth = current_uthread(); |
606 | |
607 | if (locked) { |
608 | proc_list_unlock(); |
609 | } |
610 | uth->uu_wchan = event; |
611 | uth->uu_wmesg = "proc_refwait" ; |
612 | thread_block(THREAD_CONTINUE_NULL); |
613 | uth->uu_wchan = NULL; |
614 | uth->uu_wmesg = NULL; |
615 | if (locked) { |
616 | proc_list_lock(); |
617 | } |
618 | } else { |
619 | clear_wait(thread: current_thread(), THREAD_AWAKENED); |
620 | } |
621 | } |
622 | |
623 | /*! |
624 | * @function proc_ref_wait_for_exec() |
625 | * |
626 | * @brief |
627 | * Routine called by processes trying to acquire a ref while |
628 | * an exec is in flight. |
629 | * |
630 | * @discussion |
631 | * This function is called with a proc ref held on the proc, |
632 | * which will be given up until the @c P_REF_*_EXEC flags clear. |
633 | * |
634 | * @param p the proc, the caller owns a proc ref |
635 | * @param bits the result of @c proc_ref_try_fast() prior to calling this. |
636 | * @param locked whether the caller holds the @c proc_list_lock(). |
637 | */ |
638 | __attribute__((noinline)) |
639 | static proc_t |
640 | proc_ref_wait_for_exec(proc_t p, uint32_t bits, int locked) |
641 | { |
642 | const proc_ref_bits_t mask = P_REF_WILL_EXEC | P_REF_IN_EXEC; |
643 | |
644 | /* |
645 | * the proc is in the middle of exec, |
646 | * trade our ref for a "wait ref", |
647 | * and wait for the proc_refwake_did_exec() call. |
648 | * |
649 | * Note: it's very unlikely that we'd loop back into the wait, |
650 | * it would only happen if the target proc would be |
651 | * in exec again by the time we woke up. |
652 | */ |
653 | os_ref_retain_raw(&p->p_waitref, &p_refgrp); |
654 | |
655 | do { |
656 | proc_rele(p); |
657 | proc_ref_wait(p, event: &p->p_waitref, mask, locked); |
658 | bits = proc_ref_try_fast(p); |
659 | } while (__improbable(bits & mask)); |
660 | |
661 | proc_wait_release(p); |
662 | |
663 | return bits ? p : PROC_NULL; |
664 | } |
665 | |
666 | static inline bool |
667 | proc_ref_needs_wait_for_exec(uint32_t bits) |
668 | { |
669 | if (__probable((bits & (P_REF_WILL_EXEC | P_REF_IN_EXEC)) == 0)) { |
670 | return false; |
671 | } |
672 | |
673 | if (bits & P_REF_IN_EXEC) { |
674 | return true; |
675 | } |
676 | |
677 | /* |
678 | * procs can't have outstanding refs while execing. |
679 | * |
680 | * In order to achieve, that, proc_refdrain_will_exec() |
681 | * will drain outstanding references. It signals its intent |
682 | * with the P_REF_WILL_EXEC flag, and moves to P_REF_IN_EXEC |
683 | * when this is achieved. |
684 | * |
685 | * Most threads will block in proc_ref() when any of those |
686 | * flags is set. However, threads that already have |
687 | * an oustanding ref on this proc might want another |
688 | * before dropping them. To avoid deadlocks, we need |
689 | * to let threads with any oustanding reference take one |
690 | * when only P_REF_WILL_EXEC is set (which causes exec |
691 | * to be delayed). |
692 | * |
693 | * Note: the current thread will _always_ appear like it holds |
694 | * one ref due to having taken one speculatively. |
695 | */ |
696 | assert(current_uthread()->uu_proc_refcount >= 1); |
697 | return current_uthread()->uu_proc_refcount == 1; |
698 | } |
699 | |
700 | int |
701 | proc_rele(proc_t p) |
702 | { |
703 | uint32_t o_bits, n_bits; |
704 | |
705 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
706 | |
707 | os_atomic_rmw_loop(&p->p_refcount, o_bits, n_bits, release, { |
708 | n_bits = o_bits - (1u << P_REF_BITS); |
709 | if ((n_bits >> P_REF_BITS) == 1) { |
710 | n_bits &= ~P_REF_DRAINING; |
711 | } |
712 | }); |
713 | record_procref(p, count: -1); |
714 | |
715 | /* |
716 | * p might be freed after this point. |
717 | */ |
718 | |
719 | if (__improbable((o_bits & P_REF_DRAINING) && !(n_bits & P_REF_DRAINING))) { |
720 | /* |
721 | * This wakeup can cause spurious ones, |
722 | * but proc_refdrain() can deal with those. |
723 | * |
724 | * Because the proc_zone memory is sequestered, |
725 | * this is safe to wakeup a possible "freed" address. |
726 | */ |
727 | wakeup(chan: &p->p_refcount); |
728 | } |
729 | return 0; |
730 | } |
731 | |
732 | bool |
733 | proc_is_shadow(proc_t p) |
734 | { |
735 | return os_ref_get_raw_mask(rc: &p->p_refcount) & P_REF_SHADOW; |
736 | } |
737 | |
738 | proc_t |
739 | proc_self(void) |
740 | { |
741 | proc_t p = current_proc(); |
742 | |
743 | /* |
744 | * Do not go through the logic of "wait for exec", it is meaningless. |
745 | * Only fail taking a ref for oneself if the proc is about to die. |
746 | */ |
747 | return proc_ref_try_fast(p) ? p : PROC_NULL; |
748 | } |
749 | |
750 | proc_t |
751 | proc_ref(proc_t p, int locked) |
752 | { |
753 | uint32_t bits; |
754 | |
755 | bits = proc_ref_try_fast(p); |
756 | if (__improbable(!bits)) { |
757 | return PROC_NULL; |
758 | } |
759 | |
760 | if (__improbable(proc_ref_needs_wait_for_exec(bits))) { |
761 | return proc_ref_wait_for_exec(p, bits, locked); |
762 | } |
763 | |
764 | return p; |
765 | } |
766 | |
767 | static void |
768 | proc_wait_free(smr_node_t node) |
769 | { |
770 | struct proc *p = __container_of(node, struct proc, p_smr_node); |
771 | |
772 | proc_release_proc_task_struct(proc: p); |
773 | } |
774 | |
775 | void |
776 | proc_wait_release(proc_t p) |
777 | { |
778 | if (__probable(os_ref_release_raw(&p->p_waitref, &p_refgrp) == 0)) { |
779 | smr_proc_task_call(&p->p_smr_node, proc_and_task_size, |
780 | proc_wait_free); |
781 | } |
782 | } |
783 | |
784 | proc_t |
785 | proc_find_zombref(int pid) |
786 | { |
787 | proc_t p; |
788 | |
789 | proc_list_lock(); |
790 | |
791 | again: |
792 | p = phash_find_locked(pid); |
793 | |
794 | /* should we bail? */ |
795 | if ((p == PROC_NULL) || !proc_list_exited(p)) { |
796 | proc_list_unlock(); |
797 | return PROC_NULL; |
798 | } |
799 | |
800 | /* If someone else is controlling the (unreaped) zombie - wait */ |
801 | if ((p->p_listflag & P_LIST_WAITING) != 0) { |
802 | (void)msleep(chan: &p->p_stat, mtx: &proc_list_mlock, PWAIT, wmesg: "waitcoll" , ts: 0); |
803 | goto again; |
804 | } |
805 | p->p_listflag |= P_LIST_WAITING; |
806 | |
807 | proc_list_unlock(); |
808 | |
809 | return p; |
810 | } |
811 | |
812 | void |
813 | proc_drop_zombref(proc_t p) |
814 | { |
815 | proc_list_lock(); |
816 | if ((p->p_listflag & P_LIST_WAITING) == P_LIST_WAITING) { |
817 | p->p_listflag &= ~P_LIST_WAITING; |
818 | wakeup(chan: &p->p_stat); |
819 | } |
820 | proc_list_unlock(); |
821 | } |
822 | |
823 | |
824 | void |
825 | proc_refdrain(proc_t p) |
826 | { |
827 | uint32_t bits = os_ref_get_raw_mask(rc: &p->p_refcount); |
828 | |
829 | assert(proc_list_exited(p)); |
830 | |
831 | while ((bits >> P_REF_BITS) > 1) { |
832 | if (os_atomic_cmpxchgv(&p->p_refcount, bits, |
833 | bits | P_REF_DRAINING, &bits, relaxed)) { |
834 | proc_ref_wait(p, event: &p->p_refcount, mask: P_REF_DRAINING, false); |
835 | } |
836 | } |
837 | } |
838 | |
839 | proc_t |
840 | proc_refdrain_will_exec(proc_t p) |
841 | { |
842 | const proc_ref_bits_t will_exec_mask = P_REF_WILL_EXEC | P_REF_DRAINING; |
843 | |
844 | /* |
845 | * All the calls to proc_ref will wait |
846 | * for the flag to get cleared before returning a ref. |
847 | * |
848 | * (except for the case documented in proc_ref_needs_wait_for_exec()). |
849 | */ |
850 | |
851 | if (p == initproc) { |
852 | /* Do not wait in ref drain for launchd exec */ |
853 | os_atomic_or(&p->p_refcount, P_REF_IN_EXEC, relaxed); |
854 | } else { |
855 | for (;;) { |
856 | uint32_t o_ref, n_ref; |
857 | |
858 | os_atomic_rmw_loop(&p->p_refcount, o_ref, n_ref, relaxed, { |
859 | if ((o_ref >> P_REF_BITS) == 1) { |
860 | /* |
861 | * We drained successfully, |
862 | * move on to P_REF_IN_EXEC |
863 | */ |
864 | n_ref = o_ref & ~will_exec_mask; |
865 | n_ref |= P_REF_IN_EXEC; |
866 | } else { |
867 | /* |
868 | * Outstanding refs exit, |
869 | * mark our desire to stall |
870 | * proc_ref() callers with |
871 | * P_REF_WILL_EXEC. |
872 | */ |
873 | n_ref = o_ref | will_exec_mask; |
874 | } |
875 | }); |
876 | |
877 | if (n_ref & P_REF_IN_EXEC) { |
878 | break; |
879 | } |
880 | |
881 | proc_ref_wait(p, event: &p->p_refcount, mask: P_REF_DRAINING, false); |
882 | } |
883 | } |
884 | |
885 | /* Return a ref to the caller */ |
886 | os_ref_retain_mask(&p->p_refcount, P_REF_BITS, NULL); |
887 | record_procref(p, count: 1); |
888 | |
889 | return p; |
890 | } |
891 | |
892 | void |
893 | proc_refwake_did_exec(proc_t p) |
894 | { |
895 | os_atomic_andnot(&p->p_refcount, P_REF_IN_EXEC, release); |
896 | wakeup(chan: &p->p_waitref); |
897 | } |
898 | |
899 | void |
900 | proc_ref_hold_proc_task_struct(proc_t proc) |
901 | { |
902 | os_atomic_or(&proc->p_refcount, P_REF_PROC_HOLD, relaxed); |
903 | } |
904 | |
905 | static void |
906 | proc_free(proc_t proc) |
907 | { |
908 | proc_ro_t proc_ro = proc->p_proc_ro; |
909 | kauth_cred_t cred; |
910 | |
911 | if (proc_ro) { |
912 | cred = smr_serialized_load(&proc_ro->p_ucred); |
913 | |
914 | kauth_cred_set(&cred, NOCRED); |
915 | zfree_ro(ZONE_ID_PROC_RO, proc_ro); |
916 | } |
917 | zfree(proc_task_zone, proc); |
918 | } |
919 | |
920 | void |
921 | proc_release_proc_task_struct(proc_t proc) |
922 | { |
923 | uint32_t old_ref = os_atomic_andnot_orig(&proc->p_refcount, P_REF_PROC_HOLD, relaxed); |
924 | if ((old_ref & P_REF_TASK_HOLD) == 0) { |
925 | proc_free(proc); |
926 | } |
927 | } |
928 | |
929 | void |
930 | task_ref_hold_proc_task_struct(task_t task) |
931 | { |
932 | proc_t proc_from_task = task_get_proc_raw(task); |
933 | os_atomic_or(&proc_from_task->p_refcount, P_REF_TASK_HOLD, relaxed); |
934 | } |
935 | |
936 | void |
937 | task_release_proc_task_struct(task_t task) |
938 | { |
939 | proc_t proc_from_task = task_get_proc_raw(task); |
940 | uint32_t old_ref = os_atomic_andnot_orig(&proc_from_task->p_refcount, P_REF_TASK_HOLD, relaxed); |
941 | |
942 | if ((old_ref & P_REF_PROC_HOLD) == 0) { |
943 | proc_free(proc: proc_from_task); |
944 | } |
945 | } |
946 | |
947 | proc_t |
948 | proc_parentholdref(proc_t p) |
949 | { |
950 | proc_t parent = PROC_NULL; |
951 | proc_t pp; |
952 | |
953 | proc_list_lock(); |
954 | loop: |
955 | pp = p->p_pptr; |
956 | if ((pp == PROC_NULL) || (pp->p_stat == SZOMB) || ((pp->p_listflag & (P_LIST_CHILDDRSTART | P_LIST_CHILDDRAINED)) == (P_LIST_CHILDDRSTART | P_LIST_CHILDDRAINED))) { |
957 | parent = PROC_NULL; |
958 | goto out; |
959 | } |
960 | |
961 | if ((pp->p_listflag & (P_LIST_CHILDDRSTART | P_LIST_CHILDDRAINED)) == P_LIST_CHILDDRSTART) { |
962 | pp->p_listflag |= P_LIST_CHILDDRWAIT; |
963 | msleep(chan: &pp->p_childrencnt, mtx: &proc_list_mlock, pri: 0, wmesg: "proc_parent" , ts: 0); |
964 | goto loop; |
965 | } |
966 | |
967 | if ((pp->p_listflag & (P_LIST_CHILDDRSTART | P_LIST_CHILDDRAINED)) == 0) { |
968 | pp->p_parentref++; |
969 | parent = pp; |
970 | goto out; |
971 | } |
972 | |
973 | out: |
974 | proc_list_unlock(); |
975 | return parent; |
976 | } |
977 | int |
978 | proc_parentdropref(proc_t p, int listlocked) |
979 | { |
980 | if (listlocked == 0) { |
981 | proc_list_lock(); |
982 | } |
983 | |
984 | if (p->p_parentref > 0) { |
985 | p->p_parentref--; |
986 | if ((p->p_parentref == 0) && ((p->p_listflag & P_LIST_PARENTREFWAIT) == P_LIST_PARENTREFWAIT)) { |
987 | p->p_listflag &= ~P_LIST_PARENTREFWAIT; |
988 | wakeup(chan: &p->p_parentref); |
989 | } |
990 | } else { |
991 | panic("proc_parentdropref -ve ref" ); |
992 | } |
993 | if (listlocked == 0) { |
994 | proc_list_unlock(); |
995 | } |
996 | |
997 | return 0; |
998 | } |
999 | |
1000 | void |
1001 | proc_childdrainstart(proc_t p) |
1002 | { |
1003 | #if __PROC_INTERNAL_DEBUG |
1004 | if ((p->p_listflag & P_LIST_CHILDDRSTART) == P_LIST_CHILDDRSTART) { |
1005 | panic("proc_childdrainstart: childdrain already started" ); |
1006 | } |
1007 | #endif |
1008 | p->p_listflag |= P_LIST_CHILDDRSTART; |
1009 | /* wait for all that hold parentrefs to drop */ |
1010 | while (p->p_parentref > 0) { |
1011 | p->p_listflag |= P_LIST_PARENTREFWAIT; |
1012 | msleep(chan: &p->p_parentref, mtx: &proc_list_mlock, pri: 0, wmesg: "proc_childdrainstart" , ts: 0); |
1013 | } |
1014 | } |
1015 | |
1016 | |
1017 | void |
1018 | proc_childdrainend(proc_t p) |
1019 | { |
1020 | #if __PROC_INTERNAL_DEBUG |
1021 | if (p->p_childrencnt > 0) { |
1022 | panic("exiting: children stil hanging around" ); |
1023 | } |
1024 | #endif |
1025 | p->p_listflag |= P_LIST_CHILDDRAINED; |
1026 | if ((p->p_listflag & (P_LIST_CHILDLKWAIT | P_LIST_CHILDDRWAIT)) != 0) { |
1027 | p->p_listflag &= ~(P_LIST_CHILDLKWAIT | P_LIST_CHILDDRWAIT); |
1028 | wakeup(chan: &p->p_childrencnt); |
1029 | } |
1030 | } |
1031 | |
1032 | void |
1033 | proc_checkdeadrefs(__unused proc_t p) |
1034 | { |
1035 | uint32_t bits; |
1036 | |
1037 | bits = os_ref_release_raw_mask(&p->p_refcount, P_REF_BITS, NULL); |
1038 | bits &= ~(P_REF_SHADOW | P_REF_PROC_HOLD | P_REF_TASK_HOLD); |
1039 | if (bits != P_REF_DEAD) { |
1040 | panic("proc being freed and unexpected refcount %p:%d:0x%x" , p, |
1041 | bits >> P_REF_BITS, bits & P_REF_MASK); |
1042 | } |
1043 | #if __PROC_INTERNAL_DEBUG |
1044 | if (p->p_childrencnt != 0) { |
1045 | panic("proc being freed and pending children cnt %p:%d" , p, p->p_childrencnt); |
1046 | } |
1047 | if (p->p_parentref != 0) { |
1048 | panic("proc being freed and pending parentrefs %p:%d" , p, p->p_parentref); |
1049 | } |
1050 | #endif |
1051 | } |
1052 | |
1053 | |
1054 | __attribute__((always_inline, visibility("hidden" ))) |
1055 | void |
1056 | proc_require(proc_t proc, proc_require_flags_t flags) |
1057 | { |
1058 | if ((flags & PROC_REQUIRE_ALLOW_NULL) && proc == PROC_NULL) { |
1059 | return; |
1060 | } |
1061 | zone_id_require(zone_id: ZONE_ID_PROC_TASK, elem_size: proc_and_task_size, addr: proc); |
1062 | } |
1063 | |
1064 | pid_t |
1065 | proc_getpid(proc_t p) |
1066 | { |
1067 | if (p == kernproc) { |
1068 | return 0; |
1069 | } |
1070 | |
1071 | return p->p_pid; |
1072 | } |
1073 | |
1074 | int |
1075 | proc_pid(proc_t p) |
1076 | { |
1077 | if (p != NULL) { |
1078 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
1079 | return proc_getpid(p); |
1080 | } |
1081 | return -1; |
1082 | } |
1083 | |
1084 | int |
1085 | proc_ppid(proc_t p) |
1086 | { |
1087 | if (p != NULL) { |
1088 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
1089 | return p->p_ppid; |
1090 | } |
1091 | return -1; |
1092 | } |
1093 | |
1094 | int |
1095 | proc_original_ppid(proc_t p) |
1096 | { |
1097 | if (p != NULL) { |
1098 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
1099 | return p->p_original_ppid; |
1100 | } |
1101 | return -1; |
1102 | } |
1103 | |
1104 | int |
1105 | proc_starttime(proc_t p, struct timeval *tv) |
1106 | { |
1107 | if (p != NULL && tv != NULL) { |
1108 | tv->tv_sec = p->p_start.tv_sec; |
1109 | tv->tv_usec = p->p_start.tv_usec; |
1110 | return 0; |
1111 | } |
1112 | return EINVAL; |
1113 | } |
1114 | |
1115 | int |
1116 | proc_selfpid(void) |
1117 | { |
1118 | return proc_getpid(p: current_proc()); |
1119 | } |
1120 | |
1121 | int |
1122 | proc_selfppid(void) |
1123 | { |
1124 | return current_proc()->p_ppid; |
1125 | } |
1126 | |
1127 | uint64_t |
1128 | proc_selfcsflags(void) |
1129 | { |
1130 | return proc_getcsflags(current_proc()); |
1131 | } |
1132 | |
1133 | int |
1134 | proc_csflags(proc_t p, uint64_t *flags) |
1135 | { |
1136 | if (p && flags) { |
1137 | proc_require(proc: p, flags: PROC_REQUIRE_ALLOW_ALL); |
1138 | *flags = proc_getcsflags(p); |
1139 | return 0; |
1140 | } |
1141 | return EINVAL; |
1142 | } |
1143 | |
1144 | boolean_t |
1145 | proc_is_simulated(const proc_t p) |
1146 | { |
1147 | #ifdef XNU_TARGET_OS_OSX |
1148 | if (p != NULL) { |
1149 | switch (proc_platform(p)) { |
1150 | case PLATFORM_IOSSIMULATOR: |
1151 | case PLATFORM_TVOSSIMULATOR: |
1152 | case PLATFORM_WATCHOSSIMULATOR: |
1153 | return TRUE; |
1154 | default: |
1155 | return FALSE; |
1156 | } |
1157 | } |
1158 | #else /* !XNU_TARGET_OS_OSX */ |
1159 | (void)p; |
1160 | #endif |
1161 | return FALSE; |
1162 | } |
1163 | |
1164 | uint32_t |
1165 | proc_platform(const proc_t p) |
1166 | { |
1167 | if (p != NULL) { |
1168 | return proc_get_ro(p)->p_platform_data.p_platform; |
1169 | } |
1170 | return (uint32_t)-1; |
1171 | } |
1172 | |
1173 | uint32_t |
1174 | proc_min_sdk(proc_t p) |
1175 | { |
1176 | if (p != NULL) { |
1177 | return proc_get_ro(p)->p_platform_data.p_min_sdk; |
1178 | } |
1179 | return (uint32_t)-1; |
1180 | } |
1181 | |
1182 | uint32_t |
1183 | proc_sdk(proc_t p) |
1184 | { |
1185 | if (p != NULL) { |
1186 | return proc_get_ro(p)->p_platform_data.p_sdk; |
1187 | } |
1188 | return (uint32_t)-1; |
1189 | } |
1190 | |
1191 | void |
1192 | proc_setplatformdata(proc_t p, uint32_t platform, uint32_t min_sdk, uint32_t sdk) |
1193 | { |
1194 | proc_ro_t ro; |
1195 | struct proc_platform_ro_data platform_data; |
1196 | |
1197 | ro = proc_get_ro(p); |
1198 | platform_data = ro->p_platform_data; |
1199 | platform_data.p_platform = platform; |
1200 | platform_data.p_min_sdk = min_sdk; |
1201 | platform_data.p_sdk = sdk; |
1202 | |
1203 | zalloc_ro_update_field(ZONE_ID_PROC_RO, ro, p_platform_data, &platform_data); |
1204 | } |
1205 | |
1206 | #if CONFIG_DTRACE |
1207 | int |
1208 | dtrace_proc_selfpid(void) |
1209 | { |
1210 | return proc_selfpid(); |
1211 | } |
1212 | |
1213 | int |
1214 | dtrace_proc_selfppid(void) |
1215 | { |
1216 | return proc_selfppid(); |
1217 | } |
1218 | |
1219 | uid_t |
1220 | dtrace_proc_selfruid(void) |
1221 | { |
1222 | return current_proc()->p_ruid; |
1223 | } |
1224 | #endif /* CONFIG_DTRACE */ |
1225 | |
1226 | /*! |
1227 | * @function proc_parent() |
1228 | * |
1229 | * @brief |
1230 | * Returns a ref on the parent of @c p. |
1231 | * |
1232 | * @discussion |
1233 | * Returns a reference on the parent, or @c PROC_NULL |
1234 | * if both @c p and its parent are zombies. |
1235 | * |
1236 | * If the parent is currently dying, then this function waits |
1237 | * for the situation to be resolved. |
1238 | * |
1239 | * This function never returns @c PROC_NULL if @c p isn't |
1240 | * a zombie (@c p_stat is @c SZOMB) yet. |
1241 | */ |
1242 | proc_t |
1243 | proc_parent(proc_t p) |
1244 | { |
1245 | proc_t parent; |
1246 | proc_t pp; |
1247 | |
1248 | proc_list_lock(); |
1249 | |
1250 | while (1) { |
1251 | pp = p->p_pptr; |
1252 | parent = proc_ref(p: pp, true); |
1253 | /* Check if we got a proc ref and it is still the parent */ |
1254 | if (parent != PROC_NULL) { |
1255 | if (parent == p->p_pptr) { |
1256 | /* |
1257 | * We have a ref on the parent and it is still |
1258 | * our parent, return the ref |
1259 | */ |
1260 | proc_list_unlock(); |
1261 | return parent; |
1262 | } |
1263 | |
1264 | /* |
1265 | * Our parent changed while we slept on proc_ref, |
1266 | * drop the ref on old parent and retry. |
1267 | */ |
1268 | proc_rele(p: parent); |
1269 | continue; |
1270 | } |
1271 | |
1272 | if (pp != p->p_pptr) { |
1273 | /* |
1274 | * We didn't get a ref, but parent changed from what |
1275 | * we last saw before we slept in proc_ref, try again |
1276 | * with new parent. |
1277 | */ |
1278 | continue; |
1279 | } |
1280 | |
1281 | if ((pp->p_listflag & P_LIST_CHILDDRAINED) == 0) { |
1282 | /* Parent did not change, but we also did not get a |
1283 | * ref on parent, sleep if the parent has not drained |
1284 | * its children and then retry. |
1285 | */ |
1286 | pp->p_listflag |= P_LIST_CHILDLKWAIT; |
1287 | msleep(chan: &pp->p_childrencnt, mtx: &proc_list_mlock, pri: 0, wmesg: "proc_parent" , ts: 0); |
1288 | continue; |
1289 | } |
1290 | |
1291 | /* Parent has died and drained its children and we still |
1292 | * point to it, return NULL. |
1293 | */ |
1294 | proc_list_unlock(); |
1295 | return PROC_NULL; |
1296 | } |
1297 | } |
1298 | |
1299 | static boolean_t |
1300 | proc_parent_is_currentproc(proc_t p) |
1301 | { |
1302 | boolean_t ret = FALSE; |
1303 | |
1304 | proc_list_lock(); |
1305 | if (p->p_pptr == current_proc()) { |
1306 | ret = TRUE; |
1307 | } |
1308 | |
1309 | proc_list_unlock(); |
1310 | return ret; |
1311 | } |
1312 | |
1313 | void |
1314 | proc_name(int pid, char * buf, int size) |
1315 | { |
1316 | proc_t p; |
1317 | |
1318 | if (size <= 0) { |
1319 | return; |
1320 | } |
1321 | |
1322 | bzero(s: buf, n: size); |
1323 | |
1324 | if ((p = proc_find(pid)) != PROC_NULL) { |
1325 | strlcpy(dst: buf, src: &p->p_comm[0], n: size); |
1326 | proc_rele(p); |
1327 | } |
1328 | } |
1329 | |
1330 | void |
1331 | proc_name_kdp(proc_t p, char * buf, int size) |
1332 | { |
1333 | if (p == PROC_NULL) { |
1334 | return; |
1335 | } |
1336 | |
1337 | if ((size_t)size > sizeof(p->p_comm)) { |
1338 | strlcpy(dst: buf, src: &p->p_name[0], MIN((int)sizeof(p->p_name), size)); |
1339 | } else { |
1340 | strlcpy(dst: buf, src: &p->p_comm[0], MIN((int)sizeof(p->p_comm), size)); |
1341 | } |
1342 | } |
1343 | |
1344 | boolean_t |
1345 | proc_binary_uuid_kdp(task_t task, uuid_t uuid) |
1346 | { |
1347 | proc_t p = get_bsdtask_info(task); |
1348 | if (p == PROC_NULL) { |
1349 | return FALSE; |
1350 | } |
1351 | |
1352 | proc_getexecutableuuid(p, uuid, sizeof(uuid_t)); |
1353 | |
1354 | return TRUE; |
1355 | } |
1356 | |
1357 | int |
1358 | proc_threadname_kdp(void * uth, char * buf, size_t size) |
1359 | { |
1360 | if (size < MAXTHREADNAMESIZE) { |
1361 | /* this is really just a protective measure for the future in |
1362 | * case the thread name size in stackshot gets out of sync with |
1363 | * the BSD max thread name size. Note that bsd_getthreadname |
1364 | * doesn't take input buffer size into account. */ |
1365 | return -1; |
1366 | } |
1367 | |
1368 | if (uth != NULL) { |
1369 | bsd_getthreadname(uth, buffer: buf); |
1370 | } |
1371 | return 0; |
1372 | } |
1373 | |
1374 | |
1375 | /* note that this function is generally going to be called from stackshot, |
1376 | * and the arguments will be coming from a struct which is declared packed |
1377 | * thus the input arguments will in general be unaligned. We have to handle |
1378 | * that here. */ |
1379 | void |
1380 | proc_starttime_kdp(void *p, unaligned_u64 *tv_sec, unaligned_u64 *tv_usec, unaligned_u64 *abstime) |
1381 | { |
1382 | proc_t pp = (proc_t)p; |
1383 | if (pp != PROC_NULL) { |
1384 | if (tv_sec != NULL) { |
1385 | *tv_sec = pp->p_start.tv_sec; |
1386 | } |
1387 | if (tv_usec != NULL) { |
1388 | *tv_usec = pp->p_start.tv_usec; |
1389 | } |
1390 | if (abstime != NULL) { |
1391 | if (pp->p_stats != NULL) { |
1392 | *abstime = pp->p_stats->ps_start; |
1393 | } else { |
1394 | *abstime = 0; |
1395 | } |
1396 | } |
1397 | } |
1398 | } |
1399 | |
1400 | void |
1401 | proc_archinfo_kdp(void* p, cpu_type_t* cputype, cpu_subtype_t* cpusubtype) |
1402 | { |
1403 | proc_t pp = (proc_t)p; |
1404 | if (pp != PROC_NULL) { |
1405 | *cputype = pp->p_cputype; |
1406 | *cpusubtype = pp->p_cpusubtype; |
1407 | } |
1408 | } |
1409 | |
1410 | char * |
1411 | proc_name_address(void *p) |
1412 | { |
1413 | return &((proc_t)p)->p_comm[0]; |
1414 | } |
1415 | |
1416 | char * |
1417 | proc_longname_address(void *p) |
1418 | { |
1419 | return &((proc_t)p)->p_name[0]; |
1420 | } |
1421 | |
1422 | char * |
1423 | proc_best_name(proc_t p) |
1424 | { |
1425 | if (p->p_name[0] != '\0') { |
1426 | return &p->p_name[0]; |
1427 | } |
1428 | return &p->p_comm[0]; |
1429 | } |
1430 | |
1431 | void |
1432 | proc_selfname(char * buf, int size) |
1433 | { |
1434 | proc_t p; |
1435 | |
1436 | if ((p = current_proc()) != (proc_t)0) { |
1437 | strlcpy(dst: buf, src: &p->p_name[0], n: size); |
1438 | } |
1439 | } |
1440 | |
1441 | void |
1442 | proc_signal(int pid, int signum) |
1443 | { |
1444 | proc_t p; |
1445 | |
1446 | if ((p = proc_find(pid)) != PROC_NULL) { |
1447 | psignal(p, sig: signum); |
1448 | proc_rele(p); |
1449 | } |
1450 | } |
1451 | |
1452 | int |
1453 | proc_issignal(int pid, sigset_t mask) |
1454 | { |
1455 | proc_t p; |
1456 | int error = 0; |
1457 | |
1458 | if ((p = proc_find(pid)) != PROC_NULL) { |
1459 | error = proc_pendingsignals(p, mask); |
1460 | proc_rele(p); |
1461 | } |
1462 | |
1463 | return error; |
1464 | } |
1465 | |
1466 | int |
1467 | proc_noremotehang(proc_t p) |
1468 | { |
1469 | int retval = 0; |
1470 | |
1471 | if (p) { |
1472 | retval = p->p_flag & P_NOREMOTEHANG; |
1473 | } |
1474 | return retval? 1: 0; |
1475 | } |
1476 | |
1477 | int |
1478 | proc_exiting(proc_t p) |
1479 | { |
1480 | int retval = 0; |
1481 | |
1482 | if (p) { |
1483 | retval = p->p_lflag & P_LEXIT; |
1484 | } |
1485 | return retval? 1: 0; |
1486 | } |
1487 | |
1488 | int |
1489 | proc_in_teardown(proc_t p) |
1490 | { |
1491 | int retval = 0; |
1492 | |
1493 | if (p) { |
1494 | retval = p->p_lflag & P_LPEXIT; |
1495 | } |
1496 | return retval? 1: 0; |
1497 | } |
1498 | |
1499 | int |
1500 | proc_lvfork(proc_t p __unused) |
1501 | { |
1502 | return 0; |
1503 | } |
1504 | |
1505 | int |
1506 | proc_increment_ru_oublock(proc_t p, long *origvalp) |
1507 | { |
1508 | long origval; |
1509 | |
1510 | if (p && p->p_stats) { |
1511 | origval = OSIncrementAtomicLong(address: &p->p_stats->p_ru.ru_oublock); |
1512 | if (origvalp) { |
1513 | *origvalp = origval; |
1514 | } |
1515 | return 0; |
1516 | } |
1517 | |
1518 | return EINVAL; |
1519 | } |
1520 | |
1521 | int |
1522 | proc_isabortedsignal(proc_t p) |
1523 | { |
1524 | if ((p != kernproc) && current_thread_aborted() && |
1525 | (!(p->p_acflag & AXSIG) || (p->exit_thread != current_thread()) || |
1526 | (p->p_sigacts.ps_sig < 1) || (p->p_sigacts.ps_sig >= NSIG) || |
1527 | !hassigprop(sig: p->p_sigacts.ps_sig, SA_CORE))) { |
1528 | return 1; |
1529 | } |
1530 | |
1531 | return 0; |
1532 | } |
1533 | |
1534 | int |
1535 | proc_forcequota(proc_t p) |
1536 | { |
1537 | int retval = 0; |
1538 | |
1539 | if (p) { |
1540 | retval = p->p_flag & P_FORCEQUOTA; |
1541 | } |
1542 | return retval? 1: 0; |
1543 | } |
1544 | |
1545 | int |
1546 | proc_suser(proc_t p) |
1547 | { |
1548 | int error; |
1549 | |
1550 | smr_proc_task_enter(); |
1551 | error = suser(cred: proc_ucred_smr(p), acflag: &p->p_acflag); |
1552 | smr_proc_task_leave(); |
1553 | return error; |
1554 | } |
1555 | |
1556 | task_t |
1557 | proc_task(proc_t proc) |
1558 | { |
1559 | task_t task_from_proc = proc_get_task_raw(proc); |
1560 | return (proc->p_lflag & P_LHASTASK) ? task_from_proc : NULL; |
1561 | } |
1562 | |
1563 | void |
1564 | proc_set_task(proc_t proc, task_t task) |
1565 | { |
1566 | task_t task_from_proc = proc_get_task_raw(proc); |
1567 | if (task == NULL) { |
1568 | proc->p_lflag &= ~P_LHASTASK; |
1569 | } else { |
1570 | if (task != task_from_proc) { |
1571 | panic("proc_set_task trying to set random task %p" , task); |
1572 | } |
1573 | proc->p_lflag |= P_LHASTASK; |
1574 | } |
1575 | } |
1576 | |
1577 | task_t |
1578 | proc_get_task_raw(proc_t proc) |
1579 | { |
1580 | return (task_t)((uintptr_t)proc + proc_struct_size); |
1581 | } |
1582 | |
1583 | proc_t |
1584 | task_get_proc_raw(task_t task) |
1585 | { |
1586 | return (proc_t)((uintptr_t)task - proc_struct_size); |
1587 | } |
1588 | |
1589 | /* |
1590 | * Obtain the first thread in a process |
1591 | * |
1592 | * XXX This is a bad thing to do; it exists predominantly to support the |
1593 | * XXX use of proc_t's in places that should really be using |
1594 | * XXX thread_t's instead. This maintains historical behaviour, but really |
1595 | * XXX needs an audit of the context (proxy vs. not) to clean up. |
1596 | */ |
1597 | thread_t |
1598 | proc_thread(proc_t proc) |
1599 | { |
1600 | LCK_MTX_ASSERT(&proc->p_mlock, LCK_MTX_ASSERT_OWNED); |
1601 | |
1602 | uthread_t uth = TAILQ_FIRST(&proc->p_uthlist); |
1603 | |
1604 | if (uth != NULL) { |
1605 | return get_machthread(uth); |
1606 | } |
1607 | |
1608 | return NULL; |
1609 | } |
1610 | |
1611 | kauth_cred_t |
1612 | proc_ucred_unsafe(proc_t p) |
1613 | { |
1614 | kauth_cred_t cred = smr_serialized_load(&proc_get_ro(p)->p_ucred); |
1615 | |
1616 | return kauth_cred_require(cred); |
1617 | } |
1618 | |
1619 | kauth_cred_t |
1620 | proc_ucred_smr(proc_t p) |
1621 | { |
1622 | assert(smr_entered(&smr_proc_task)); |
1623 | return proc_ucred_unsafe(p); |
1624 | } |
1625 | |
1626 | kauth_cred_t |
1627 | proc_ucred_locked(proc_t p) |
1628 | { |
1629 | LCK_MTX_ASSERT(&p->p_ucred_mlock, LCK_ASSERT_OWNED); |
1630 | return proc_ucred_unsafe(p); |
1631 | } |
1632 | |
1633 | struct uthread * |
1634 | current_uthread(void) |
1635 | { |
1636 | return get_bsdthread_info(current_thread()); |
1637 | } |
1638 | |
1639 | |
1640 | int |
1641 | proc_is64bit(proc_t p) |
1642 | { |
1643 | return IS_64BIT_PROCESS(p); |
1644 | } |
1645 | |
1646 | int |
1647 | proc_is64bit_data(proc_t p) |
1648 | { |
1649 | assert(proc_task(p)); |
1650 | return (int)task_get_64bit_data(task: proc_task(proc: p)); |
1651 | } |
1652 | |
1653 | int |
1654 | proc_isinitproc(proc_t p) |
1655 | { |
1656 | if (initproc == NULL) { |
1657 | return 0; |
1658 | } |
1659 | return p == initproc; |
1660 | } |
1661 | |
1662 | int |
1663 | proc_pidversion(proc_t p) |
1664 | { |
1665 | return proc_get_ro(p)->p_idversion; |
1666 | } |
1667 | |
1668 | void |
1669 | proc_setpidversion(proc_t p, int idversion) |
1670 | { |
1671 | zalloc_ro_update_field(ZONE_ID_PROC_RO, proc_get_ro(p), p_idversion, |
1672 | &idversion); |
1673 | } |
1674 | |
1675 | uint32_t |
1676 | proc_persona_id(proc_t p) |
1677 | { |
1678 | return (uint32_t)persona_id_from_proc(p); |
1679 | } |
1680 | |
1681 | uint32_t |
1682 | proc_getuid(proc_t p) |
1683 | { |
1684 | return p->p_uid; |
1685 | } |
1686 | |
1687 | uint32_t |
1688 | proc_getgid(proc_t p) |
1689 | { |
1690 | return p->p_gid; |
1691 | } |
1692 | |
1693 | uint64_t |
1694 | proc_uniqueid(proc_t p) |
1695 | { |
1696 | if (p == kernproc) { |
1697 | return 0; |
1698 | } |
1699 | |
1700 | return proc_get_ro(p)->p_uniqueid; |
1701 | } |
1702 | |
1703 | uint64_t proc_uniqueid_task(void *p_arg, void *t); |
1704 | /* |
1705 | * During exec, two tasks point at the proc. This function is used |
1706 | * to gives tasks a unique ID; we make the matching task have the |
1707 | * proc's uniqueid, and any other task gets the high-bit flipped. |
1708 | * (We need to try to avoid returning UINT64_MAX, which is the |
1709 | * which is the uniqueid of a task without a proc. (e.g. while exiting)) |
1710 | * |
1711 | * Only used by get_task_uniqueid(); do not add additional callers. |
1712 | */ |
1713 | uint64_t |
1714 | proc_uniqueid_task(void *p_arg, void *t __unused) |
1715 | { |
1716 | proc_t p = p_arg; |
1717 | uint64_t uniqueid = proc_uniqueid(p); |
1718 | return uniqueid ^ (__probable(!proc_is_shadow(p)) ? 0 : (1ull << 63)); |
1719 | } |
1720 | |
1721 | uint64_t |
1722 | proc_puniqueid(proc_t p) |
1723 | { |
1724 | return p->p_puniqueid; |
1725 | } |
1726 | |
1727 | void |
1728 | proc_coalitionids(__unused proc_t p, __unused uint64_t ids[COALITION_NUM_TYPES]) |
1729 | { |
1730 | #if CONFIG_COALITIONS |
1731 | task_coalition_ids(task: proc_task(proc: p), ids); |
1732 | #else |
1733 | memset(ids, 0, sizeof(uint64_t[COALITION_NUM_TYPES])); |
1734 | #endif |
1735 | return; |
1736 | } |
1737 | |
1738 | uint64_t |
1739 | proc_was_throttled(proc_t p) |
1740 | { |
1741 | return p->was_throttled; |
1742 | } |
1743 | |
1744 | uint64_t |
1745 | proc_did_throttle(proc_t p) |
1746 | { |
1747 | return p->did_throttle; |
1748 | } |
1749 | |
1750 | int |
1751 | proc_getcdhash(proc_t p, unsigned char *cdhash) |
1752 | { |
1753 | if (p == kernproc) { |
1754 | return EINVAL; |
1755 | } |
1756 | return vn_getcdhash(vp: p->p_textvp, offset: p->p_textoff, cdhash); |
1757 | } |
1758 | |
1759 | uint64_t |
1760 | proc_getcsflags(proc_t p) |
1761 | { |
1762 | return proc_get_ro(p)->p_csflags; |
1763 | } |
1764 | |
1765 | /* This variant runs in stackshot context and must not take locks. */ |
1766 | uint64_t |
1767 | proc_getcsflags_kdp(void * p) |
1768 | { |
1769 | proc_t proc = (proc_t)p; |
1770 | if (p == PROC_NULL) { |
1771 | return 0; |
1772 | } |
1773 | return proc_getcsflags(p: proc); |
1774 | } |
1775 | |
1776 | void |
1777 | proc_csflags_update(proc_t p, uint64_t flags) |
1778 | { |
1779 | uint32_t csflags = (uint32_t)flags; |
1780 | |
1781 | if (p != kernproc) { |
1782 | zalloc_ro_update_field(ZONE_ID_PROC_RO, proc_get_ro(p), |
1783 | p_csflags, &csflags); |
1784 | } |
1785 | } |
1786 | |
1787 | void |
1788 | proc_csflags_set(proc_t p, uint64_t flags) |
1789 | { |
1790 | proc_csflags_update(p, flags: proc_getcsflags(p) | (uint32_t)flags); |
1791 | } |
1792 | |
1793 | void |
1794 | proc_csflags_clear(proc_t p, uint64_t flags) |
1795 | { |
1796 | proc_csflags_update(p, flags: proc_getcsflags(p) & ~(uint32_t)flags); |
1797 | } |
1798 | |
1799 | uint8_t * |
1800 | proc_syscall_filter_mask(proc_t p) |
1801 | { |
1802 | return proc_get_ro(p)->syscall_filter_mask; |
1803 | } |
1804 | |
1805 | void |
1806 | proc_syscall_filter_mask_set(proc_t p, uint8_t *mask) |
1807 | { |
1808 | zalloc_ro_update_field(ZONE_ID_PROC_RO, proc_get_ro(p), |
1809 | syscall_filter_mask, &mask); |
1810 | } |
1811 | |
1812 | int |
1813 | proc_exitstatus(proc_t p) |
1814 | { |
1815 | return p->p_xstat & 0xffff; |
1816 | } |
1817 | |
1818 | bool |
1819 | proc_is_zombie(proc_t p) |
1820 | { |
1821 | return proc_list_exited(p); |
1822 | } |
1823 | |
1824 | void |
1825 | proc_setexecutableuuid(proc_t p, const unsigned char *uuid) |
1826 | { |
1827 | memcpy(dst: p->p_uuid, src: uuid, n: sizeof(p->p_uuid)); |
1828 | } |
1829 | |
1830 | const unsigned char * |
1831 | proc_executableuuid_addr(proc_t p) |
1832 | { |
1833 | return &p->p_uuid[0]; |
1834 | } |
1835 | |
1836 | void |
1837 | proc_getexecutableuuid(proc_t p, unsigned char *uuidbuf, unsigned long size) |
1838 | { |
1839 | if (size >= sizeof(uuid_t)) { |
1840 | memcpy(dst: uuidbuf, src: proc_executableuuid_addr(p), n: sizeof(uuid_t)); |
1841 | } |
1842 | } |
1843 | |
1844 | void |
1845 | proc_getresponsibleuuid(proc_t p, unsigned char *uuidbuf, unsigned long size) |
1846 | { |
1847 | if (size >= sizeof(uuid_t)) { |
1848 | memcpy(dst: uuidbuf, src: p->p_responsible_uuid, n: sizeof(uuid_t)); |
1849 | } |
1850 | } |
1851 | |
1852 | void |
1853 | proc_setresponsibleuuid(proc_t p, unsigned char *uuidbuf, unsigned long size) |
1854 | { |
1855 | if (p != NULL && uuidbuf != NULL && size >= sizeof(uuid_t)) { |
1856 | memcpy(dst: p->p_responsible_uuid, src: uuidbuf, n: sizeof(uuid_t)); |
1857 | } |
1858 | return; |
1859 | } |
1860 | |
1861 | /* Return vnode for executable with an iocount. Must be released with vnode_put() */ |
1862 | vnode_t |
1863 | proc_getexecutablevnode(proc_t p) |
1864 | { |
1865 | vnode_t tvp = p->p_textvp; |
1866 | |
1867 | if (tvp != NULLVP) { |
1868 | if (vnode_getwithref(vp: tvp) == 0) { |
1869 | return tvp; |
1870 | } |
1871 | } |
1872 | |
1873 | return NULLVP; |
1874 | } |
1875 | |
1876 | /* |
1877 | * Similar to proc_getexecutablevnode() but returns NULLVP if the vnode is |
1878 | * being reclaimed rather than blocks until reclaim is done. |
1879 | */ |
1880 | vnode_t |
1881 | proc_getexecutablevnode_noblock(proc_t p) |
1882 | { |
1883 | vnode_t tvp = p->p_textvp; |
1884 | |
1885 | if (tvp != NULLVP) { |
1886 | if (vnode_getwithref_noblock(vp: tvp) == 0) { |
1887 | return tvp; |
1888 | } |
1889 | } |
1890 | |
1891 | return NULLVP; |
1892 | } |
1893 | |
1894 | int |
1895 | proc_gettty(proc_t p, vnode_t *vp) |
1896 | { |
1897 | struct session *procsp; |
1898 | struct pgrp *pg; |
1899 | int err = EINVAL; |
1900 | |
1901 | if (!p || !vp) { |
1902 | return EINVAL; |
1903 | } |
1904 | |
1905 | if ((pg = proc_pgrp(p, &procsp)) != PGRP_NULL) { |
1906 | session_lock(sess: procsp); |
1907 | vnode_t ttyvp = procsp->s_ttyvp; |
1908 | int ttyvid = procsp->s_ttyvid; |
1909 | if (ttyvp) { |
1910 | vnode_hold(vp: ttyvp); |
1911 | } |
1912 | session_unlock(sess: procsp); |
1913 | |
1914 | if (ttyvp) { |
1915 | if (vnode_getwithvid(ttyvp, ttyvid) == 0) { |
1916 | *vp = ttyvp; |
1917 | err = 0; |
1918 | } |
1919 | vnode_drop(vp: ttyvp); |
1920 | } else { |
1921 | err = ENOENT; |
1922 | } |
1923 | |
1924 | pgrp_rele(pgrp: pg); |
1925 | } |
1926 | |
1927 | return err; |
1928 | } |
1929 | |
1930 | int |
1931 | proc_gettty_dev(proc_t p, dev_t *devp) |
1932 | { |
1933 | struct pgrp *pg; |
1934 | dev_t dev = NODEV; |
1935 | |
1936 | if ((pg = proc_pgrp(p, NULL)) != PGRP_NULL) { |
1937 | dev = os_atomic_load(&pg->pg_session->s_ttydev, relaxed); |
1938 | pgrp_rele(pgrp: pg); |
1939 | } |
1940 | |
1941 | if (dev == NODEV) { |
1942 | return EINVAL; |
1943 | } |
1944 | |
1945 | *devp = dev; |
1946 | return 0; |
1947 | } |
1948 | |
1949 | int |
1950 | proc_selfexecutableargs(uint8_t *buf, size_t *buflen) |
1951 | { |
1952 | proc_t p = current_proc(); |
1953 | |
1954 | // buflen must always be provided |
1955 | if (buflen == NULL) { |
1956 | return EINVAL; |
1957 | } |
1958 | |
1959 | // If a buf is provided, there must be at least enough room to fit argc |
1960 | if (buf && *buflen < sizeof(p->p_argc)) { |
1961 | return EINVAL; |
1962 | } |
1963 | |
1964 | if (!p->user_stack) { |
1965 | return EINVAL; |
1966 | } |
1967 | |
1968 | if (buf == NULL) { |
1969 | *buflen = p->p_argslen + sizeof(p->p_argc); |
1970 | return 0; |
1971 | } |
1972 | |
1973 | // Copy in argc to the first 4 bytes |
1974 | memcpy(dst: buf, src: &p->p_argc, n: sizeof(p->p_argc)); |
1975 | |
1976 | if (*buflen > sizeof(p->p_argc) && p->p_argslen > 0) { |
1977 | // See memory layout comment in kern_exec.c:exec_copyout_strings() |
1978 | // We want to copy starting from `p_argslen` bytes away from top of stack |
1979 | return copyin(p->user_stack - p->p_argslen, |
1980 | buf + sizeof(p->p_argc), |
1981 | MIN(p->p_argslen, *buflen - sizeof(p->p_argc))); |
1982 | } else { |
1983 | return 0; |
1984 | } |
1985 | } |
1986 | |
1987 | off_t |
1988 | proc_getexecutableoffset(proc_t p) |
1989 | { |
1990 | return p->p_textoff; |
1991 | } |
1992 | |
1993 | void |
1994 | bsd_set_dependency_capable(task_t task) |
1995 | { |
1996 | proc_t p = get_bsdtask_info(task); |
1997 | |
1998 | if (p) { |
1999 | OSBitOrAtomic(P_DEPENDENCY_CAPABLE, &p->p_flag); |
2000 | } |
2001 | } |
2002 | |
2003 | |
2004 | #ifndef __arm__ |
2005 | int |
2006 | IS_64BIT_PROCESS(proc_t p) |
2007 | { |
2008 | if (p && (p->p_flag & P_LP64)) { |
2009 | return 1; |
2010 | } else { |
2011 | return 0; |
2012 | } |
2013 | } |
2014 | #endif |
2015 | |
2016 | SMRH_TRAITS_DEFINE_SCALAR(pid_hash_traits, struct proc, p_pid, p_hash, |
2017 | .domain = &smr_proc_task); |
2018 | |
2019 | /* |
2020 | * Locate a process by number |
2021 | */ |
2022 | proc_t |
2023 | phash_find_locked(pid_t pid) |
2024 | { |
2025 | smrh_key_t key = SMRH_SCALAR_KEY(pid); |
2026 | |
2027 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2028 | |
2029 | if (!pid) { |
2030 | return kernproc; |
2031 | } |
2032 | |
2033 | return smr_hash_serialized_find(&pid_hash, key, &pid_hash_traits); |
2034 | } |
2035 | |
2036 | void |
2037 | phash_replace_locked(struct proc *old_proc, struct proc *new_proc) |
2038 | { |
2039 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2040 | |
2041 | smr_hash_serialized_replace(&pid_hash, |
2042 | &old_proc->p_hash, &new_proc->p_hash, &pid_hash_traits); |
2043 | } |
2044 | |
2045 | void |
2046 | phash_insert_locked(struct proc *p) |
2047 | { |
2048 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2049 | |
2050 | smr_hash_serialized_insert(&pid_hash, &p->p_hash, &pid_hash_traits); |
2051 | } |
2052 | |
2053 | void |
2054 | phash_remove_locked(struct proc *p) |
2055 | { |
2056 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2057 | |
2058 | smr_hash_serialized_remove(&pid_hash, &p->p_hash, &pid_hash_traits); |
2059 | } |
2060 | |
2061 | proc_t |
2062 | proc_find_noref_smr(int pid) |
2063 | { |
2064 | smrh_key_t key = SMRH_SCALAR_KEY(pid); |
2065 | |
2066 | if (__improbable(pid == 0)) { |
2067 | return kernproc; |
2068 | } |
2069 | |
2070 | return smr_hash_entered_find(&pid_hash, key, &pid_hash_traits); |
2071 | } |
2072 | |
2073 | proc_t |
2074 | proc_find(int pid) |
2075 | { |
2076 | smrh_key_t key = SMRH_SCALAR_KEY(pid); |
2077 | proc_t p; |
2078 | uint32_t bits; |
2079 | bool shadow_proc = false; |
2080 | |
2081 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_NOTOWNED); |
2082 | |
2083 | if (!pid) { |
2084 | return proc_ref(p: kernproc, false); |
2085 | } |
2086 | |
2087 | retry: |
2088 | p = PROC_NULL; |
2089 | bits = 0; |
2090 | shadow_proc = false; |
2091 | |
2092 | smr_proc_task_enter(); |
2093 | p = smr_hash_entered_find(&pid_hash, key, &pid_hash_traits); |
2094 | if (p) { |
2095 | bits = proc_ref_try_fast(p); |
2096 | shadow_proc = !!proc_is_shadow(p); |
2097 | } |
2098 | smr_proc_task_leave(); |
2099 | |
2100 | /* Retry if the proc is a shadow proc */ |
2101 | if (shadow_proc) { |
2102 | if (bits) { |
2103 | proc_rele(p); |
2104 | } |
2105 | goto retry; |
2106 | } |
2107 | |
2108 | if (__improbable(!bits)) { |
2109 | return PROC_NULL; |
2110 | } |
2111 | |
2112 | if (__improbable(proc_ref_needs_wait_for_exec(bits))) { |
2113 | p = proc_ref_wait_for_exec(p, bits, false); |
2114 | /* |
2115 | * Retry if exec was successful since the old proc |
2116 | * would have become a shadow proc and might be in |
2117 | * middle of exiting. |
2118 | */ |
2119 | if (p == PROC_NULL || proc_is_shadow(p)) { |
2120 | if (p != PROC_NULL) { |
2121 | proc_rele(p); |
2122 | } |
2123 | goto retry; |
2124 | } |
2125 | } |
2126 | |
2127 | return p; |
2128 | } |
2129 | |
2130 | proc_t |
2131 | proc_find_locked(int pid) |
2132 | { |
2133 | proc_t p = PROC_NULL; |
2134 | |
2135 | retry: |
2136 | p = phash_find_locked(pid); |
2137 | if (p != PROC_NULL) { |
2138 | uint32_t bits; |
2139 | |
2140 | assert(!proc_is_shadow(p)); |
2141 | |
2142 | bits = proc_ref_try_fast(p); |
2143 | if (__improbable(!bits)) { |
2144 | return PROC_NULL; |
2145 | } |
2146 | |
2147 | if (__improbable(proc_ref_needs_wait_for_exec(bits))) { |
2148 | p = proc_ref_wait_for_exec(p, bits, true); |
2149 | /* |
2150 | * Retry if exec was successful since the old proc |
2151 | * would have become a shadow proc and might be in |
2152 | * middle of exiting. |
2153 | */ |
2154 | if (p == PROC_NULL || proc_is_shadow(p)) { |
2155 | if (p != PROC_NULL) { |
2156 | proc_rele(p); |
2157 | } |
2158 | goto retry; |
2159 | } |
2160 | } |
2161 | } |
2162 | |
2163 | return p; |
2164 | } |
2165 | |
2166 | proc_t |
2167 | proc_findthread(thread_t thread) |
2168 | { |
2169 | proc_t p = PROC_NULL; |
2170 | |
2171 | proc_list_lock(); |
2172 | { |
2173 | p = (proc_t)(get_bsdthreadtask_info(thread)); |
2174 | } |
2175 | p = proc_ref(p, true); |
2176 | proc_list_unlock(); |
2177 | return p; |
2178 | } |
2179 | |
2180 | |
2181 | /* |
2182 | * Locate a zombie by PID |
2183 | */ |
2184 | __private_extern__ proc_t |
2185 | pzfind(pid_t pid) |
2186 | { |
2187 | proc_t p; |
2188 | |
2189 | |
2190 | proc_list_lock(); |
2191 | |
2192 | LIST_FOREACH(p, &zombproc, p_list) { |
2193 | if (proc_getpid(p) == pid && !proc_is_shadow(p)) { |
2194 | break; |
2195 | } |
2196 | } |
2197 | |
2198 | proc_list_unlock(); |
2199 | |
2200 | return p; |
2201 | } |
2202 | |
2203 | /* |
2204 | * Acquire a pgrp ref, if and only if the pgrp is non empty. |
2205 | */ |
2206 | static inline bool |
2207 | pg_ref_try(struct pgrp *pgrp) |
2208 | { |
2209 | return os_ref_retain_try_mask(&pgrp->pg_refcount, PGRP_REF_BITS, |
2210 | PGRP_REF_EMPTY, &p_refgrp); |
2211 | } |
2212 | |
2213 | static bool |
2214 | pgrp_hash_obj_try_get(void *pgrp) |
2215 | { |
2216 | return pg_ref_try(pgrp); |
2217 | } |
2218 | /* |
2219 | * Unconditionally acquire a pgrp ref, |
2220 | * regardless of whether the pgrp is empty or not. |
2221 | */ |
2222 | static inline struct pgrp * |
2223 | pg_ref(struct pgrp *pgrp) |
2224 | { |
2225 | os_ref_retain_mask(&pgrp->pg_refcount, PGRP_REF_BITS, &p_refgrp); |
2226 | return pgrp; |
2227 | } |
2228 | |
2229 | SMRH_TRAITS_DEFINE_SCALAR(pgrp_hash_traits, struct pgrp, pg_id, pg_hash, |
2230 | .domain = &smr_proc_task, |
2231 | .obj_try_get = pgrp_hash_obj_try_get); |
2232 | |
2233 | /* |
2234 | * Locate a process group by number |
2235 | */ |
2236 | bool |
2237 | pghash_exists_locked(pid_t pgid) |
2238 | { |
2239 | smrh_key_t key = SMRH_SCALAR_KEY(pgid); |
2240 | |
2241 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2242 | |
2243 | return smr_hash_serialized_find(&pgrp_hash, key, &pgrp_hash_traits); |
2244 | } |
2245 | |
2246 | void |
2247 | pghash_insert_locked(struct pgrp *pgrp) |
2248 | { |
2249 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2250 | |
2251 | smr_hash_serialized_insert(&pgrp_hash, &pgrp->pg_hash, |
2252 | &pgrp_hash_traits); |
2253 | } |
2254 | |
2255 | static void |
2256 | pghash_remove_locked(struct pgrp *pgrp) |
2257 | { |
2258 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2259 | |
2260 | smr_hash_serialized_remove(&pgrp_hash, &pgrp->pg_hash, |
2261 | &pgrp_hash_traits); |
2262 | } |
2263 | |
2264 | struct pgrp * |
2265 | pgrp_find(pid_t pgid) |
2266 | { |
2267 | smrh_key_t key = SMRH_SCALAR_KEY(pgid); |
2268 | |
2269 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_NOTOWNED); |
2270 | |
2271 | return smr_hash_get(&pgrp_hash, key, &pgrp_hash_traits); |
2272 | } |
2273 | |
2274 | /* consumes one ref from pgrp */ |
2275 | static void |
2276 | pgrp_add_member(struct pgrp *pgrp, struct proc *parent, struct proc *p) |
2277 | { |
2278 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2279 | |
2280 | pgrp_lock(pgrp); |
2281 | if (LIST_EMPTY(&pgrp->pg_members)) { |
2282 | os_atomic_andnot(&pgrp->pg_refcount, PGRP_REF_EMPTY, relaxed); |
2283 | } |
2284 | if (parent != PROC_NULL) { |
2285 | assert(pgrp == smr_serialized_load(&parent->p_pgrp)); |
2286 | } |
2287 | |
2288 | LIST_INSERT_HEAD(&pgrp->pg_members, p, p_pglist); |
2289 | pgrp_unlock(pgrp); |
2290 | |
2291 | p->p_pgrpid = pgrp->pg_id; |
2292 | p->p_sessionid = pgrp->pg_session->s_sid; |
2293 | smr_serialized_store(&p->p_pgrp, pgrp); |
2294 | } |
2295 | |
2296 | /* returns one ref from pgrp */ |
2297 | static void |
2298 | pgrp_del_member(struct pgrp *pgrp, struct proc *p) |
2299 | { |
2300 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2301 | |
2302 | pgrp_lock(pgrp); |
2303 | LIST_REMOVE(p, p_pglist); |
2304 | if (LIST_EMPTY(&pgrp->pg_members)) { |
2305 | os_atomic_or(&pgrp->pg_refcount, PGRP_REF_EMPTY, relaxed); |
2306 | } |
2307 | pgrp_unlock(pgrp); |
2308 | } |
2309 | |
2310 | void |
2311 | pgrp_rele(struct pgrp * pgrp) |
2312 | { |
2313 | if (pgrp == PGRP_NULL) { |
2314 | return; |
2315 | } |
2316 | |
2317 | if (os_ref_release_mask(&pgrp->pg_refcount, PGRP_REF_BITS, &p_refgrp) == 0) { |
2318 | pgrp_destroy(pgrp); |
2319 | } |
2320 | } |
2321 | |
2322 | struct session * |
2323 | session_alloc(proc_t leader) |
2324 | { |
2325 | struct session *sess; |
2326 | |
2327 | sess = zalloc_flags(session_zone, Z_WAITOK | Z_ZERO | Z_NOFAIL); |
2328 | lck_mtx_init(lck: &sess->s_mlock, grp: &proc_mlock_grp, attr: &proc_lck_attr); |
2329 | sess->s_leader = leader; |
2330 | sess->s_sid = proc_getpid(p: leader); |
2331 | sess->s_ttypgrpid = NO_PID; |
2332 | os_atomic_init(&sess->s_ttydev, NODEV); |
2333 | os_ref_init_mask(&sess->s_refcount, SESSION_REF_BITS, |
2334 | &p_refgrp, S_DEFAULT); |
2335 | |
2336 | return sess; |
2337 | } |
2338 | |
2339 | struct tty * |
2340 | session_set_tty_locked(struct session *sessp, struct tty *tp) |
2341 | { |
2342 | struct tty *old; |
2343 | |
2344 | LCK_MTX_ASSERT(&sessp->s_mlock, LCK_MTX_ASSERT_OWNED); |
2345 | |
2346 | old = sessp->s_ttyp; |
2347 | ttyhold(tp); |
2348 | sessp->s_ttyp = tp; |
2349 | os_atomic_store(&sessp->s_ttydev, tp->t_dev, relaxed); |
2350 | |
2351 | return old; |
2352 | } |
2353 | |
2354 | struct tty * |
2355 | session_clear_tty_locked(struct session *sessp) |
2356 | { |
2357 | struct tty *tp = sessp->s_ttyp; |
2358 | |
2359 | LCK_MTX_ASSERT(&sessp->s_mlock, LCK_MTX_ASSERT_OWNED); |
2360 | sessp->s_ttyvp = NULLVP; |
2361 | sessp->s_ttyvid = 0; |
2362 | sessp->s_ttyp = TTY_NULL; |
2363 | sessp->s_ttypgrpid = NO_PID; |
2364 | os_atomic_store(&sessp->s_ttydev, NODEV, relaxed); |
2365 | |
2366 | return tp; |
2367 | } |
2368 | |
2369 | __attribute__((noinline)) |
2370 | static void |
2371 | session_destroy(struct session *sess) |
2372 | { |
2373 | proc_list_lock(); |
2374 | LIST_REMOVE(sess, s_hash); |
2375 | proc_list_unlock(); |
2376 | |
2377 | /* |
2378 | * Either the TTY was closed, |
2379 | * or proc_exit() destroyed it when the leader went away |
2380 | */ |
2381 | assert(sess->s_ttyp == TTY_NULL); |
2382 | |
2383 | lck_mtx_destroy(lck: &sess->s_mlock, grp: &proc_mlock_grp); |
2384 | zfree(session_zone, sess); |
2385 | } |
2386 | |
2387 | struct session * |
2388 | session_ref(struct session *sess) |
2389 | { |
2390 | os_ref_retain_mask(&sess->s_refcount, SESSION_REF_BITS, &p_refgrp); |
2391 | return sess; |
2392 | } |
2393 | |
2394 | void |
2395 | session_rele(struct session *sess) |
2396 | { |
2397 | if (os_ref_release_mask(&sess->s_refcount, SESSION_REF_BITS, &p_refgrp) == 0) { |
2398 | session_destroy(sess); |
2399 | } |
2400 | } |
2401 | |
2402 | |
2403 | /* |
2404 | * Make a new process ready to become a useful member of society by making it |
2405 | * visible in all the right places and initialize its own lists to empty. |
2406 | * |
2407 | * Parameters: parent The parent of the process to insert |
2408 | * child The child process to insert |
2409 | * in_exec The child process is in exec |
2410 | * |
2411 | * Returns: (void) |
2412 | * |
2413 | * Notes: Insert a child process into the parents children list, assign |
2414 | * the child the parent process pointer and PPID of the parent... |
2415 | */ |
2416 | void |
2417 | pinsertchild(proc_t parent, proc_t child, bool in_exec) |
2418 | { |
2419 | LIST_INIT(&child->p_children); |
2420 | proc_t sibling = parent; |
2421 | |
2422 | /* For exec case, new proc is not a child of old proc, but its replacement */ |
2423 | if (in_exec) { |
2424 | parent = proc_parent(p: parent); |
2425 | assert(parent != PROC_NULL); |
2426 | |
2427 | /* Copy the ptrace flags from sibling */ |
2428 | proc_lock(sibling); |
2429 | child->p_oppid = sibling->p_oppid; |
2430 | child->p_lflag |= (sibling->p_lflag & (P_LTRACED | P_LSIGEXC | P_LNOATTACH)); |
2431 | proc_unlock(sibling); |
2432 | } |
2433 | |
2434 | proc_list_lock(); |
2435 | |
2436 | child->p_pptr = parent; |
2437 | child->p_ppid = proc_getpid(p: parent); |
2438 | child->p_original_ppid = in_exec ? sibling->p_original_ppid : proc_getpid(p: parent); |
2439 | child->p_puniqueid = proc_uniqueid(p: parent); |
2440 | child->p_xhighbits = 0; |
2441 | #if CONFIG_MEMORYSTATUS |
2442 | memorystatus_add(p: child, TRUE); |
2443 | #endif |
2444 | |
2445 | /* If the parent is initproc and p_original pid is not 1, then set reparent flag */ |
2446 | if (in_exec && parent == initproc && child->p_original_ppid != 1) { |
2447 | child->p_listflag |= P_LIST_DEADPARENT; |
2448 | } |
2449 | |
2450 | parent->p_childrencnt++; |
2451 | LIST_INSERT_HEAD(&parent->p_children, child, p_sibling); |
2452 | |
2453 | LIST_INSERT_HEAD(&allproc, child, p_list); |
2454 | /* mark the completion of proc creation */ |
2455 | os_atomic_andnot(&child->p_refcount, P_REF_NEW, relaxed); |
2456 | |
2457 | proc_list_unlock(); |
2458 | if (in_exec) { |
2459 | proc_rele(p: parent); |
2460 | } |
2461 | } |
2462 | |
2463 | /* |
2464 | * Reparent all children of old proc to new proc. |
2465 | * |
2466 | * Parameters: old process Old process. |
2467 | * new process New process. |
2468 | * |
2469 | * Returns: None. |
2470 | */ |
2471 | void |
2472 | p_reparentallchildren(proc_t old_proc, proc_t new_proc) |
2473 | { |
2474 | proc_t child; |
2475 | |
2476 | LIST_INIT(&new_proc->p_children); |
2477 | |
2478 | /* Wait for parent ref to drop */ |
2479 | proc_childdrainstart(p: old_proc); |
2480 | |
2481 | /* Reparent child from old proc to new proc */ |
2482 | while ((child = old_proc->p_children.lh_first) != NULL) { |
2483 | LIST_REMOVE(child, p_sibling); |
2484 | old_proc->p_childrencnt--; |
2485 | child->p_pptr = new_proc; |
2486 | LIST_INSERT_HEAD(&new_proc->p_children, child, p_sibling); |
2487 | new_proc->p_childrencnt++; |
2488 | } |
2489 | |
2490 | new_proc->si_pid = old_proc->si_pid; |
2491 | new_proc->si_status = old_proc->si_status; |
2492 | new_proc->si_code = old_proc->si_code; |
2493 | new_proc->si_uid = old_proc->si_uid; |
2494 | |
2495 | proc_childdrainend(p: old_proc); |
2496 | } |
2497 | |
2498 | /* |
2499 | * Move p to a new or existing process group (and session) |
2500 | * |
2501 | * Returns: 0 Success |
2502 | * ESRCH No such process |
2503 | */ |
2504 | int |
2505 | enterpgrp(proc_t p, pid_t pgid, int mksess) |
2506 | { |
2507 | struct pgrp *pgrp; |
2508 | struct pgrp *mypgrp; |
2509 | struct session *procsp; |
2510 | |
2511 | pgrp = pgrp_find(pgid); |
2512 | mypgrp = proc_pgrp(p, &procsp); |
2513 | |
2514 | #if DIAGNOSTIC |
2515 | if (pgrp != NULL && mksess) { /* firewalls */ |
2516 | panic("enterpgrp: setsid into non-empty pgrp" ); |
2517 | } |
2518 | if (SESS_LEADER(p, mypgrp->pg_session)) { |
2519 | panic("enterpgrp: session leader attempted setpgrp" ); |
2520 | } |
2521 | #endif |
2522 | if (pgrp == PGRP_NULL) { |
2523 | struct session *sess; |
2524 | pid_t savepid = proc_getpid(p); |
2525 | proc_t np = PROC_NULL; |
2526 | |
2527 | /* |
2528 | * new process group |
2529 | */ |
2530 | #if DIAGNOSTIC |
2531 | if (proc_getpid(p) != pgid) { |
2532 | panic("enterpgrp: new pgrp and pid != pgid" ); |
2533 | } |
2534 | #endif |
2535 | if ((np = proc_find(pid: savepid)) == NULL || np != p) { |
2536 | if (np != PROC_NULL) { |
2537 | proc_rele(p: np); |
2538 | } |
2539 | pgrp_rele(pgrp: mypgrp); |
2540 | return ESRCH; |
2541 | } |
2542 | proc_rele(p: np); |
2543 | |
2544 | pgrp = pgrp_alloc(pgid, bits: PGRP_REF_EMPTY); |
2545 | |
2546 | if (mksess) { |
2547 | /* |
2548 | * new session |
2549 | */ |
2550 | sess = session_alloc(leader: p); |
2551 | |
2552 | bcopy(src: mypgrp->pg_session->s_login, dst: sess->s_login, |
2553 | n: sizeof(sess->s_login)); |
2554 | os_atomic_andnot(&p->p_flag, P_CONTROLT, relaxed); |
2555 | } else { |
2556 | sess = session_ref(sess: procsp); |
2557 | } |
2558 | |
2559 | proc_list_lock(); |
2560 | pgrp->pg_session = sess; |
2561 | p->p_sessionid = sess->s_sid; |
2562 | pghash_insert_locked(pgrp); |
2563 | if (mksess) { |
2564 | LIST_INSERT_HEAD(SESSHASH(sess->s_sid), sess, s_hash); |
2565 | } |
2566 | proc_list_unlock(); |
2567 | } else if (pgrp == mypgrp) { |
2568 | pgrp_rele(pgrp); |
2569 | pgrp_rele(pgrp: mypgrp); |
2570 | return 0; |
2571 | } |
2572 | |
2573 | /* |
2574 | * Adjust eligibility of affected pgrps to participate in job control. |
2575 | * Increment eligibility counts before decrementing, otherwise we |
2576 | * could reach 0 spuriously during the first call. |
2577 | */ |
2578 | fixjobc(p, pgrp, entering: 1); |
2579 | fixjobc(p, pgrp: mypgrp, entering: 0); |
2580 | |
2581 | pgrp_rele(pgrp: mypgrp); |
2582 | pgrp_replace(p, pgrp); |
2583 | |
2584 | return 0; |
2585 | } |
2586 | |
2587 | /* |
2588 | * remove process from process group |
2589 | */ |
2590 | struct pgrp * |
2591 | pgrp_leave_locked(proc_t p) |
2592 | { |
2593 | struct pgrp *pg; |
2594 | |
2595 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2596 | |
2597 | pg = smr_serialized_load(&p->p_pgrp); |
2598 | pgrp_del_member(pgrp: pg, p); |
2599 | p->p_pgrpid = PGRPID_DEAD; |
2600 | smr_clear_store(&p->p_pgrp); |
2601 | |
2602 | return pg; |
2603 | } |
2604 | |
2605 | struct pgrp * |
2606 | pgrp_enter_locked(struct proc *parent, struct proc *child) |
2607 | { |
2608 | struct pgrp *pgrp; |
2609 | |
2610 | LCK_MTX_ASSERT(&proc_list_mlock, LCK_MTX_ASSERT_OWNED); |
2611 | |
2612 | pgrp = pg_ref(smr_serialized_load(&parent->p_pgrp)); |
2613 | pgrp_add_member(pgrp, parent, p: child); |
2614 | return pgrp; |
2615 | } |
2616 | |
2617 | /* |
2618 | * delete a process group |
2619 | */ |
2620 | static void |
2621 | pgrp_free(smr_node_t node) |
2622 | { |
2623 | struct pgrp *pgrp = __container_of(node, struct pgrp, pg_smr_node); |
2624 | |
2625 | zfree(pgrp_zone, pgrp); |
2626 | } |
2627 | |
2628 | __attribute__((noinline)) |
2629 | static void |
2630 | pgrp_destroy(struct pgrp *pgrp) |
2631 | { |
2632 | struct session *sess; |
2633 | |
2634 | assert(LIST_EMPTY(&pgrp->pg_members)); |
2635 | assert(os_ref_get_raw_mask(&pgrp->pg_refcount) & PGRP_REF_EMPTY); |
2636 | |
2637 | proc_list_lock(); |
2638 | pghash_remove_locked(pgrp); |
2639 | proc_list_unlock(); |
2640 | |
2641 | sess = pgrp->pg_session; |
2642 | pgrp->pg_session = SESSION_NULL; |
2643 | session_rele(sess); |
2644 | |
2645 | lck_mtx_destroy(lck: &pgrp->pg_mlock, grp: &proc_mlock_grp); |
2646 | if (os_ref_release_raw(&pgrp->pg_hashref, &p_refgrp) == 0) { |
2647 | smr_proc_task_call(&pgrp->pg_smr_node, sizeof(*pgrp), pgrp_free); |
2648 | } |
2649 | } |
2650 | |
2651 | |
2652 | /* |
2653 | * Adjust pgrp jobc counters when specified process changes process group. |
2654 | * We count the number of processes in each process group that "qualify" |
2655 | * the group for terminal job control (those with a parent in a different |
2656 | * process group of the same session). If that count reaches zero, the |
2657 | * process group becomes orphaned. Check both the specified process' |
2658 | * process group and that of its children. |
2659 | * entering == 0 => p is leaving specified group. |
2660 | * entering == 1 => p is entering specified group. |
2661 | */ |
2662 | int |
2663 | fixjob_callback(proc_t p, void * arg) |
2664 | { |
2665 | struct fixjob_iterargs *fp; |
2666 | struct pgrp * pg, *hispg; |
2667 | struct session * mysession, *hissess; |
2668 | int entering; |
2669 | |
2670 | fp = (struct fixjob_iterargs *)arg; |
2671 | pg = fp->pg; |
2672 | mysession = fp->mysession; |
2673 | entering = fp->entering; |
2674 | |
2675 | hispg = proc_pgrp(p, &hissess); |
2676 | |
2677 | if (hispg != pg && hissess == mysession) { |
2678 | pgrp_lock(pgrp: hispg); |
2679 | if (entering) { |
2680 | hispg->pg_jobc++; |
2681 | pgrp_unlock(pgrp: hispg); |
2682 | } else if (--hispg->pg_jobc == 0) { |
2683 | pgrp_unlock(pgrp: hispg); |
2684 | orphanpg(pg: hispg); |
2685 | } else { |
2686 | pgrp_unlock(pgrp: hispg); |
2687 | } |
2688 | } |
2689 | pgrp_rele(pgrp: hispg); |
2690 | |
2691 | return PROC_RETURNED; |
2692 | } |
2693 | |
2694 | void |
2695 | fixjobc(proc_t p, struct pgrp *pgrp, int entering) |
2696 | { |
2697 | struct pgrp *hispgrp = PGRP_NULL; |
2698 | struct session *hissess = SESSION_NULL; |
2699 | struct session *mysession = pgrp->pg_session; |
2700 | proc_t parent; |
2701 | struct fixjob_iterargs fjarg; |
2702 | boolean_t proc_parent_self; |
2703 | |
2704 | /* |
2705 | * Check if p's parent is current proc, if yes then no need to take |
2706 | * a ref; calling proc_parent with current proc as parent may |
2707 | * deadlock if current proc is exiting. |
2708 | */ |
2709 | proc_parent_self = proc_parent_is_currentproc(p); |
2710 | if (proc_parent_self) { |
2711 | parent = current_proc(); |
2712 | } else { |
2713 | parent = proc_parent(p); |
2714 | } |
2715 | |
2716 | if (parent != PROC_NULL) { |
2717 | hispgrp = proc_pgrp(parent, &hissess); |
2718 | if (!proc_parent_self) { |
2719 | proc_rele(p: parent); |
2720 | } |
2721 | } |
2722 | |
2723 | /* |
2724 | * Check p's parent to see whether p qualifies its own process |
2725 | * group; if so, adjust count for p's process group. |
2726 | */ |
2727 | if (hispgrp != pgrp && hissess == mysession) { |
2728 | pgrp_lock(pgrp); |
2729 | if (entering) { |
2730 | pgrp->pg_jobc++; |
2731 | pgrp_unlock(pgrp); |
2732 | } else if (--pgrp->pg_jobc == 0) { |
2733 | pgrp_unlock(pgrp); |
2734 | orphanpg(pg: pgrp); |
2735 | } else { |
2736 | pgrp_unlock(pgrp); |
2737 | } |
2738 | } |
2739 | |
2740 | pgrp_rele(pgrp: hispgrp); |
2741 | |
2742 | /* |
2743 | * Check this process' children to see whether they qualify |
2744 | * their process groups; if so, adjust counts for children's |
2745 | * process groups. |
2746 | */ |
2747 | fjarg.pg = pgrp; |
2748 | fjarg.mysession = mysession; |
2749 | fjarg.entering = entering; |
2750 | proc_childrenwalk(p, callout: fixjob_callback, arg: &fjarg); |
2751 | } |
2752 | |
2753 | /* |
2754 | * The pidlist_* routines support the functions in this file that |
2755 | * walk lists of processes applying filters and callouts to the |
2756 | * elements of the list. |
2757 | * |
2758 | * A prior implementation used a single linear array, which can be |
2759 | * tricky to allocate on large systems. This implementation creates |
2760 | * an SLIST of modestly sized arrays of PIDS_PER_ENTRY elements. |
2761 | * |
2762 | * The array should be sized large enough to keep the overhead of |
2763 | * walking the list low, but small enough that blocking allocations of |
2764 | * pidlist_entry_t structures always succeed. |
2765 | */ |
2766 | |
2767 | #define PIDS_PER_ENTRY 1021 |
2768 | |
2769 | typedef struct pidlist_entry { |
2770 | SLIST_ENTRY(pidlist_entry) pe_link; |
2771 | u_int pe_nused; |
2772 | pid_t pe_pid[PIDS_PER_ENTRY]; |
2773 | } pidlist_entry_t; |
2774 | |
2775 | typedef struct { |
2776 | SLIST_HEAD(, pidlist_entry) pl_head; |
2777 | struct pidlist_entry *pl_active; |
2778 | u_int pl_nalloc; |
2779 | } pidlist_t; |
2780 | |
2781 | static __inline__ pidlist_t * |
2782 | pidlist_init(pidlist_t *pl) |
2783 | { |
2784 | SLIST_INIT(&pl->pl_head); |
2785 | pl->pl_active = NULL; |
2786 | pl->pl_nalloc = 0; |
2787 | return pl; |
2788 | } |
2789 | |
2790 | static u_int |
2791 | pidlist_alloc(pidlist_t *pl, u_int needed) |
2792 | { |
2793 | while (pl->pl_nalloc < needed) { |
2794 | pidlist_entry_t *pe = kalloc_type(pidlist_entry_t, |
2795 | Z_WAITOK | Z_ZERO | Z_NOFAIL); |
2796 | SLIST_INSERT_HEAD(&pl->pl_head, pe, pe_link); |
2797 | pl->pl_nalloc += (sizeof(pe->pe_pid) / sizeof(pe->pe_pid[0])); |
2798 | } |
2799 | return pl->pl_nalloc; |
2800 | } |
2801 | |
2802 | static void |
2803 | pidlist_free(pidlist_t *pl) |
2804 | { |
2805 | pidlist_entry_t *pe; |
2806 | while (NULL != (pe = SLIST_FIRST(&pl->pl_head))) { |
2807 | SLIST_FIRST(&pl->pl_head) = SLIST_NEXT(pe, pe_link); |
2808 | kfree_type(pidlist_entry_t, pe); |
2809 | } |
2810 | pl->pl_nalloc = 0; |
2811 | } |
2812 | |
2813 | static __inline__ void |
2814 | pidlist_set_active(pidlist_t *pl) |
2815 | { |
2816 | pl->pl_active = SLIST_FIRST(&pl->pl_head); |
2817 | assert(pl->pl_active); |
2818 | } |
2819 | |
2820 | static void |
2821 | pidlist_add_pid(pidlist_t *pl, pid_t pid) |
2822 | { |
2823 | pidlist_entry_t *pe = pl->pl_active; |
2824 | if (pe->pe_nused >= sizeof(pe->pe_pid) / sizeof(pe->pe_pid[0])) { |
2825 | if (NULL == (pe = SLIST_NEXT(pe, pe_link))) { |
2826 | panic("pidlist allocation exhausted" ); |
2827 | } |
2828 | pl->pl_active = pe; |
2829 | } |
2830 | pe->pe_pid[pe->pe_nused++] = pid; |
2831 | } |
2832 | |
2833 | static __inline__ u_int |
2834 | pidlist_nalloc(const pidlist_t *pl) |
2835 | { |
2836 | return pl->pl_nalloc; |
2837 | } |
2838 | |
2839 | /* |
2840 | * A process group has become orphaned; if there are any stopped processes in |
2841 | * the group, hang-up all process in that group. |
2842 | */ |
2843 | static void |
2844 | orphanpg(struct pgrp *pgrp) |
2845 | { |
2846 | pidlist_t pid_list, *pl = pidlist_init(pl: &pid_list); |
2847 | u_int pid_count_available = 0; |
2848 | proc_t p; |
2849 | |
2850 | /* allocate outside of the pgrp_lock */ |
2851 | for (;;) { |
2852 | pgrp_lock(pgrp); |
2853 | |
2854 | boolean_t should_iterate = FALSE; |
2855 | pid_count_available = 0; |
2856 | |
2857 | PGMEMBERS_FOREACH(pgrp, p) { |
2858 | pid_count_available++; |
2859 | if (p->p_stat == SSTOP) { |
2860 | should_iterate = TRUE; |
2861 | } |
2862 | } |
2863 | if (pid_count_available == 0 || !should_iterate) { |
2864 | pgrp_unlock(pgrp); |
2865 | goto out; /* no orphaned processes OR nothing stopped */ |
2866 | } |
2867 | if (pidlist_nalloc(pl) >= pid_count_available) { |
2868 | break; |
2869 | } |
2870 | pgrp_unlock(pgrp); |
2871 | |
2872 | pidlist_alloc(pl, needed: pid_count_available); |
2873 | } |
2874 | pidlist_set_active(pl); |
2875 | |
2876 | u_int pid_count = 0; |
2877 | PGMEMBERS_FOREACH(pgrp, p) { |
2878 | pidlist_add_pid(pl, pid: proc_pid(p)); |
2879 | if (++pid_count >= pid_count_available) { |
2880 | break; |
2881 | } |
2882 | } |
2883 | pgrp_unlock(pgrp); |
2884 | |
2885 | const pidlist_entry_t *pe; |
2886 | SLIST_FOREACH(pe, &(pl->pl_head), pe_link) { |
2887 | for (u_int i = 0; i < pe->pe_nused; i++) { |
2888 | const pid_t pid = pe->pe_pid[i]; |
2889 | if (0 == pid) { |
2890 | continue; /* skip kernproc */ |
2891 | } |
2892 | p = proc_find(pid); |
2893 | if (!p) { |
2894 | continue; |
2895 | } |
2896 | proc_transwait(p, locked: 0); |
2897 | pt_setrunnable(p); |
2898 | psignal(p, SIGHUP); |
2899 | psignal(p, SIGCONT); |
2900 | proc_rele(p); |
2901 | } |
2902 | } |
2903 | out: |
2904 | pidlist_free(pl); |
2905 | } |
2906 | |
2907 | boolean_t |
2908 | proc_is_translated(proc_t p) |
2909 | { |
2910 | return p && ((p->p_flag & P_TRANSLATED) != 0); |
2911 | } |
2912 | |
2913 | |
2914 | |
2915 | int |
2916 | proc_is_classic(proc_t p __unused) |
2917 | { |
2918 | return 0; |
2919 | } |
2920 | |
2921 | bool |
2922 | proc_is_exotic( |
2923 | proc_t p) |
2924 | { |
2925 | if (p == NULL) { |
2926 | return false; |
2927 | } |
2928 | return task_is_exotic(task: proc_task(proc: p)); |
2929 | } |
2930 | |
2931 | bool |
2932 | proc_is_alien( |
2933 | proc_t p) |
2934 | { |
2935 | if (p == NULL) { |
2936 | return false; |
2937 | } |
2938 | return task_is_alien(task: proc_task(proc: p)); |
2939 | } |
2940 | |
2941 | bool |
2942 | proc_is_driver(proc_t p) |
2943 | { |
2944 | if (p == NULL) { |
2945 | return false; |
2946 | } |
2947 | return task_is_driver(task: proc_task(proc: p)); |
2948 | } |
2949 | |
2950 | bool |
2951 | proc_is_third_party_debuggable_driver(proc_t p) |
2952 | { |
2953 | #if XNU_TARGET_OS_IOS |
2954 | uint64_t csflags; |
2955 | if (proc_csflags(p, &csflags) != 0) { |
2956 | return false; |
2957 | } |
2958 | |
2959 | if (proc_is_driver(p) && |
2960 | !csproc_get_platform_binary(p) && |
2961 | IOTaskHasEntitlement(proc_task(p), kIODriverKitEntitlementKey) && |
2962 | (csflags & CS_GET_TASK_ALLOW) != 0) { |
2963 | return true; |
2964 | } |
2965 | |
2966 | return false; |
2967 | |
2968 | #else |
2969 | /* On other platforms, fall back to existing rules for debugging */ |
2970 | (void)p; |
2971 | return false; |
2972 | #endif /* XNU_TARGET_OS_IOS */ |
2973 | } |
2974 | |
2975 | /* XXX Why does this function exist? Need to kill it off... */ |
2976 | proc_t |
2977 | current_proc_EXTERNAL(void) |
2978 | { |
2979 | return current_proc(); |
2980 | } |
2981 | |
2982 | int |
2983 | proc_is_forcing_hfs_case_sensitivity(proc_t p) |
2984 | { |
2985 | return (p->p_vfs_iopolicy & P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY) ? 1 : 0; |
2986 | } |
2987 | |
2988 | bool |
2989 | proc_ignores_content_protection(proc_t p) |
2990 | { |
2991 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_IGNORE_CONTENT_PROTECTION; |
2992 | } |
2993 | |
2994 | bool |
2995 | proc_ignores_node_permissions(proc_t p) |
2996 | { |
2997 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_IGNORE_NODE_PERMISSIONS; |
2998 | } |
2999 | |
3000 | bool |
3001 | proc_skip_mtime_update(proc_t p) |
3002 | { |
3003 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_SKIP_MTIME_UPDATE; |
3004 | } |
3005 | |
3006 | bool |
3007 | proc_allow_low_space_writes(proc_t p) |
3008 | { |
3009 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_ALLOW_LOW_SPACE_WRITES; |
3010 | } |
3011 | |
3012 | bool |
3013 | proc_disallow_rw_for_o_evtonly(proc_t p) |
3014 | { |
3015 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_DISALLOW_RW_FOR_O_EVTONLY; |
3016 | } |
3017 | |
3018 | bool |
3019 | proc_use_alternative_symlink_ea(proc_t p) |
3020 | { |
3021 | return os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_ALTLINK; |
3022 | } |
3023 | |
3024 | bool |
3025 | proc_allow_nocache_write_fs_blksize(proc_t p) |
3026 | { |
3027 | struct uthread *ut = get_bsdthread_info(current_thread()); |
3028 | |
3029 | return (ut && (ut->uu_flag & UT_FS_BLKSIZE_NOCACHE_WRITES)) || |
3030 | os_atomic_load(&p->p_vfs_iopolicy, relaxed) & P_VFS_IOPOLICY_NOCACHE_WRITE_FS_BLKSIZE; |
3031 | } |
3032 | |
3033 | bool |
3034 | proc_is_rsr(proc_t p) |
3035 | { |
3036 | return os_atomic_load(&p->p_ladvflag, relaxed) & P_RSR; |
3037 | } |
3038 | |
3039 | #if CONFIG_COREDUMP |
3040 | /* |
3041 | * proc_core_name(format, name, uid, pid) |
3042 | * Expand the name described in format, using name, uid, and pid. |
3043 | * format is a printf-like string, with four format specifiers: |
3044 | * %N name of process ("name") |
3045 | * %P process id (pid) |
3046 | * %U user id (uid) |
3047 | * %T mach_continuous_time() timestamp |
3048 | * For example, "%N.core" is the default; they can be disabled completely |
3049 | * by using "/dev/null", or all core files can be stored in "/cores/%U/%N-%P". |
3050 | * This is controlled by the sysctl variable kern.corefile (see above). |
3051 | */ |
3052 | __private_extern__ int |
3053 | proc_core_name(const char *format, const char * name, uid_t uid, pid_t pid, char *cf_name, |
3054 | size_t cf_name_len) |
3055 | { |
3056 | const char *appendstr; |
3057 | char id_buf[sizeof(OS_STRINGIFY(INT32_MAX))]; /* Buffer for pid/uid -- max 4B */ |
3058 | _Static_assert(sizeof(id_buf) == 11, "size mismatch" ); |
3059 | char timestamp_buf[sizeof(OS_STRINGIFY(UINT64_MAX))]; /* Buffer for timestamp, including null terminator */ |
3060 | size_t i, l, n; |
3061 | |
3062 | if (cf_name == NULL) { |
3063 | goto toolong; |
3064 | } |
3065 | |
3066 | for (i = 0, n = 0; n < cf_name_len && format[i]; i++) { |
3067 | switch (format[i]) { |
3068 | case '%': /* Format character */ |
3069 | i++; |
3070 | switch (format[i]) { |
3071 | case '%': |
3072 | appendstr = "%" ; |
3073 | break; |
3074 | case 'N': /* process name */ |
3075 | appendstr = name; |
3076 | break; |
3077 | case 'P': /* process id */ |
3078 | snprintf(id_buf, count: sizeof(id_buf), "%u" , pid); |
3079 | appendstr = id_buf; |
3080 | break; |
3081 | case 'U': /* user id */ |
3082 | snprintf(id_buf, count: sizeof(id_buf), "%u" , uid); |
3083 | appendstr = id_buf; |
3084 | break; |
3085 | case 'T': /* timestamp */ |
3086 | snprintf(timestamp_buf, count: sizeof(timestamp_buf), "%llu" , mach_continuous_time()); |
3087 | appendstr = timestamp_buf; |
3088 | break; |
3089 | case '\0': /* format string ended in % symbol */ |
3090 | goto endofstring; |
3091 | default: |
3092 | appendstr = "" ; |
3093 | log(LOG_ERR, |
3094 | "Unknown format character %c in `%s'\n" , |
3095 | format[i], format); |
3096 | } |
3097 | l = strlen(s: appendstr); |
3098 | if ((n + l) >= cf_name_len) { |
3099 | goto toolong; |
3100 | } |
3101 | bcopy(src: appendstr, dst: cf_name + n, n: l); |
3102 | n += l; |
3103 | break; |
3104 | default: |
3105 | cf_name[n++] = format[i]; |
3106 | } |
3107 | } |
3108 | if (format[i] != '\0') { |
3109 | goto toolong; |
3110 | } |
3111 | return 0; |
3112 | toolong: |
3113 | log(LOG_ERR, "pid %ld (%s), uid (%u): corename is too long\n" , |
3114 | (long)pid, name, (uint32_t)uid); |
3115 | return 1; |
3116 | endofstring: |
3117 | log(LOG_ERR, "pid %ld (%s), uid (%u): unexpected end of string after %% token\n" , |
3118 | (long)pid, name, (uint32_t)uid); |
3119 | return 1; |
3120 | } |
3121 | #endif /* CONFIG_COREDUMP */ |
3122 | |
3123 | /* Code Signing related routines */ |
3124 | |
3125 | int |
3126 | csops(__unused proc_t p, struct csops_args *uap, __unused int32_t *retval) |
3127 | { |
3128 | return csops_internal(pid: uap->pid, ops: uap->ops, uaddr: uap->useraddr, |
3129 | usersize: uap->usersize, USER_ADDR_NULL); |
3130 | } |
3131 | |
3132 | int |
3133 | csops_audittoken(__unused proc_t p, struct csops_audittoken_args *uap, __unused int32_t *retval) |
3134 | { |
3135 | if (uap->uaudittoken == USER_ADDR_NULL) { |
3136 | return EINVAL; |
3137 | } |
3138 | return csops_internal(pid: uap->pid, ops: uap->ops, uaddr: uap->useraddr, |
3139 | usersize: uap->usersize, uaddittoken: uap->uaudittoken); |
3140 | } |
3141 | |
3142 | static int |
3143 | csops_copy_token(const void *start, size_t length, user_size_t usize, user_addr_t uaddr) |
3144 | { |
3145 | char [8] = { 0 }; |
3146 | int error; |
3147 | |
3148 | if (usize < sizeof(fakeheader)) { |
3149 | return ERANGE; |
3150 | } |
3151 | |
3152 | /* if no blob, fill in zero header */ |
3153 | if (NULL == start) { |
3154 | start = fakeheader; |
3155 | length = sizeof(fakeheader); |
3156 | } else if (usize < length) { |
3157 | /* ... if input too short, copy out length of entitlement */ |
3158 | uint32_t length32 = htonl((uint32_t)length); |
3159 | memcpy(dst: &fakeheader[4], src: &length32, n: sizeof(length32)); |
3160 | |
3161 | error = copyout(fakeheader, uaddr, sizeof(fakeheader)); |
3162 | if (error == 0) { |
3163 | return ERANGE; /* input buffer to short, ERANGE signals that */ |
3164 | } |
3165 | return error; |
3166 | } |
3167 | return copyout(start, uaddr, length); |
3168 | } |
3169 | |
3170 | static int |
3171 | csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user_addr_t uaudittoken) |
3172 | { |
3173 | size_t usize = (size_t)CAST_DOWN(size_t, usersize); |
3174 | proc_t pt; |
3175 | int forself; |
3176 | int error; |
3177 | vnode_t tvp; |
3178 | off_t toff; |
3179 | unsigned char cdhash[SHA1_RESULTLEN]; |
3180 | audit_token_t token; |
3181 | unsigned int upid = 0, uidversion = 0; |
3182 | |
3183 | forself = error = 0; |
3184 | |
3185 | if (pid == 0) { |
3186 | pid = proc_selfpid(); |
3187 | } |
3188 | if (pid == proc_selfpid()) { |
3189 | forself = 1; |
3190 | } |
3191 | |
3192 | |
3193 | switch (ops) { |
3194 | case CS_OPS_STATUS: |
3195 | case CS_OPS_CDHASH: |
3196 | case CS_OPS_PIDOFFSET: |
3197 | case CS_OPS_ENTITLEMENTS_BLOB: |
3198 | case CS_OPS_DER_ENTITLEMENTS_BLOB: |
3199 | case CS_OPS_IDENTITY: |
3200 | case CS_OPS_BLOB: |
3201 | case CS_OPS_TEAMID: |
3202 | case CS_OPS_CLEAR_LV: |
3203 | case CS_OPS_VALIDATION_CATEGORY: |
3204 | break; /* not restricted to root */ |
3205 | default: |
3206 | if (forself == 0 && kauth_cred_issuser(cred: kauth_cred_get()) != TRUE) { |
3207 | return EPERM; |
3208 | } |
3209 | break; |
3210 | } |
3211 | |
3212 | pt = proc_find(pid); |
3213 | if (pt == PROC_NULL) { |
3214 | return ESRCH; |
3215 | } |
3216 | |
3217 | upid = proc_getpid(p: pt); |
3218 | uidversion = proc_pidversion(p: pt); |
3219 | if (uaudittoken != USER_ADDR_NULL) { |
3220 | error = copyin(uaudittoken, &token, sizeof(audit_token_t)); |
3221 | if (error != 0) { |
3222 | goto out; |
3223 | } |
3224 | /* verify the audit token pid/idversion matches with proc */ |
3225 | if ((token.val[5] != upid) || (token.val[7] != uidversion)) { |
3226 | error = ESRCH; |
3227 | goto out; |
3228 | } |
3229 | } |
3230 | |
3231 | #if CONFIG_MACF |
3232 | switch (ops) { |
3233 | case CS_OPS_MARKINVALID: |
3234 | case CS_OPS_MARKHARD: |
3235 | case CS_OPS_MARKKILL: |
3236 | case CS_OPS_MARKRESTRICT: |
3237 | case CS_OPS_SET_STATUS: |
3238 | case CS_OPS_CLEARINSTALLER: |
3239 | case CS_OPS_CLEARPLATFORM: |
3240 | case CS_OPS_CLEAR_LV: |
3241 | if ((error = mac_proc_check_set_cs_info(curp: current_proc(), target: pt, op: ops))) { |
3242 | goto out; |
3243 | } |
3244 | break; |
3245 | default: |
3246 | if ((error = mac_proc_check_get_cs_info(curp: current_proc(), target: pt, op: ops))) { |
3247 | goto out; |
3248 | } |
3249 | } |
3250 | #endif |
3251 | |
3252 | switch (ops) { |
3253 | case CS_OPS_STATUS: { |
3254 | uint32_t retflags; |
3255 | |
3256 | proc_lock(pt); |
3257 | retflags = (uint32_t)proc_getcsflags(p: pt); |
3258 | if (cs_process_enforcement(pt)) { |
3259 | retflags |= CS_ENFORCEMENT; |
3260 | } |
3261 | if (csproc_get_platform_binary(pt)) { |
3262 | retflags |= CS_PLATFORM_BINARY; |
3263 | } |
3264 | if (csproc_get_platform_path(pt)) { |
3265 | retflags |= CS_PLATFORM_PATH; |
3266 | } |
3267 | //Don't return CS_REQUIRE_LV if we turned it on with CS_FORCED_LV but still report CS_FORCED_LV |
3268 | if ((proc_getcsflags(p: pt) & CS_FORCED_LV) == CS_FORCED_LV) { |
3269 | retflags &= (~CS_REQUIRE_LV); |
3270 | } |
3271 | proc_unlock(pt); |
3272 | |
3273 | if (uaddr != USER_ADDR_NULL) { |
3274 | error = copyout(&retflags, uaddr, sizeof(uint32_t)); |
3275 | } |
3276 | break; |
3277 | } |
3278 | case CS_OPS_MARKINVALID: |
3279 | proc_lock(pt); |
3280 | if ((proc_getcsflags(p: pt) & CS_VALID) == CS_VALID) { /* is currently valid */ |
3281 | proc_csflags_clear(p: pt, CS_VALID); /* set invalid */ |
3282 | cs_process_invalidated(pt); |
3283 | if ((proc_getcsflags(p: pt) & CS_KILL) == CS_KILL) { |
3284 | proc_csflags_set(p: pt, CS_KILLED); |
3285 | proc_unlock(pt); |
3286 | if (cs_debug) { |
3287 | printf("CODE SIGNING: marked invalid by pid %d: " |
3288 | "p=%d[%s] honoring CS_KILL, final status 0x%x\n" , |
3289 | proc_selfpid(), proc_getpid(p: pt), pt->p_comm, |
3290 | (unsigned int)proc_getcsflags(p: pt)); |
3291 | } |
3292 | psignal(p: pt, SIGKILL); |
3293 | } else { |
3294 | proc_unlock(pt); |
3295 | } |
3296 | } else { |
3297 | proc_unlock(pt); |
3298 | } |
3299 | |
3300 | break; |
3301 | |
3302 | case CS_OPS_MARKHARD: |
3303 | proc_lock(pt); |
3304 | proc_csflags_set(p: pt, CS_HARD); |
3305 | if ((proc_getcsflags(p: pt) & CS_VALID) == 0) { |
3306 | /* @@@ allow? reject? kill? @@@ */ |
3307 | proc_unlock(pt); |
3308 | error = EINVAL; |
3309 | goto out; |
3310 | } else { |
3311 | proc_unlock(pt); |
3312 | } |
3313 | break; |
3314 | |
3315 | case CS_OPS_MARKKILL: |
3316 | proc_lock(pt); |
3317 | proc_csflags_set(p: pt, CS_KILL); |
3318 | if ((proc_getcsflags(p: pt) & CS_VALID) == 0) { |
3319 | proc_unlock(pt); |
3320 | psignal(p: pt, SIGKILL); |
3321 | } else { |
3322 | proc_unlock(pt); |
3323 | } |
3324 | break; |
3325 | |
3326 | case CS_OPS_PIDOFFSET: |
3327 | toff = pt->p_textoff; |
3328 | proc_rele(p: pt); |
3329 | error = copyout(&toff, uaddr, sizeof(toff)); |
3330 | return error; |
3331 | |
3332 | case CS_OPS_CDHASH: |
3333 | |
3334 | /* pt already holds a reference on its p_textvp */ |
3335 | tvp = pt->p_textvp; |
3336 | toff = pt->p_textoff; |
3337 | |
3338 | if (tvp == NULLVP || usize != SHA1_RESULTLEN) { |
3339 | proc_rele(p: pt); |
3340 | return EINVAL; |
3341 | } |
3342 | |
3343 | error = vn_getcdhash(vp: tvp, offset: toff, cdhash); |
3344 | proc_rele(p: pt); |
3345 | |
3346 | if (error == 0) { |
3347 | error = copyout(cdhash, uaddr, sizeof(cdhash)); |
3348 | } |
3349 | |
3350 | return error; |
3351 | |
3352 | case CS_OPS_ENTITLEMENTS_BLOB: { |
3353 | void *start; |
3354 | size_t length; |
3355 | struct cs_blob* blob; |
3356 | |
3357 | proc_lock(pt); |
3358 | if ((proc_getcsflags(p: pt) & (CS_VALID | CS_DEBUGGED)) == 0) { |
3359 | proc_unlock(pt); |
3360 | error = EINVAL; |
3361 | goto out; |
3362 | } |
3363 | blob = csproc_get_blob(pt); |
3364 | proc_unlock(pt); |
3365 | |
3366 | if (!blob) { |
3367 | error = EBADEXEC; |
3368 | goto out; |
3369 | } |
3370 | |
3371 | void* osent = csblob_os_entitlements_get(csblob: blob); |
3372 | if (!osent) { |
3373 | goto out; |
3374 | } |
3375 | CS_GenericBlob* xmlblob = NULL; |
3376 | if (amfi->OSEntitlements_get_xml(osent, &xmlblob)) { |
3377 | start = (void*)xmlblob; |
3378 | length = (size_t)ntohl(xmlblob->length); |
3379 | } else { |
3380 | goto out; |
3381 | } |
3382 | |
3383 | error = csops_copy_token(start, length, usize, uaddr); |
3384 | kfree_data(start, length); |
3385 | goto out; |
3386 | } |
3387 | case CS_OPS_DER_ENTITLEMENTS_BLOB: { |
3388 | const void *start; |
3389 | size_t length; |
3390 | struct cs_blob* blob; |
3391 | |
3392 | proc_lock(pt); |
3393 | if ((proc_getcsflags(p: pt) & (CS_VALID | CS_DEBUGGED)) == 0) { |
3394 | proc_unlock(pt); |
3395 | error = EINVAL; |
3396 | goto out; |
3397 | } |
3398 | blob = csproc_get_blob(pt); |
3399 | proc_unlock(pt); |
3400 | |
3401 | if (!blob) { |
3402 | error = EBADEXEC; |
3403 | goto out; |
3404 | } |
3405 | |
3406 | error = csblob_get_der_entitlements(blob, (const CS_GenericBlob **)&start, &length); |
3407 | if (error || start == NULL) { |
3408 | if (amfi && csblob_os_entitlements_get(csblob: blob)) { |
3409 | void* osent = csblob_os_entitlements_get(csblob: blob); |
3410 | |
3411 | const CS_GenericBlob* transmuted = NULL; |
3412 | if (amfi->OSEntitlements_get_transmuted(osent, &transmuted)) { |
3413 | start = transmuted; |
3414 | length = (size_t)ntohl(transmuted->length); |
3415 | } else { |
3416 | goto out; |
3417 | } |
3418 | } else { |
3419 | goto out; |
3420 | } |
3421 | } |
3422 | |
3423 | error = csops_copy_token(start, length, usize, uaddr); |
3424 | goto out; |
3425 | } |
3426 | |
3427 | case CS_OPS_VALIDATION_CATEGORY: |
3428 | { |
3429 | unsigned int validation_category = CS_VALIDATION_CATEGORY_INVALID; |
3430 | error = csproc_get_validation_category(pt, &validation_category); |
3431 | if (error) { |
3432 | goto out; |
3433 | } |
3434 | error = copyout(&validation_category, uaddr, sizeof(validation_category)); |
3435 | break; |
3436 | } |
3437 | |
3438 | case CS_OPS_MARKRESTRICT: |
3439 | proc_lock(pt); |
3440 | proc_csflags_set(p: pt, CS_RESTRICT); |
3441 | proc_unlock(pt); |
3442 | break; |
3443 | |
3444 | case CS_OPS_SET_STATUS: { |
3445 | uint32_t flags; |
3446 | |
3447 | if (usize < sizeof(flags)) { |
3448 | error = ERANGE; |
3449 | break; |
3450 | } |
3451 | |
3452 | error = copyin(uaddr, &flags, sizeof(flags)); |
3453 | if (error) { |
3454 | break; |
3455 | } |
3456 | |
3457 | /* only allow setting a subset of all code sign flags */ |
3458 | flags &= |
3459 | CS_HARD | CS_EXEC_SET_HARD | |
3460 | CS_KILL | CS_EXEC_SET_KILL | |
3461 | CS_RESTRICT | |
3462 | CS_REQUIRE_LV | |
3463 | CS_ENFORCEMENT | CS_EXEC_SET_ENFORCEMENT; |
3464 | |
3465 | proc_lock(pt); |
3466 | if (proc_getcsflags(p: pt) & CS_VALID) { |
3467 | if ((flags & CS_ENFORCEMENT) && |
3468 | !(proc_getcsflags(p: pt) & CS_ENFORCEMENT)) { |
3469 | vm_map_cs_enforcement_set(map: get_task_map(proc_task(proc: pt)), TRUE); |
3470 | } |
3471 | proc_csflags_set(p: pt, flags); |
3472 | } else { |
3473 | error = EINVAL; |
3474 | } |
3475 | proc_unlock(pt); |
3476 | |
3477 | break; |
3478 | } |
3479 | case CS_OPS_CLEAR_LV: { |
3480 | /* |
3481 | * This option is used to remove library validation from |
3482 | * a running process. This is used in plugin architectures |
3483 | * when a program needs to load untrusted libraries. This |
3484 | * allows the process to maintain library validation as |
3485 | * long as possible, then drop it only when required. |
3486 | * Once a process has loaded the untrusted library, |
3487 | * relying on library validation in the future will |
3488 | * not be effective. An alternative is to re-exec |
3489 | * your application without library validation, or |
3490 | * fork an untrusted child. |
3491 | */ |
3492 | #if !defined(XNU_TARGET_OS_OSX) |
3493 | // We only support dropping library validation on macOS |
3494 | error = ENOTSUP; |
3495 | #else |
3496 | /* |
3497 | * if we have the flag set, and the caller wants |
3498 | * to remove it, and they're entitled to, then |
3499 | * we remove it from the csflags |
3500 | * |
3501 | * NOTE: We are fine to poke into the task because |
3502 | * we get a ref to pt when we do the proc_find |
3503 | * at the beginning of this function. |
3504 | * |
3505 | * We also only allow altering ourselves. |
3506 | */ |
3507 | if (forself == 1 && IOTaskHasEntitlement(task: proc_task(proc: pt), CLEAR_LV_ENTITLEMENT)) { |
3508 | proc_lock(pt); |
3509 | if (!(proc_getcsflags(p: pt) & CS_INSTALLER)) { |
3510 | proc_csflags_clear(p: pt, CS_REQUIRE_LV | CS_FORCED_LV); |
3511 | error = 0; |
3512 | } else { |
3513 | error = EPERM; |
3514 | } |
3515 | proc_unlock(pt); |
3516 | } else { |
3517 | error = EPERM; |
3518 | } |
3519 | #endif |
3520 | break; |
3521 | } |
3522 | case CS_OPS_BLOB: { |
3523 | void *start; |
3524 | size_t length; |
3525 | |
3526 | proc_lock(pt); |
3527 | if ((proc_getcsflags(p: pt) & (CS_VALID | CS_DEBUGGED)) == 0) { |
3528 | proc_unlock(pt); |
3529 | error = EINVAL; |
3530 | break; |
3531 | } |
3532 | proc_unlock(pt); |
3533 | // Don't need to lock here as not accessing CSFLAGS |
3534 | error = cs_blob_get(pt, &start, &length); |
3535 | if (error) { |
3536 | goto out; |
3537 | } |
3538 | |
3539 | error = csops_copy_token(start, length, usize, uaddr); |
3540 | goto out; |
3541 | } |
3542 | case CS_OPS_IDENTITY: |
3543 | case CS_OPS_TEAMID: { |
3544 | const char *identity; |
3545 | uint8_t [8]; |
3546 | uint32_t idlen; |
3547 | size_t length; |
3548 | |
3549 | /* |
3550 | * Make identity have a blob header to make it |
3551 | * easier on userland to guess the identity |
3552 | * length. |
3553 | */ |
3554 | if (usize < sizeof(fakeheader)) { |
3555 | error = ERANGE; |
3556 | break; |
3557 | } |
3558 | memset(s: fakeheader, c: 0, n: sizeof(fakeheader)); |
3559 | |
3560 | proc_lock(pt); |
3561 | if ((proc_getcsflags(p: pt) & (CS_VALID | CS_DEBUGGED)) == 0) { |
3562 | proc_unlock(pt); |
3563 | error = EINVAL; |
3564 | break; |
3565 | } |
3566 | identity = ops == CS_OPS_TEAMID ? csproc_get_teamid(pt) : cs_identity_get(pt); |
3567 | proc_unlock(pt); |
3568 | |
3569 | if (identity == NULL) { |
3570 | error = ENOENT; |
3571 | goto out; |
3572 | } |
3573 | |
3574 | length = strlen(s: identity) + 1; /* include NUL */ |
3575 | idlen = htonl((uint32_t)(length + sizeof(fakeheader))); |
3576 | memcpy(dst: &fakeheader[4], src: &idlen, n: sizeof(idlen)); |
3577 | |
3578 | error = copyout(fakeheader, uaddr, sizeof(fakeheader)); |
3579 | if (error) { |
3580 | goto out; |
3581 | } |
3582 | |
3583 | if (usize < sizeof(fakeheader) + length) { |
3584 | error = ERANGE; |
3585 | } else if (usize > sizeof(fakeheader)) { |
3586 | error = copyout(identity, uaddr + sizeof(fakeheader), length); |
3587 | } |
3588 | goto out; |
3589 | } |
3590 | |
3591 | case CS_OPS_CLEARINSTALLER: |
3592 | proc_lock(pt); |
3593 | proc_csflags_clear(p: pt, CS_INSTALLER | CS_DATAVAULT_CONTROLLER | CS_EXEC_INHERIT_SIP); |
3594 | proc_unlock(pt); |
3595 | break; |
3596 | |
3597 | case CS_OPS_CLEARPLATFORM: |
3598 | #if DEVELOPMENT || DEBUG |
3599 | if (cs_process_global_enforcement()) { |
3600 | error = ENOTSUP; |
3601 | break; |
3602 | } |
3603 | |
3604 | #if CONFIG_CSR |
3605 | if (csr_check(CSR_ALLOW_APPLE_INTERNAL) != 0) { |
3606 | error = ENOTSUP; |
3607 | break; |
3608 | } |
3609 | #endif /* CONFIG_CSR */ |
3610 | task_t task = proc_task(pt); |
3611 | |
3612 | proc_lock(pt); |
3613 | proc_csflags_clear(pt, CS_PLATFORM_BINARY | CS_PLATFORM_PATH); |
3614 | task_set_hardened_runtime(task, false); |
3615 | csproc_clear_platform_binary(pt); |
3616 | proc_unlock(pt); |
3617 | break; |
3618 | #else /* DEVELOPMENT || DEBUG */ |
3619 | error = ENOTSUP; |
3620 | break; |
3621 | #endif /* !DEVELOPMENT || DEBUG */ |
3622 | |
3623 | default: |
3624 | error = EINVAL; |
3625 | break; |
3626 | } |
3627 | out: |
3628 | proc_rele(p: pt); |
3629 | return error; |
3630 | } |
3631 | |
3632 | void |
3633 | proc_iterate( |
3634 | unsigned int flags, |
3635 | proc_iterate_fn_t callout, |
3636 | void *arg, |
3637 | proc_iterate_fn_t filterfn, |
3638 | void *filterarg) |
3639 | { |
3640 | pidlist_t pid_list, *pl = pidlist_init(pl: &pid_list); |
3641 | u_int pid_count_available = 0; |
3642 | |
3643 | assert(callout != NULL); |
3644 | |
3645 | /* allocate outside of the proc_list_lock */ |
3646 | for (;;) { |
3647 | proc_list_lock(); |
3648 | pid_count_available = nprocs + 1; /* kernel_task not counted in nprocs */ |
3649 | assert(pid_count_available > 0); |
3650 | if (pidlist_nalloc(pl) >= pid_count_available) { |
3651 | break; |
3652 | } |
3653 | proc_list_unlock(); |
3654 | |
3655 | pidlist_alloc(pl, needed: pid_count_available); |
3656 | } |
3657 | pidlist_set_active(pl); |
3658 | |
3659 | /* filter pids into the pid_list */ |
3660 | |
3661 | u_int pid_count = 0; |
3662 | if (flags & PROC_ALLPROCLIST) { |
3663 | proc_t p; |
3664 | ALLPROC_FOREACH(p) { |
3665 | /* ignore processes that are being forked */ |
3666 | if (p->p_stat == SIDL || proc_is_shadow(p)) { |
3667 | continue; |
3668 | } |
3669 | if ((filterfn != NULL) && (filterfn(p, filterarg) == 0)) { |
3670 | continue; |
3671 | } |
3672 | pidlist_add_pid(pl, pid: proc_pid(p)); |
3673 | if (++pid_count >= pid_count_available) { |
3674 | break; |
3675 | } |
3676 | } |
3677 | } |
3678 | |
3679 | if ((pid_count < pid_count_available) && |
3680 | (flags & PROC_ZOMBPROCLIST)) { |
3681 | proc_t p; |
3682 | ZOMBPROC_FOREACH(p) { |
3683 | if (proc_is_shadow(p)) { |
3684 | continue; |
3685 | } |
3686 | if ((filterfn != NULL) && (filterfn(p, filterarg) == 0)) { |
3687 | continue; |
3688 | } |
3689 | pidlist_add_pid(pl, pid: proc_pid(p)); |
3690 | if (++pid_count >= pid_count_available) { |
3691 | break; |
3692 | } |
3693 | } |
3694 | } |
3695 | |
3696 | proc_list_unlock(); |
3697 | |
3698 | /* call callout on processes in the pid_list */ |
3699 | |
3700 | const pidlist_entry_t *pe; |
3701 | SLIST_FOREACH(pe, &(pl->pl_head), pe_link) { |
3702 | for (u_int i = 0; i < pe->pe_nused; i++) { |
3703 | const pid_t pid = pe->pe_pid[i]; |
3704 | proc_t p = proc_find(pid); |
3705 | if (p) { |
3706 | if ((flags & PROC_NOWAITTRANS) == 0) { |
3707 | proc_transwait(p, locked: 0); |
3708 | } |
3709 | const int callout_ret = callout(p, arg); |
3710 | |
3711 | switch (callout_ret) { |
3712 | case PROC_RETURNED_DONE: |
3713 | proc_rele(p); |
3714 | OS_FALLTHROUGH; |
3715 | case PROC_CLAIMED_DONE: |
3716 | goto out; |
3717 | |
3718 | case PROC_RETURNED: |
3719 | proc_rele(p); |
3720 | OS_FALLTHROUGH; |
3721 | case PROC_CLAIMED: |
3722 | break; |
3723 | default: |
3724 | panic("%s: callout =%d for pid %d" , |
3725 | __func__, callout_ret, pid); |
3726 | break; |
3727 | } |
3728 | } else if (flags & PROC_ZOMBPROCLIST) { |
3729 | p = proc_find_zombref(pid); |
3730 | if (!p) { |
3731 | continue; |
3732 | } |
3733 | const int callout_ret = callout(p, arg); |
3734 | |
3735 | switch (callout_ret) { |
3736 | case PROC_RETURNED_DONE: |
3737 | proc_drop_zombref(p); |
3738 | OS_FALLTHROUGH; |
3739 | case PROC_CLAIMED_DONE: |
3740 | goto out; |
3741 | |
3742 | case PROC_RETURNED: |
3743 | proc_drop_zombref(p); |
3744 | OS_FALLTHROUGH; |
3745 | case PROC_CLAIMED: |
3746 | break; |
3747 | default: |
3748 | panic("%s: callout =%d for zombie %d" , |
3749 | __func__, callout_ret, pid); |
3750 | break; |
3751 | } |
3752 | } |
3753 | } |
3754 | } |
3755 | out: |
3756 | pidlist_free(pl); |
3757 | } |
3758 | |
3759 | void |
3760 | proc_rebootscan( |
3761 | proc_iterate_fn_t callout, |
3762 | void *arg, |
3763 | proc_iterate_fn_t filterfn, |
3764 | void *filterarg) |
3765 | { |
3766 | proc_t p; |
3767 | |
3768 | assert(callout != NULL); |
3769 | |
3770 | proc_shutdown_exitcount = 0; |
3771 | |
3772 | restart_foreach: |
3773 | |
3774 | proc_list_lock(); |
3775 | |
3776 | ALLPROC_FOREACH(p) { |
3777 | if ((filterfn != NULL) && filterfn(p, filterarg) == 0) { |
3778 | continue; |
3779 | } |
3780 | p = proc_ref(p, true); |
3781 | if (!p) { |
3782 | proc_list_unlock(); |
3783 | goto restart_foreach; |
3784 | } |
3785 | |
3786 | proc_list_unlock(); |
3787 | |
3788 | proc_transwait(p, locked: 0); |
3789 | (void)callout(p, arg); |
3790 | proc_rele(p); |
3791 | |
3792 | goto restart_foreach; |
3793 | } |
3794 | |
3795 | proc_list_unlock(); |
3796 | } |
3797 | |
3798 | void |
3799 | proc_childrenwalk( |
3800 | proc_t parent, |
3801 | proc_iterate_fn_t callout, |
3802 | void *arg) |
3803 | { |
3804 | pidlist_t pid_list, *pl = pidlist_init(pl: &pid_list); |
3805 | u_int pid_count_available = 0; |
3806 | |
3807 | assert(parent != NULL); |
3808 | assert(callout != NULL); |
3809 | |
3810 | for (;;) { |
3811 | proc_list_lock(); |
3812 | pid_count_available = parent->p_childrencnt; |
3813 | if (pid_count_available == 0) { |
3814 | proc_list_unlock(); |
3815 | goto out; |
3816 | } |
3817 | if (pidlist_nalloc(pl) >= pid_count_available) { |
3818 | break; |
3819 | } |
3820 | proc_list_unlock(); |
3821 | |
3822 | pidlist_alloc(pl, needed: pid_count_available); |
3823 | } |
3824 | pidlist_set_active(pl); |
3825 | |
3826 | u_int pid_count = 0; |
3827 | proc_t p; |
3828 | PCHILDREN_FOREACH(parent, p) { |
3829 | if (p->p_stat == SIDL || proc_is_shadow(p)) { |
3830 | continue; |
3831 | } |
3832 | |
3833 | pidlist_add_pid(pl, pid: proc_pid(p)); |
3834 | if (++pid_count >= pid_count_available) { |
3835 | break; |
3836 | } |
3837 | } |
3838 | |
3839 | proc_list_unlock(); |
3840 | |
3841 | const pidlist_entry_t *pe; |
3842 | SLIST_FOREACH(pe, &(pl->pl_head), pe_link) { |
3843 | for (u_int i = 0; i < pe->pe_nused; i++) { |
3844 | const pid_t pid = pe->pe_pid[i]; |
3845 | p = proc_find(pid); |
3846 | if (!p) { |
3847 | continue; |
3848 | } |
3849 | const int callout_ret = callout(p, arg); |
3850 | |
3851 | switch (callout_ret) { |
3852 | case PROC_RETURNED_DONE: |
3853 | proc_rele(p); |
3854 | OS_FALLTHROUGH; |
3855 | case PROC_CLAIMED_DONE: |
3856 | goto out; |
3857 | |
3858 | case PROC_RETURNED: |
3859 | proc_rele(p); |
3860 | OS_FALLTHROUGH; |
3861 | case PROC_CLAIMED: |
3862 | break; |
3863 | default: |
3864 | panic("%s: callout =%d for pid %d" , |
3865 | __func__, callout_ret, pid); |
3866 | break; |
3867 | } |
3868 | } |
3869 | } |
3870 | out: |
3871 | pidlist_free(pl); |
3872 | } |
3873 | |
3874 | void |
3875 | pgrp_iterate( |
3876 | struct pgrp *pgrp, |
3877 | proc_iterate_fn_t callout, |
3878 | void * arg, |
3879 | bool (^filterfn)(proc_t)) |
3880 | { |
3881 | pidlist_t pid_list, *pl = pidlist_init(pl: &pid_list); |
3882 | u_int pid_count_available = 0; |
3883 | proc_t p; |
3884 | |
3885 | assert(pgrp != NULL); |
3886 | assert(callout != NULL); |
3887 | |
3888 | for (;;) { |
3889 | pgrp_lock(pgrp); |
3890 | /* |
3891 | * each member has one ref + some transient holders, |
3892 | * this is a good enough approximation |
3893 | */ |
3894 | pid_count_available = os_ref_get_count_mask(rc: &pgrp->pg_refcount, |
3895 | PGRP_REF_BITS); |
3896 | if (pidlist_nalloc(pl) >= pid_count_available) { |
3897 | break; |
3898 | } |
3899 | pgrp_unlock(pgrp); |
3900 | |
3901 | pidlist_alloc(pl, needed: pid_count_available); |
3902 | } |
3903 | pidlist_set_active(pl); |
3904 | |
3905 | const pid_t pgid = pgrp->pg_id; |
3906 | u_int pid_count = 0; |
3907 | |
3908 | PGMEMBERS_FOREACH(pgrp, p) { |
3909 | if ((filterfn != NULL) && (filterfn(p) == 0)) { |
3910 | continue; |
3911 | } |
3912 | pidlist_add_pid(pl, pid: proc_pid(p)); |
3913 | if (++pid_count >= pid_count_available) { |
3914 | break; |
3915 | } |
3916 | } |
3917 | |
3918 | pgrp_unlock(pgrp); |
3919 | |
3920 | const pidlist_entry_t *pe; |
3921 | SLIST_FOREACH(pe, &(pl->pl_head), pe_link) { |
3922 | for (u_int i = 0; i < pe->pe_nused; i++) { |
3923 | const pid_t pid = pe->pe_pid[i]; |
3924 | if (0 == pid) { |
3925 | continue; /* skip kernproc */ |
3926 | } |
3927 | p = proc_find(pid); |
3928 | if (!p) { |
3929 | continue; |
3930 | } |
3931 | if (p->p_pgrpid != pgid) { |
3932 | proc_rele(p); |
3933 | continue; |
3934 | } |
3935 | const int callout_ret = callout(p, arg); |
3936 | |
3937 | switch (callout_ret) { |
3938 | case PROC_RETURNED: |
3939 | proc_rele(p); |
3940 | OS_FALLTHROUGH; |
3941 | case PROC_CLAIMED: |
3942 | break; |
3943 | case PROC_RETURNED_DONE: |
3944 | proc_rele(p); |
3945 | OS_FALLTHROUGH; |
3946 | case PROC_CLAIMED_DONE: |
3947 | goto out; |
3948 | |
3949 | default: |
3950 | panic("%s: callout =%d for pid %d" , |
3951 | __func__, callout_ret, pid); |
3952 | } |
3953 | } |
3954 | } |
3955 | |
3956 | out: |
3957 | pidlist_free(pl); |
3958 | } |
3959 | |
3960 | /* consumes the newpg ref */ |
3961 | static void |
3962 | pgrp_replace(struct proc *p, struct pgrp *newpg) |
3963 | { |
3964 | struct pgrp *oldpg; |
3965 | |
3966 | proc_list_lock(); |
3967 | oldpg = smr_serialized_load(&p->p_pgrp); |
3968 | pgrp_del_member(pgrp: oldpg, p); |
3969 | pgrp_add_member(pgrp: newpg, PROC_NULL, p); |
3970 | proc_list_unlock(); |
3971 | |
3972 | pgrp_rele(pgrp: oldpg); |
3973 | } |
3974 | |
3975 | struct pgrp * |
3976 | pgrp_alloc(pid_t pgid, pggrp_ref_bits_t bits) |
3977 | { |
3978 | struct pgrp *pgrp = zalloc_flags(pgrp_zone, Z_WAITOK | Z_ZERO | Z_NOFAIL); |
3979 | |
3980 | os_ref_init_mask(&pgrp->pg_refcount, PGRP_REF_BITS, &p_refgrp, bits); |
3981 | os_ref_init_raw(&pgrp->pg_hashref, &p_refgrp); |
3982 | LIST_INIT(&pgrp->pg_members); |
3983 | lck_mtx_init(lck: &pgrp->pg_mlock, grp: &proc_mlock_grp, attr: &proc_lck_attr); |
3984 | pgrp->pg_id = pgid; |
3985 | |
3986 | return pgrp; |
3987 | } |
3988 | |
3989 | void |
3990 | pgrp_lock(struct pgrp * pgrp) |
3991 | { |
3992 | lck_mtx_lock(lck: &pgrp->pg_mlock); |
3993 | } |
3994 | |
3995 | void |
3996 | pgrp_unlock(struct pgrp * pgrp) |
3997 | { |
3998 | lck_mtx_unlock(lck: &pgrp->pg_mlock); |
3999 | } |
4000 | |
4001 | struct session * |
4002 | session_find_locked(pid_t sessid) |
4003 | { |
4004 | struct session *sess; |
4005 | |
4006 | LIST_FOREACH(sess, SESSHASH(sessid), s_hash) { |
4007 | if (sess->s_sid == sessid) { |
4008 | break; |
4009 | } |
4010 | } |
4011 | |
4012 | return sess; |
4013 | } |
4014 | |
4015 | void |
4016 | session_replace_leader(struct proc *old_proc, struct proc *new_proc) |
4017 | { |
4018 | assert(old_proc == current_proc()); |
4019 | |
4020 | /* If old_proc is session leader, change the leader to new proc */ |
4021 | struct pgrp *pgrp = smr_serialized_load(&old_proc->p_pgrp); |
4022 | struct session *sessp = pgrp->pg_session; |
4023 | struct tty *ttyp = TTY_NULL; |
4024 | |
4025 | if (sessp == SESSION_NULL || !SESS_LEADER(old_proc, sessp)) { |
4026 | return; |
4027 | } |
4028 | |
4029 | session_lock(sess: sessp); |
4030 | if (sessp->s_ttyp && sessp->s_ttyp->t_session == sessp) { |
4031 | ttyp = sessp->s_ttyp; |
4032 | ttyhold(tp: ttyp); |
4033 | } |
4034 | |
4035 | /* Do the dance to take tty lock and session lock */ |
4036 | if (ttyp) { |
4037 | session_unlock(sess: sessp); |
4038 | tty_lock(tp: ttyp); |
4039 | session_lock(sess: sessp); |
4040 | } |
4041 | |
4042 | sessp->s_leader = new_proc; |
4043 | session_unlock(sess: sessp); |
4044 | |
4045 | if (ttyp) { |
4046 | tty_unlock(tp: ttyp); |
4047 | ttyfree(ttyp); |
4048 | } |
4049 | } |
4050 | |
4051 | void |
4052 | session_lock(struct session * sess) |
4053 | { |
4054 | lck_mtx_lock(lck: &sess->s_mlock); |
4055 | } |
4056 | |
4057 | |
4058 | void |
4059 | session_unlock(struct session * sess) |
4060 | { |
4061 | lck_mtx_unlock(lck: &sess->s_mlock); |
4062 | } |
4063 | |
4064 | struct pgrp * |
4065 | proc_pgrp(proc_t p, struct session **sessp) |
4066 | { |
4067 | struct pgrp *pgrp = PGRP_NULL; |
4068 | bool success = false; |
4069 | |
4070 | if (__probable(p != PROC_NULL)) { |
4071 | smr_proc_task_enter(); |
4072 | pgrp = smr_entered_load(&p->p_pgrp); |
4073 | success = pgrp == PGRP_NULL || pg_ref_try(pgrp); |
4074 | smr_proc_task_leave(); |
4075 | |
4076 | if (__improbable(!success)) { |
4077 | /* |
4078 | * We caught the process in the middle of pgrp_replace(), |
4079 | * go the slow, never failing way. |
4080 | */ |
4081 | proc_list_lock(); |
4082 | pgrp = pg_ref(smr_serialized_load(&p->p_pgrp)); |
4083 | proc_list_unlock(); |
4084 | } |
4085 | } |
4086 | |
4087 | if (sessp) { |
4088 | *sessp = pgrp ? pgrp->pg_session : SESSION_NULL; |
4089 | } |
4090 | return pgrp; |
4091 | } |
4092 | |
4093 | struct pgrp * |
4094 | tty_pgrp_locked(struct tty *tp) |
4095 | { |
4096 | struct pgrp *pg = PGRP_NULL; |
4097 | |
4098 | /* either the tty_lock() or the proc_list_lock() must be held */ |
4099 | |
4100 | if (tp->t_pgrp) { |
4101 | pg = pg_ref(pgrp: tp->t_pgrp); |
4102 | } |
4103 | |
4104 | return pg; |
4105 | } |
4106 | |
4107 | int |
4108 | proc_transstart(proc_t p, int locked, int non_blocking) |
4109 | { |
4110 | if (locked == 0) { |
4111 | proc_lock(p); |
4112 | } |
4113 | while ((p->p_lflag & P_LINTRANSIT) == P_LINTRANSIT) { |
4114 | if (((p->p_lflag & P_LTRANSCOMMIT) == P_LTRANSCOMMIT) || non_blocking) { |
4115 | if (locked == 0) { |
4116 | proc_unlock(p); |
4117 | } |
4118 | return EDEADLK; |
4119 | } |
4120 | p->p_lflag |= P_LTRANSWAIT; |
4121 | msleep(chan: &p->p_lflag, mtx: &p->p_mlock, pri: 0, wmesg: "proc_signstart" , NULL); |
4122 | } |
4123 | p->p_lflag |= P_LINTRANSIT; |
4124 | p->p_transholder = current_thread(); |
4125 | if (locked == 0) { |
4126 | proc_unlock(p); |
4127 | } |
4128 | return 0; |
4129 | } |
4130 | |
4131 | void |
4132 | proc_transcommit(proc_t p, int locked) |
4133 | { |
4134 | if (locked == 0) { |
4135 | proc_lock(p); |
4136 | } |
4137 | |
4138 | assert((p->p_lflag & P_LINTRANSIT) == P_LINTRANSIT); |
4139 | assert(p->p_transholder == current_thread()); |
4140 | p->p_lflag |= P_LTRANSCOMMIT; |
4141 | |
4142 | if ((p->p_lflag & P_LTRANSWAIT) == P_LTRANSWAIT) { |
4143 | p->p_lflag &= ~P_LTRANSWAIT; |
4144 | wakeup(chan: &p->p_lflag); |
4145 | } |
4146 | if (locked == 0) { |
4147 | proc_unlock(p); |
4148 | } |
4149 | } |
4150 | |
4151 | void |
4152 | proc_transend(proc_t p, int locked) |
4153 | { |
4154 | if (locked == 0) { |
4155 | proc_lock(p); |
4156 | } |
4157 | |
4158 | p->p_lflag &= ~(P_LINTRANSIT | P_LTRANSCOMMIT); |
4159 | p->p_transholder = NULL; |
4160 | |
4161 | if ((p->p_lflag & P_LTRANSWAIT) == P_LTRANSWAIT) { |
4162 | p->p_lflag &= ~P_LTRANSWAIT; |
4163 | wakeup(chan: &p->p_lflag); |
4164 | } |
4165 | if (locked == 0) { |
4166 | proc_unlock(p); |
4167 | } |
4168 | } |
4169 | |
4170 | int |
4171 | proc_transwait(proc_t p, int locked) |
4172 | { |
4173 | if (locked == 0) { |
4174 | proc_lock(p); |
4175 | } |
4176 | while ((p->p_lflag & P_LINTRANSIT) == P_LINTRANSIT) { |
4177 | if ((p->p_lflag & P_LTRANSCOMMIT) == P_LTRANSCOMMIT && current_proc() == p) { |
4178 | if (locked == 0) { |
4179 | proc_unlock(p); |
4180 | } |
4181 | return EDEADLK; |
4182 | } |
4183 | p->p_lflag |= P_LTRANSWAIT; |
4184 | msleep(chan: &p->p_lflag, mtx: &p->p_mlock, pri: 0, wmesg: "proc_signstart" , NULL); |
4185 | } |
4186 | if (locked == 0) { |
4187 | proc_unlock(p); |
4188 | } |
4189 | return 0; |
4190 | } |
4191 | |
4192 | void |
4193 | proc_klist_lock(void) |
4194 | { |
4195 | lck_mtx_lock(lck: &proc_klist_mlock); |
4196 | } |
4197 | |
4198 | void |
4199 | proc_klist_unlock(void) |
4200 | { |
4201 | lck_mtx_unlock(lck: &proc_klist_mlock); |
4202 | } |
4203 | |
4204 | void |
4205 | proc_knote(struct proc * p, long hint) |
4206 | { |
4207 | proc_klist_lock(); |
4208 | KNOTE(&p->p_klist, hint); |
4209 | proc_klist_unlock(); |
4210 | } |
4211 | |
4212 | void |
4213 | proc_transfer_knotes(struct proc *old_proc, struct proc *new_proc) |
4214 | { |
4215 | struct knote *kn = NULL; |
4216 | |
4217 | proc_klist_lock(); |
4218 | while ((kn = SLIST_FIRST(&old_proc->p_klist))) { |
4219 | KNOTE_DETACH(&old_proc->p_klist, kn); |
4220 | if (kn->kn_filtid == (uint8_t)~EVFILT_PROC) { |
4221 | kn->kn_proc = new_proc; |
4222 | KNOTE_ATTACH(&new_proc->p_klist, kn); |
4223 | } else { |
4224 | assert(kn->kn_filtid == (uint8_t)~EVFILT_SIGNAL); |
4225 | kn->kn_proc = NULL; |
4226 | } |
4227 | } |
4228 | proc_klist_unlock(); |
4229 | } |
4230 | |
4231 | void |
4232 | proc_knote_drain(struct proc *p) |
4233 | { |
4234 | struct knote *kn = NULL; |
4235 | |
4236 | /* |
4237 | * Clear the proc's klist to avoid references after the proc is reaped. |
4238 | */ |
4239 | proc_klist_lock(); |
4240 | while ((kn = SLIST_FIRST(&p->p_klist))) { |
4241 | kn->kn_proc = PROC_NULL; |
4242 | KNOTE_DETACH(&p->p_klist, kn); |
4243 | } |
4244 | proc_klist_unlock(); |
4245 | } |
4246 | |
4247 | void |
4248 | proc_setregister(proc_t p) |
4249 | { |
4250 | proc_lock(p); |
4251 | p->p_lflag |= P_LREGISTER; |
4252 | proc_unlock(p); |
4253 | } |
4254 | |
4255 | void |
4256 | proc_resetregister(proc_t p) |
4257 | { |
4258 | proc_lock(p); |
4259 | p->p_lflag &= ~P_LREGISTER; |
4260 | proc_unlock(p); |
4261 | } |
4262 | |
4263 | bool |
4264 | proc_get_pthread_jit_allowlist(proc_t p, bool *late_out) |
4265 | { |
4266 | bool ret = false; |
4267 | |
4268 | proc_lock(p); |
4269 | ret = (p->p_lflag & P_LPTHREADJITALLOWLIST); |
4270 | *late_out = (p->p_lflag & P_LPTHREADJITFREEZELATE); |
4271 | proc_unlock(p); |
4272 | |
4273 | return ret; |
4274 | } |
4275 | |
4276 | void |
4277 | proc_set_pthread_jit_allowlist(proc_t p, bool late) |
4278 | { |
4279 | proc_lock(p); |
4280 | p->p_lflag |= P_LPTHREADJITALLOWLIST; |
4281 | if (late) { |
4282 | p->p_lflag |= P_LPTHREADJITFREEZELATE; |
4283 | } |
4284 | proc_unlock(p); |
4285 | } |
4286 | |
4287 | pid_t |
4288 | proc_pgrpid(proc_t p) |
4289 | { |
4290 | return p->p_pgrpid; |
4291 | } |
4292 | |
4293 | pid_t |
4294 | proc_sessionid(proc_t p) |
4295 | { |
4296 | return p->p_sessionid; |
4297 | } |
4298 | |
4299 | pid_t |
4300 | proc_selfpgrpid() |
4301 | { |
4302 | return current_proc()->p_pgrpid; |
4303 | } |
4304 | |
4305 | |
4306 | /* return control and action states */ |
4307 | int |
4308 | proc_getpcontrol(int pid, int * pcontrolp) |
4309 | { |
4310 | proc_t p; |
4311 | |
4312 | p = proc_find(pid); |
4313 | if (p == PROC_NULL) { |
4314 | return ESRCH; |
4315 | } |
4316 | if (pcontrolp != NULL) { |
4317 | *pcontrolp = p->p_pcaction; |
4318 | } |
4319 | |
4320 | proc_rele(p); |
4321 | return 0; |
4322 | } |
4323 | |
4324 | int |
4325 | proc_dopcontrol(proc_t p) |
4326 | { |
4327 | int pcontrol; |
4328 | os_reason_t kill_reason; |
4329 | |
4330 | proc_lock(p); |
4331 | |
4332 | pcontrol = PROC_CONTROL_STATE(p); |
4333 | |
4334 | if (PROC_ACTION_STATE(p) == 0) { |
4335 | switch (pcontrol) { |
4336 | case P_PCTHROTTLE: |
4337 | PROC_SETACTION_STATE(p); |
4338 | proc_unlock(p); |
4339 | printf("low swap: throttling pid %d (%s)\n" , proc_getpid(p), p->p_comm); |
4340 | break; |
4341 | |
4342 | case P_PCSUSP: |
4343 | PROC_SETACTION_STATE(p); |
4344 | proc_unlock(p); |
4345 | printf("low swap: suspending pid %d (%s)\n" , proc_getpid(p), p->p_comm); |
4346 | task_suspend(target_task: proc_task(proc: p)); |
4347 | break; |
4348 | |
4349 | case P_PCKILL: |
4350 | PROC_SETACTION_STATE(p); |
4351 | proc_unlock(p); |
4352 | printf("low swap: killing pid %d (%s)\n" , proc_getpid(p), p->p_comm); |
4353 | kill_reason = os_reason_create(OS_REASON_JETSAM, JETSAM_REASON_LOWSWAP); |
4354 | psignal_with_reason(p, SIGKILL, signal_reason: kill_reason); |
4355 | break; |
4356 | |
4357 | default: |
4358 | proc_unlock(p); |
4359 | } |
4360 | } else { |
4361 | proc_unlock(p); |
4362 | } |
4363 | |
4364 | return PROC_RETURNED; |
4365 | } |
4366 | |
4367 | |
4368 | /* |
4369 | * Resume a throttled or suspended process. This is an internal interface that's only |
4370 | * used by the user level code that presents the GUI when we run out of swap space and |
4371 | * hence is restricted to processes with superuser privileges. |
4372 | */ |
4373 | |
4374 | int |
4375 | proc_resetpcontrol(int pid) |
4376 | { |
4377 | proc_t p; |
4378 | int pcontrol; |
4379 | int error; |
4380 | proc_t self = current_proc(); |
4381 | |
4382 | /* if the process has been validated to handle resource control or root is valid one */ |
4383 | if (((self->p_lflag & P_LVMRSRCOWNER) == 0) && (error = suser(cred: kauth_cred_get(), acflag: 0))) { |
4384 | return error; |
4385 | } |
4386 | |
4387 | p = proc_find(pid); |
4388 | if (p == PROC_NULL) { |
4389 | return ESRCH; |
4390 | } |
4391 | |
4392 | proc_lock(p); |
4393 | |
4394 | pcontrol = PROC_CONTROL_STATE(p); |
4395 | |
4396 | if (PROC_ACTION_STATE(p) != 0) { |
4397 | switch (pcontrol) { |
4398 | case P_PCTHROTTLE: |
4399 | PROC_RESETACTION_STATE(p); |
4400 | proc_unlock(p); |
4401 | printf("low swap: unthrottling pid %d (%s)\n" , proc_getpid(p), p->p_comm); |
4402 | break; |
4403 | |
4404 | case P_PCSUSP: |
4405 | PROC_RESETACTION_STATE(p); |
4406 | proc_unlock(p); |
4407 | printf("low swap: resuming pid %d (%s)\n" , proc_getpid(p), p->p_comm); |
4408 | task_resume(target_task: proc_task(proc: p)); |
4409 | break; |
4410 | |
4411 | case P_PCKILL: |
4412 | /* Huh? */ |
4413 | PROC_SETACTION_STATE(p); |
4414 | proc_unlock(p); |
4415 | printf("low swap: attempt to unkill pid %d (%s) ignored\n" , proc_getpid(p), p->p_comm); |
4416 | break; |
4417 | |
4418 | default: |
4419 | proc_unlock(p); |
4420 | } |
4421 | } else { |
4422 | proc_unlock(p); |
4423 | } |
4424 | |
4425 | proc_rele(p); |
4426 | return 0; |
4427 | } |
4428 | |
4429 | |
4430 | |
4431 | struct no_paging_space { |
4432 | uint64_t pcs_max_size; |
4433 | uint64_t pcs_uniqueid; |
4434 | int pcs_pid; |
4435 | int pcs_proc_count; |
4436 | uint64_t pcs_total_size; |
4437 | |
4438 | uint64_t npcs_max_size; |
4439 | uint64_t npcs_uniqueid; |
4440 | int npcs_pid; |
4441 | int npcs_proc_count; |
4442 | uint64_t npcs_total_size; |
4443 | |
4444 | int apcs_proc_count; |
4445 | uint64_t apcs_total_size; |
4446 | }; |
4447 | |
4448 | |
4449 | static int |
4450 | proc_pcontrol_filter(proc_t p, void *arg) |
4451 | { |
4452 | struct no_paging_space *nps; |
4453 | uint64_t compressed; |
4454 | |
4455 | nps = (struct no_paging_space *)arg; |
4456 | |
4457 | compressed = get_task_compressed(proc_task(proc: p)); |
4458 | |
4459 | if (PROC_CONTROL_STATE(p)) { |
4460 | if (PROC_ACTION_STATE(p) == 0) { |
4461 | if (compressed > nps->pcs_max_size) { |
4462 | nps->pcs_pid = proc_getpid(p); |
4463 | nps->pcs_uniqueid = proc_uniqueid(p); |
4464 | nps->pcs_max_size = compressed; |
4465 | } |
4466 | nps->pcs_total_size += compressed; |
4467 | nps->pcs_proc_count++; |
4468 | } else { |
4469 | nps->apcs_total_size += compressed; |
4470 | nps->apcs_proc_count++; |
4471 | } |
4472 | } else { |
4473 | if (compressed > nps->npcs_max_size) { |
4474 | nps->npcs_pid = proc_getpid(p); |
4475 | nps->npcs_uniqueid = proc_uniqueid(p); |
4476 | nps->npcs_max_size = compressed; |
4477 | } |
4478 | nps->npcs_total_size += compressed; |
4479 | nps->npcs_proc_count++; |
4480 | } |
4481 | return 0; |
4482 | } |
4483 | |
4484 | |
4485 | static int |
4486 | proc_pcontrol_null(__unused proc_t p, __unused void *arg) |
4487 | { |
4488 | return PROC_RETURNED; |
4489 | } |
4490 | |
4491 | |
4492 | /* |
4493 | * Deal with the low on compressor pool space condition... this function |
4494 | * gets called when we are approaching the limits of the compressor pool or |
4495 | * we are unable to create a new swap file. |
4496 | * Since this eventually creates a memory deadlock situtation, we need to take action to free up |
4497 | * memory resources (both compressed and uncompressed) in order to prevent the system from hanging completely. |
4498 | * There are 2 categories of processes to deal with. Those that have an action |
4499 | * associated with them by the task itself and those that do not. Actionable |
4500 | * tasks can have one of three categories specified: ones that |
4501 | * can be killed immediately, ones that should be suspended, and ones that should |
4502 | * be throttled. Processes that do not have an action associated with them are normally |
4503 | * ignored unless they are utilizing such a large percentage of the compressor pool (currently 50%) |
4504 | * that only by killing them can we hope to put the system back into a usable state. |
4505 | */ |
4506 | |
4507 | #define NO_PAGING_SPACE_DEBUG 0 |
4508 | |
4509 | extern uint64_t vm_compressor_pages_compressed(void); |
4510 | |
4511 | struct timeval last_no_space_action = {.tv_sec = 0, .tv_usec = 0}; |
4512 | |
4513 | #define MB_SIZE (1024 * 1024ULL) |
4514 | boolean_t memorystatus_kill_on_VM_compressor_space_shortage(boolean_t); |
4515 | |
4516 | extern int32_t max_kill_priority; |
4517 | |
4518 | int |
4519 | no_paging_space_action() |
4520 | { |
4521 | proc_t p; |
4522 | struct no_paging_space nps; |
4523 | struct timeval now; |
4524 | os_reason_t kill_reason; |
4525 | |
4526 | /* |
4527 | * Throttle how often we come through here. Once every 5 seconds should be plenty. |
4528 | */ |
4529 | microtime(tv: &now); |
4530 | |
4531 | if (now.tv_sec <= last_no_space_action.tv_sec + 5) { |
4532 | return 0; |
4533 | } |
4534 | |
4535 | /* |
4536 | * Examine all processes and find the biggest (biggest is based on the number of pages this |
4537 | * task has in the compressor pool) that has been marked to have some action |
4538 | * taken when swap space runs out... we also find the biggest that hasn't been marked for |
4539 | * action. |
4540 | * |
4541 | * If the biggest non-actionable task is over the "dangerously big" threashold (currently 50% of |
4542 | * the total number of pages held by the compressor, we go ahead and kill it since no other task |
4543 | * can have any real effect on the situation. Otherwise, we go after the actionable process. |
4544 | */ |
4545 | bzero(s: &nps, n: sizeof(nps)); |
4546 | |
4547 | proc_iterate(PROC_ALLPROCLIST, callout: proc_pcontrol_null, arg: (void *)NULL, filterfn: proc_pcontrol_filter, filterarg: (void *)&nps); |
4548 | |
4549 | #if NO_PAGING_SPACE_DEBUG |
4550 | printf("low swap: npcs_proc_count = %d, npcs_total_size = %qd, npcs_max_size = %qd\n" , |
4551 | nps.npcs_proc_count, nps.npcs_total_size, nps.npcs_max_size); |
4552 | printf("low swap: pcs_proc_count = %d, pcs_total_size = %qd, pcs_max_size = %qd\n" , |
4553 | nps.pcs_proc_count, nps.pcs_total_size, nps.pcs_max_size); |
4554 | printf("low swap: apcs_proc_count = %d, apcs_total_size = %qd\n" , |
4555 | nps.apcs_proc_count, nps.apcs_total_size); |
4556 | #endif |
4557 | if (nps.npcs_max_size > (vm_compressor_pages_compressed() * 50) / 100) { |
4558 | /* |
4559 | * for now we'll knock out any task that has more then 50% of the pages |
4560 | * held by the compressor |
4561 | */ |
4562 | if ((p = proc_find(pid: nps.npcs_pid)) != PROC_NULL) { |
4563 | if (nps.npcs_uniqueid == proc_uniqueid(p)) { |
4564 | /* |
4565 | * verify this is still the same process |
4566 | * in case the proc exited and the pid got reused while |
4567 | * we were finishing the proc_iterate and getting to this point |
4568 | */ |
4569 | last_no_space_action = now; |
4570 | |
4571 | printf("low swap: killing largest compressed process with pid %d (%s) and size %llu MB\n" , proc_getpid(p), p->p_comm, (nps.npcs_max_size / MB_SIZE)); |
4572 | kill_reason = os_reason_create(OS_REASON_JETSAM, JETSAM_REASON_LOWSWAP); |
4573 | psignal_with_reason(p, SIGKILL, signal_reason: kill_reason); |
4574 | |
4575 | proc_rele(p); |
4576 | |
4577 | return 0; |
4578 | } |
4579 | |
4580 | proc_rele(p); |
4581 | } |
4582 | } |
4583 | |
4584 | /* |
4585 | * We have some processes within our jetsam bands of consideration and hence can be killed. |
4586 | * So we will invoke the memorystatus thread to go ahead and kill something. |
4587 | */ |
4588 | if (memorystatus_get_proccnt_upto_priority(max_bucket_index: max_kill_priority) > 0) { |
4589 | last_no_space_action = now; |
4590 | /* |
4591 | * TODO(jason): This is only mac OS right now, but we'll need |
4592 | * something like this on iPad... |
4593 | */ |
4594 | memorystatus_kill_on_VM_compressor_space_shortage(TRUE); |
4595 | return 1; |
4596 | } |
4597 | |
4598 | /* |
4599 | * No eligible processes to kill. So let's suspend/kill the largest |
4600 | * process depending on its policy control specifications. |
4601 | */ |
4602 | |
4603 | if (nps.pcs_max_size > 0) { |
4604 | if ((p = proc_find(pid: nps.pcs_pid)) != PROC_NULL) { |
4605 | if (nps.pcs_uniqueid == proc_uniqueid(p)) { |
4606 | /* |
4607 | * verify this is still the same process |
4608 | * in case the proc exited and the pid got reused while |
4609 | * we were finishing the proc_iterate and getting to this point |
4610 | */ |
4611 | last_no_space_action = now; |
4612 | |
4613 | proc_dopcontrol(p); |
4614 | |
4615 | proc_rele(p); |
4616 | |
4617 | return 1; |
4618 | } |
4619 | |
4620 | proc_rele(p); |
4621 | } |
4622 | } |
4623 | last_no_space_action = now; |
4624 | |
4625 | printf("low swap: unable to find any eligible processes to take action on\n" ); |
4626 | |
4627 | return 0; |
4628 | } |
4629 | |
4630 | int |
4631 | proc_trace_log(__unused proc_t p, struct proc_trace_log_args *uap, __unused int *retval) |
4632 | { |
4633 | int ret = 0; |
4634 | proc_t target_proc = PROC_NULL; |
4635 | pid_t target_pid = uap->pid; |
4636 | uint64_t target_uniqueid = uap->uniqueid; |
4637 | task_t target_task = NULL; |
4638 | |
4639 | if (priv_check_cred(cred: kauth_cred_get(), PRIV_PROC_TRACE_INSPECT, flags: 0)) { |
4640 | ret = EPERM; |
4641 | goto out; |
4642 | } |
4643 | target_proc = proc_find(pid: target_pid); |
4644 | if (target_proc != PROC_NULL) { |
4645 | if (target_uniqueid != proc_uniqueid(p: target_proc)) { |
4646 | ret = ENOENT; |
4647 | goto out; |
4648 | } |
4649 | |
4650 | target_task = proc_task(proc: target_proc); |
4651 | if (task_send_trace_memory(task: target_task, pid: target_pid, uniqueid: target_uniqueid)) { |
4652 | ret = EINVAL; |
4653 | goto out; |
4654 | } |
4655 | } else { |
4656 | ret = ENOENT; |
4657 | } |
4658 | |
4659 | out: |
4660 | if (target_proc != PROC_NULL) { |
4661 | proc_rele(p: target_proc); |
4662 | } |
4663 | return ret; |
4664 | } |
4665 | |
4666 | #if VM_SCAN_FOR_SHADOW_CHAIN |
4667 | extern int vm_map_shadow_max(vm_map_t map); |
4668 | int proc_shadow_max(void); |
4669 | int |
4670 | proc_shadow_max(void) |
4671 | { |
4672 | int retval, max; |
4673 | proc_t p; |
4674 | task_t task; |
4675 | vm_map_t map; |
4676 | |
4677 | max = 0; |
4678 | proc_list_lock(); |
4679 | for (p = allproc.lh_first; (p != 0); p = p->p_list.le_next) { |
4680 | if (p->p_stat == SIDL) { |
4681 | continue; |
4682 | } |
4683 | task = proc_task(p); |
4684 | if (task == NULL) { |
4685 | continue; |
4686 | } |
4687 | map = get_task_map(task); |
4688 | if (map == NULL) { |
4689 | continue; |
4690 | } |
4691 | retval = vm_map_shadow_max(map); |
4692 | if (retval > max) { |
4693 | max = retval; |
4694 | } |
4695 | } |
4696 | proc_list_unlock(); |
4697 | return max; |
4698 | } |
4699 | #endif /* VM_SCAN_FOR_SHADOW_CHAIN */ |
4700 | |
4701 | void proc_set_responsible_pid(proc_t target_proc, pid_t responsible_pid); |
4702 | void |
4703 | proc_set_responsible_pid(proc_t target_proc, pid_t responsible_pid) |
4704 | { |
4705 | if (target_proc != NULL) { |
4706 | target_proc->p_responsible_pid = responsible_pid; |
4707 | |
4708 | // Also save the responsible UUID |
4709 | if (responsible_pid >= 0) { |
4710 | proc_t responsible_proc = proc_find(pid: responsible_pid); |
4711 | if (responsible_proc != PROC_NULL) { |
4712 | proc_getexecutableuuid(p: responsible_proc, uuidbuf: target_proc->p_responsible_uuid, size: sizeof(target_proc->p_responsible_uuid)); |
4713 | proc_rele(p: responsible_proc); |
4714 | } |
4715 | } |
4716 | } |
4717 | return; |
4718 | } |
4719 | |
4720 | int |
4721 | proc_chrooted(proc_t p) |
4722 | { |
4723 | int retval = 0; |
4724 | |
4725 | if (p) { |
4726 | proc_fdlock(p); |
4727 | retval = (p->p_fd.fd_rdir != NULL) ? 1 : 0; |
4728 | proc_fdunlock(p); |
4729 | } |
4730 | |
4731 | return retval; |
4732 | } |
4733 | |
4734 | boolean_t |
4735 | proc_send_synchronous_EXC_RESOURCE(proc_t p) |
4736 | { |
4737 | if (p == PROC_NULL) { |
4738 | return FALSE; |
4739 | } |
4740 | |
4741 | /* Send sync EXC_RESOURCE if the process is traced */ |
4742 | if (ISSET(p->p_lflag, P_LTRACED)) { |
4743 | return TRUE; |
4744 | } |
4745 | return FALSE; |
4746 | } |
4747 | |
4748 | #if CONFIG_MACF |
4749 | size_t |
4750 | proc_get_syscall_filter_mask_size(int which) |
4751 | { |
4752 | switch (which) { |
4753 | case SYSCALL_MASK_UNIX: |
4754 | return nsysent; |
4755 | case SYSCALL_MASK_MACH: |
4756 | return mach_trap_count; |
4757 | case SYSCALL_MASK_KOBJ: |
4758 | return mach_kobj_count; |
4759 | default: |
4760 | return 0; |
4761 | } |
4762 | } |
4763 | |
4764 | int |
4765 | proc_set_syscall_filter_mask(proc_t p, int which, unsigned char *maskptr, size_t masklen) |
4766 | { |
4767 | #if DEVELOPMENT || DEBUG |
4768 | if (syscallfilter_disable) { |
4769 | printf("proc_set_syscall_filter_mask: attempt to set policy for pid %d, but disabled by boot-arg\n" , proc_pid(p)); |
4770 | return 0; |
4771 | } |
4772 | #endif // DEVELOPMENT || DEBUG |
4773 | |
4774 | switch (which) { |
4775 | case SYSCALL_MASK_UNIX: |
4776 | if (maskptr != NULL && masklen != nsysent) { |
4777 | return EINVAL; |
4778 | } |
4779 | proc_syscall_filter_mask_set(p, mask: maskptr); |
4780 | break; |
4781 | case SYSCALL_MASK_MACH: |
4782 | if (maskptr != NULL && masklen != (size_t)mach_trap_count) { |
4783 | return EINVAL; |
4784 | } |
4785 | mac_task_set_mach_filter_mask(task: proc_task(proc: p), maskptr); |
4786 | break; |
4787 | case SYSCALL_MASK_KOBJ: |
4788 | if (maskptr != NULL && masklen != (size_t)mach_kobj_count) { |
4789 | return EINVAL; |
4790 | } |
4791 | mac_task_set_kobj_filter_mask(task: proc_task(proc: p), maskptr); |
4792 | break; |
4793 | default: |
4794 | return EINVAL; |
4795 | } |
4796 | |
4797 | return 0; |
4798 | } |
4799 | |
4800 | int |
4801 | proc_set_syscall_filter_callbacks(syscall_filter_cbs_t cbs) |
4802 | { |
4803 | if (cbs->version != SYSCALL_FILTER_CALLBACK_VERSION) { |
4804 | return EINVAL; |
4805 | } |
4806 | |
4807 | /* XXX register unix filter callback instead of using MACF hook. */ |
4808 | |
4809 | if (cbs->mach_filter_cbfunc || cbs->kobj_filter_cbfunc) { |
4810 | if (mac_task_register_filter_callbacks(mach_cbfunc: cbs->mach_filter_cbfunc, |
4811 | kobj_cbfunc: cbs->kobj_filter_cbfunc) != 0) { |
4812 | return EPERM; |
4813 | } |
4814 | } |
4815 | |
4816 | return 0; |
4817 | } |
4818 | |
4819 | int |
4820 | proc_set_syscall_filter_index(int which, int num, int index) |
4821 | { |
4822 | switch (which) { |
4823 | case SYSCALL_MASK_KOBJ: |
4824 | if (ipc_kobject_set_kobjidx(msgid: num, index) != 0) { |
4825 | return ENOENT; |
4826 | } |
4827 | break; |
4828 | default: |
4829 | return EINVAL; |
4830 | } |
4831 | |
4832 | return 0; |
4833 | } |
4834 | #endif /* CONFIG_MACF */ |
4835 | |
4836 | int |
4837 | proc_set_filter_message_flag(proc_t p, boolean_t flag) |
4838 | { |
4839 | if (p == PROC_NULL) { |
4840 | return EINVAL; |
4841 | } |
4842 | |
4843 | task_set_filter_msg_flag(task: proc_task(proc: p), flag); |
4844 | |
4845 | return 0; |
4846 | } |
4847 | |
4848 | int |
4849 | proc_get_filter_message_flag(proc_t p, boolean_t *flag) |
4850 | { |
4851 | if (p == PROC_NULL || flag == NULL) { |
4852 | return EINVAL; |
4853 | } |
4854 | |
4855 | *flag = task_get_filter_msg_flag(task: proc_task(proc: p)); |
4856 | |
4857 | return 0; |
4858 | } |
4859 | |
4860 | bool |
4861 | proc_is_traced(proc_t p) |
4862 | { |
4863 | bool ret = FALSE; |
4864 | assert(p != PROC_NULL); |
4865 | proc_lock(p); |
4866 | if (p->p_lflag & P_LTRACED) { |
4867 | ret = TRUE; |
4868 | } |
4869 | proc_unlock(p); |
4870 | return ret; |
4871 | } |
4872 | |
4873 | #if CONFIG_PROC_RESOURCE_LIMITS |
4874 | int |
4875 | proc_set_filedesc_limits(proc_t p, int soft_limit, int hard_limit) |
4876 | { |
4877 | struct filedesc *fdp = &p->p_fd; |
4878 | int retval = 0; |
4879 | |
4880 | proc_fdlock(p); |
4881 | |
4882 | if (hard_limit > 0) { |
4883 | if (soft_limit >= hard_limit) { |
4884 | soft_limit = 0; |
4885 | } |
4886 | } |
4887 | fdp->fd_nfiles_soft_limit = soft_limit; |
4888 | fdp->fd_nfiles_hard_limit = hard_limit; |
4889 | /* Make sure that current fd_nfiles hasn't already exceeded these limits */ |
4890 | fd_check_limit_exceeded(fdp); |
4891 | |
4892 | proc_fdunlock(p); |
4893 | |
4894 | return retval; |
4895 | } |
4896 | |
4897 | int |
4898 | proc_set_kqworkloop_limits(proc_t p, int soft_limit, int hard_limit) |
4899 | { |
4900 | struct filedesc *fdp = &p->p_fd; |
4901 | lck_mtx_lock_spin_always(&fdp->fd_kqhashlock); |
4902 | |
4903 | fdp->kqwl_dyn_soft_limit = soft_limit; |
4904 | fdp->kqwl_dyn_hard_limit = hard_limit; |
4905 | /* Make sure existing limits aren't exceeded already */ |
4906 | kqworkloop_check_limit_exceeded(fdp); |
4907 | |
4908 | lck_mtx_unlock(&fdp->fd_kqhashlock); |
4909 | return 0; |
4910 | } |
4911 | |
4912 | static int |
4913 | proc_evaluate_fd_limits_ast(proc_t p, struct filedesc *fdp, int *soft_limit, int *hard_limit) |
4914 | { |
4915 | int fd_current_size, fd_soft_limit, fd_hard_limit; |
4916 | proc_fdlock(p); |
4917 | |
4918 | fd_current_size = fdp->fd_nfiles_open; |
4919 | fd_hard_limit = fdp->fd_nfiles_hard_limit; |
4920 | fd_soft_limit = fdp->fd_nfiles_soft_limit; |
4921 | |
4922 | /* |
4923 | * If a thread is going to take action on a specific limit exceeding, it also |
4924 | * clears it out to a SENTINEL so that future threads don't reevaluate the |
4925 | * limit as having exceeded again |
4926 | */ |
4927 | if (fd_hard_limit > 0 && fd_current_size >= fd_hard_limit) { |
4928 | /* Clear our soft limit when we are sending hard limit notification */ |
4929 | fd_soft_limit = 0; |
4930 | |
4931 | fdp->fd_nfiles_hard_limit = FD_LIMIT_SENTINEL; |
4932 | } else if (fd_soft_limit > 0 && fd_current_size >= fd_soft_limit) { |
4933 | /* Clear out hard limit when we are sending soft limit notification */ |
4934 | fd_hard_limit = 0; |
4935 | |
4936 | fdp->fd_nfiles_soft_limit = FD_LIMIT_SENTINEL; |
4937 | } else { |
4938 | /* Neither limits were exceeded */ |
4939 | fd_soft_limit = fd_hard_limit = 0; |
4940 | } |
4941 | |
4942 | proc_fdunlock(p); |
4943 | |
4944 | *soft_limit = fd_soft_limit; |
4945 | *hard_limit = fd_hard_limit; |
4946 | return fd_current_size; |
4947 | } |
4948 | |
4949 | static int |
4950 | proc_evaluate_kqwl_limits_ast(struct filedesc *fdp, int *soft_limit, int *hard_limit) |
4951 | { |
4952 | lck_mtx_lock_spin_always(&fdp->fd_kqhashlock); |
4953 | |
4954 | int kqwl_current_size = fdp->num_kqwls; |
4955 | int kqwl_soft_limit = fdp->kqwl_dyn_soft_limit; |
4956 | int kqwl_hard_limit = fdp->kqwl_dyn_hard_limit; |
4957 | |
4958 | /* |
4959 | * If a thread is going to take action on a specific limit exceeding, it also |
4960 | * clears it out to a SENTINEL so that future threads don't reevaluate the |
4961 | * limit as having exceeded again |
4962 | */ |
4963 | if (kqwl_hard_limit > 0 && kqwl_current_size >= kqwl_hard_limit) { |
4964 | /* Clear our soft limit when we are sending hard limit notification */ |
4965 | kqwl_soft_limit = 0; |
4966 | |
4967 | fdp->kqwl_dyn_hard_limit = KQWL_LIMIT_SENTINEL; |
4968 | } else if (kqwl_soft_limit > 0 && kqwl_current_size >= kqwl_soft_limit) { |
4969 | /* Clear out hard limit when we are sending soft limit notification */ |
4970 | kqwl_hard_limit = 0; |
4971 | |
4972 | fdp->kqwl_dyn_soft_limit = KQWL_LIMIT_SENTINEL; |
4973 | } else { |
4974 | /* Neither limits were exceeded */ |
4975 | kqwl_soft_limit = kqwl_hard_limit = 0; |
4976 | } |
4977 | |
4978 | lck_mtx_unlock(&fdp->fd_kqhashlock); |
4979 | |
4980 | *soft_limit = kqwl_soft_limit; |
4981 | *hard_limit = kqwl_hard_limit; |
4982 | return kqwl_current_size; |
4983 | } |
4984 | #endif /* CONFIG_PROC_RESOURCE_LIMITS */ |
4985 | |
4986 | void |
4987 | proc_filedesc_ast(__unused task_t task) |
4988 | { |
4989 | #if CONFIG_PROC_RESOURCE_LIMITS |
4990 | assert(task == current_task()); |
4991 | proc_t p = get_bsdtask_info(task); |
4992 | struct filedesc *fdp = &p->p_fd; |
4993 | |
4994 | /* |
4995 | * At this point, we can possibly race with other threads which set the AST |
4996 | * due to triggering the soft/hard limits for fd or kqworkloops. |
4997 | * |
4998 | * The first thread to reach this logic will always evaluate hard limit for fd |
4999 | * or kqworkloops even if it was the one which triggered the soft limit for |
5000 | * them. |
5001 | * |
5002 | * If a thread takes action on a specific limit, it will clear the limit value |
5003 | * in the fdp with a SENTINEL to indicate to other racing threads that they no |
5004 | * longer need to evaluate it. |
5005 | */ |
5006 | int soft_limit, hard_limit; |
5007 | int fd_current_size = proc_evaluate_fd_limits_ast(p, fdp, &soft_limit, &hard_limit); |
5008 | |
5009 | if (hard_limit || soft_limit) { |
5010 | return task_filedesc_ast(task, fd_current_size, soft_limit, hard_limit); |
5011 | } |
5012 | |
5013 | int kqwl_current_size = proc_evaluate_kqwl_limits_ast(fdp, &soft_limit, &hard_limit); |
5014 | if (hard_limit || soft_limit) { |
5015 | return task_kqworkloop_ast(task, kqwl_current_size, soft_limit, hard_limit); |
5016 | } |
5017 | #endif /* CONFIG_PROC_RESOURCE_LIMITS */ |
5018 | } |
5019 | |
5020 | proc_ro_t |
5021 | proc_ro_alloc(proc_t p, proc_ro_data_t p_data, task_t t, task_ro_data_t t_data) |
5022 | { |
5023 | proc_ro_t pr; |
5024 | struct proc_ro pr_local = {}; |
5025 | |
5026 | pr = (proc_ro_t)zalloc_ro(ZONE_ID_PROC_RO, Z_WAITOK | Z_NOFAIL | Z_ZERO); |
5027 | |
5028 | if (p != PROC_NULL) { |
5029 | pr_local.pr_proc = p; |
5030 | pr_local.proc_data = *p_data; |
5031 | } |
5032 | |
5033 | if (t != TASK_NULL) { |
5034 | pr_local.pr_task = t; |
5035 | pr_local.task_data = *t_data; |
5036 | } |
5037 | |
5038 | if ((p != PROC_NULL) || (t != TASK_NULL)) { |
5039 | zalloc_ro_update_elem(ZONE_ID_PROC_RO, pr, &pr_local); |
5040 | } |
5041 | |
5042 | return pr; |
5043 | } |
5044 | |
5045 | proc_ro_t |
5046 | proc_ro_ref_task(proc_ro_t pr, task_t t, task_ro_data_t t_data) |
5047 | { |
5048 | struct proc_ro pr_local; |
5049 | |
5050 | if (pr->pr_task != TASK_NULL) { |
5051 | panic("%s: proc_ro already has an owning task" , __func__); |
5052 | } |
5053 | |
5054 | pr_local = *pr; |
5055 | pr_local.pr_task = t; |
5056 | pr_local.task_data = *t_data; |
5057 | |
5058 | zalloc_ro_update_elem(ZONE_ID_PROC_RO, pr, &pr_local); |
5059 | |
5060 | return pr; |
5061 | } |
5062 | |
5063 | void |
5064 | proc_ro_erase_task(proc_ro_t pr) |
5065 | { |
5066 | zalloc_ro_update_field_atomic(ZONE_ID_PROC_RO, |
5067 | pr, pr_task, ZRO_ATOMIC_XCHG_LONG, TASK_NULL); |
5068 | } |
5069 | |
5070 | __abortlike |
5071 | static void |
5072 | panic_proc_ro_proc_backref_mismatch(proc_t p, proc_ro_t ro) |
5073 | { |
5074 | panic("proc_ro->proc backref mismatch: p=%p, ro=%p, " |
5075 | "ro->pr_proc(ro)=%p" , p, ro, ro->pr_proc); |
5076 | } |
5077 | |
5078 | proc_ro_t |
5079 | proc_get_ro(proc_t p) |
5080 | { |
5081 | proc_ro_t ro = p->p_proc_ro; |
5082 | |
5083 | zone_require_ro(zone_id: ZONE_ID_PROC_RO, elem_size: sizeof(struct proc_ro), addr: ro); |
5084 | if (__improbable(ro->pr_proc != p)) { |
5085 | panic_proc_ro_proc_backref_mismatch(p, ro); |
5086 | } |
5087 | |
5088 | return ro; |
5089 | } |
5090 | |
5091 | task_t |
5092 | proc_ro_task(proc_ro_t pr) |
5093 | { |
5094 | return pr->pr_task; |
5095 | } |
5096 | |