1/*
2 * Copyright (c) 1991-2015 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28#include <sys/param.h>
29#include <sys/types.h>
30#include <sys/uio.h>
31#include <sys/vnode.h>
32#include <vm/vm_kern.h>
33#include <mach/kern_return.h>
34#include <mach/vm_param.h>
35#include <kern/cpu_number.h>
36#include <mach-o/fat.h>
37#include <kern/mach_loader.h>
38#include <kern/mach_fat.h>
39#include <libkern/OSByteOrder.h>
40#include <machine/exec.h>
41
42/**********************************************************************
43* Routine: fatfile_getarch()
44*
45* Function: Locate the architecture-dependant contents of a fat
46* file that match this CPU.
47*
48* Args: header: A pointer to the fat file header.
49* size: How large the fat file header is (including fat_arch array)
50* req_cpu_type: The required cpu type.
51* mask_bits: Bits to mask from the sub-image type when
52* grading it vs. the req_cpu_type
53* imgp: Image params
54* archret (out): Pointer to fat_arch structure to hold
55* the results.
56*
57* Returns: KERN_SUCCESS: Valid architecture found.
58* KERN_FAILURE: No valid architecture found.
59**********************************************************************/
60static load_return_t
61fatfile_getarch(
62 vm_offset_t data_ptr,
63 vm_size_t data_size,
64 cpu_type_t req_cpu_type,
65 cpu_type_t mask_bits,
66 cpu_subtype_t req_subcpu_type,
67 struct image_params *imgp,
68 struct fat_arch *archret)
69{
70 load_return_t lret;
71 struct fat_arch *arch;
72 struct fat_arch *best_arch;
73 int grade;
74 int best_grade;
75 size_t nfat_arch, max_nfat_arch;
76 cpu_type_t testtype;
77 cpu_subtype_t testsubtype;
78 cpu_subtype_t testfeatures;
79 struct fat_header *header;
80
81 if (sizeof(struct fat_header) > data_size) {
82 return LOAD_FAILURE;
83 }
84
85 header = (struct fat_header *)data_ptr;
86 nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
87
88 max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
89 if (nfat_arch > max_nfat_arch) {
90 /* nfat_arch would cause us to read off end of buffer */
91 return LOAD_BADMACHO;
92 }
93
94 /*
95 * Scan the fat_arch's looking for the best one. */
96 best_arch = NULL;
97 best_grade = 0;
98 arch = (struct fat_arch *) (data_ptr + sizeof(struct fat_header));
99 for (; nfat_arch-- > 0; arch++) {
100 testtype = OSSwapBigToHostInt32(arch->cputype);
101 testsubtype = OSSwapBigToHostInt32(arch->cpusubtype) & ~CPU_SUBTYPE_MASK;
102 testfeatures = OSSwapBigToHostInt32(arch->cpusubtype) & CPU_SUBTYPE_MASK;
103
104 /*
105 * Check to see if right cpu/subcpu type.
106 */
107 if (!binary_match(mask_bits, req_cpu: req_cpu_type, req_subcpu: req_subcpu_type, test_cpu: testtype, test_subcpu: testsubtype)) {
108 continue;
109 }
110
111 /*
112 * Get the grade of the cpu subtype
113 */
114 grade = grade_binary(testtype, testsubtype, testfeatures, TRUE);
115
116 /*
117 * Remember it if it's the best we've seen.
118 */
119 if (grade > best_grade) {
120 best_grade = grade;
121 best_arch = arch;
122 }
123 }
124
125 /* On X86_64, allow 32 bit exec only for simulator binaries.
126 * Failing here without re-running the grading algorithm is safe because i386
127 * has the lowest possible grade value (so there can't be a lower best grade
128 * that would be allowed if this check denied the i386 slice). */
129 if (best_arch != NULL &&
130 validate_potential_simulator_binary(OSSwapBigToHostInt32(best_arch->cputype),
131 imgp, OSSwapBigToHostInt32(best_arch->offset),
132 OSSwapBigToHostInt32(best_arch->size)) != LOAD_SUCCESS) {
133 best_arch = NULL;
134 best_grade = 0;
135 }
136
137 /*
138 * Return our results.
139 */
140 if (best_arch == NULL) {
141 lret = LOAD_BADARCH;
142 } else {
143 archret->cputype =
144 OSSwapBigToHostInt32(best_arch->cputype);
145 archret->cpusubtype =
146 OSSwapBigToHostInt32(best_arch->cpusubtype);
147 archret->offset =
148 OSSwapBigToHostInt32(best_arch->offset);
149 archret->size =
150 OSSwapBigToHostInt32(best_arch->size);
151 archret->align =
152 OSSwapBigToHostInt32(best_arch->align);
153
154 lret = LOAD_SUCCESS;
155 }
156
157 /*
158 * Free the memory we allocated and return.
159 */
160 return lret;
161}
162
163load_return_t
164fatfile_getbestarch(
165 vm_offset_t data_ptr,
166 vm_size_t data_size,
167 struct image_params *imgp,
168 struct fat_arch *archret,
169 __unused bool affinity)
170{
171 int primary_type = cpu_type();
172
173
174 /*
175 * Ignore all architectural bits when determining if an image
176 * in a fat file should be skipped or graded.
177 */
178 load_return_t ret = fatfile_getarch(data_ptr, data_size, req_cpu_type: primary_type, CPU_ARCH_MASK, CPU_SUBTYPE_ANY, imgp, archret);
179 return ret;
180}
181
182load_return_t
183fatfile_getbestarch_for_cputype(
184 cpu_type_t cputype,
185 cpu_subtype_t cpusubtype,
186 vm_offset_t data_ptr,
187 vm_size_t data_size,
188 struct image_params *imgp,
189 struct fat_arch *archret)
190{
191 /*
192 * Scan the fat_arch array for exact matches for this cpu_type_t only
193 */
194 return fatfile_getarch(data_ptr, data_size, req_cpu_type: cputype, mask_bits: 0, req_subcpu_type: cpusubtype, imgp, archret);
195}
196
197/**********************************************************************
198* Routine: fatfile_getarch_with_bits()
199*
200* Function: Locate the architecture-dependant contents of a fat
201* file that match this CPU.
202*
203* Args: vp: The vnode for the fat file.
204* archbits: Architecture specific feature bits
205* header: A pointer to the fat file header.
206* archret (out): Pointer to fat_arch structure to hold
207* the results.
208*
209* Returns: KERN_SUCCESS: Valid architecture found.
210* KERN_FAILURE: No valid architecture found.
211**********************************************************************/
212load_return_t
213fatfile_getarch_with_bits(
214 integer_t archbits,
215 vm_offset_t data_ptr,
216 vm_size_t data_size,
217 struct fat_arch *archret)
218{
219 /*
220 * Scan the fat_arch array for matches with the requested
221 * architectural bits set, and for the current hardware cpu CPU.
222 */
223 return fatfile_getarch(data_ptr, data_size, req_cpu_type: (archbits & CPU_ARCH_MASK) | (cpu_type() & ~CPU_ARCH_MASK), mask_bits: 0, CPU_SUBTYPE_ANY, NULL, archret);
224}
225
226/*
227 * Validate the fat_header and fat_arch array in memory. We check that:
228 *
229 * 1) arch count would not exceed the data buffer
230 * 2) arch list does not contain duplicate cputype/cpusubtype tuples
231 * 3) arch list does not have two overlapping slices. The area
232 * at the front of the file containing the fat headers is implicitly
233 * a range that a slice should also not try to cover
234 */
235load_return_t
236fatfile_validate_fatarches(vm_offset_t data_ptr, vm_size_t data_size, off_t file_size)
237{
238 uint32_t magic;
239 size_t nfat_arch, max_nfat_arch, i, j;
240 size_t fat_header_size;
241
242 struct fat_arch *arches;
243 struct fat_header *header;
244
245 if (sizeof(struct fat_header) > data_size) {
246 return LOAD_FAILURE;
247 }
248
249 header = (struct fat_header *)data_ptr;
250 magic = OSSwapBigToHostInt32(header->magic);
251 nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
252
253 if (magic != FAT_MAGIC) {
254 /* must be FAT_MAGIC big endian */
255 return LOAD_FAILURE;
256 }
257
258 max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
259 if (nfat_arch > max_nfat_arch) {
260 /* nfat_arch would cause us to read off end of buffer */
261 return LOAD_BADMACHO;
262 }
263
264 /* now that we know the fat_arch list fits in the buffer, how much does it use? */
265 fat_header_size = sizeof(struct fat_header) + nfat_arch * sizeof(struct fat_arch);
266 arches = (struct fat_arch *)(data_ptr + sizeof(struct fat_header));
267
268 for (i = 0; i < nfat_arch; i++) {
269 uint32_t i_begin = OSSwapBigToHostInt32(arches[i].offset);
270 uint32_t i_size = OSSwapBigToHostInt32(arches[i].size);
271 uint32_t i_cputype = OSSwapBigToHostInt32(arches[i].cputype);
272 uint32_t i_cpusubtype = OSSwapBigToHostInt32(arches[i].cpusubtype);
273
274 if (i_begin < fat_header_size) {
275 /* slice is trying to claim part of the file used by fat headers themselves */
276 return LOAD_BADMACHO;
277 }
278
279 if ((UINT32_MAX - i_size) < i_begin) {
280 /* start + size would overflow */
281 return LOAD_BADMACHO;
282 }
283 uint32_t i_end = i_begin + i_size;
284
285 if ((off_t)i_end > file_size) {
286 /* start + size would exceed file size */
287 return LOAD_BADMACHO;
288 }
289
290 for (j = i + 1; j < nfat_arch; j++) {
291 uint32_t j_begin = OSSwapBigToHostInt32(arches[j].offset);
292 uint32_t j_size = OSSwapBigToHostInt32(arches[j].size);
293 uint32_t j_cputype = OSSwapBigToHostInt32(arches[j].cputype);
294 uint32_t j_cpusubtype = OSSwapBigToHostInt32(arches[j].cpusubtype);
295
296 if ((i_cputype == j_cputype) && (i_cpusubtype == j_cpusubtype)) {
297 /* duplicate cputype/cpusubtype, results in ambiguous references */
298 return LOAD_BADMACHO;
299 }
300
301 if ((UINT32_MAX - j_size) < j_begin) {
302 /* start + size would overflow */
303 return LOAD_BADMACHO;
304 }
305 uint32_t j_end = j_begin + j_size;
306
307 if (i_begin <= j_begin) {
308 if (i_end <= j_begin) {
309 /* I completely precedes J */
310 } else {
311 /* I started before J, but ends somewhere in or after J */
312 return LOAD_BADMACHO;
313 }
314 } else {
315 if (i_begin >= j_end) {
316 /* I started after J started but also after J ended */
317 } else {
318 /* I started after J started but before it ended, so there is overlap */
319 return LOAD_BADMACHO;
320 }
321 }
322 }
323 }
324
325 return LOAD_SUCCESS;
326}
327