1 | /* |
2 | * Copyright (c) 1998-2021 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | #include <IOKit/IOBSD.h> |
29 | #include <IOKit/IOLib.h> |
30 | #include <IOKit/IOService.h> |
31 | #include <IOKit/IOCatalogue.h> |
32 | #include <IOKit/IODeviceTreeSupport.h> |
33 | #include <IOKit/IOKitKeys.h> |
34 | #include <IOKit/IONVRAM.h> |
35 | #include <IOKit/IOPlatformExpert.h> |
36 | #include <IOKit/IOUserClient.h> |
37 | #include <libkern/c++/OSAllocation.h> |
38 | |
39 | extern "C" { |
40 | #include <libkern/amfi/amfi.h> |
41 | #include <sys/codesign.h> |
42 | #include <sys/code_signing.h> |
43 | #include <vm/pmap.h> |
44 | #include <vm/vm_map.h> |
45 | #include <pexpert/pexpert.h> |
46 | #include <kern/clock.h> |
47 | #if CONFIG_KDP_INTERACTIVE_DEBUGGING |
48 | #include <kern/debug.h> |
49 | #endif |
50 | #include <mach/machine.h> |
51 | #include <uuid/uuid.h> |
52 | #include <sys/vnode_internal.h> |
53 | #include <sys/mount.h> |
54 | #include <corecrypto/ccsha2.h> |
55 | #include <kdp/sk_core.h> |
56 | |
57 | // how long to wait for matching root device, secs |
58 | #if DEBUG |
59 | #define ROOTDEVICETIMEOUT 120 |
60 | #else |
61 | #define ROOTDEVICETIMEOUT 60 |
62 | #endif |
63 | |
64 | extern dev_t mdevadd(int devid, uint64_t base, unsigned int size, int phys); |
65 | extern dev_t mdevlookup(int devid); |
66 | extern void mdevremoveall(void); |
67 | extern int mdevgetrange(int devid, uint64_t *base, uint64_t *size); |
68 | extern void di_root_ramfile(IORegistryEntry * entry); |
69 | extern int IODTGetDefault(const char *key, void *infoAddr, unsigned int infoSize); |
70 | extern boolean_t cpuid_vmm_present(void); |
71 | |
72 | #define ROUNDUP(a, b) (((a) + ((b) - 1)) & (~((b) - 1))) |
73 | |
74 | #define IOPOLLED_COREFILE (CONFIG_KDP_INTERACTIVE_DEBUGGING) |
75 | |
76 | #if defined(XNU_TARGET_OS_BRIDGE) |
77 | #define kIOCoreDumpPath "/private/var/internal/kernelcore" |
78 | #elif defined(XNU_TARGET_OS_OSX) |
79 | #define kIOCoreDumpPath "/System/Volumes/VM/kernelcore" |
80 | #else |
81 | #define kIOCoreDumpPath "/private/var/vm/kernelcore" |
82 | #endif |
83 | |
84 | #define SYSTEM_NVRAM_PREFIX "40A0DDD2-77F8-4392-B4A3-1E7304206516:" |
85 | |
86 | #if CONFIG_KDP_INTERACTIVE_DEBUGGING |
87 | /* |
88 | * Touched by IOFindBSDRoot() if a RAMDisk is used for the root device. |
89 | */ |
90 | extern uint64_t kdp_core_ramdisk_addr; |
91 | extern uint64_t kdp_core_ramdisk_size; |
92 | |
93 | /* |
94 | * A callback to indicate that the polled-mode corefile is now available. |
95 | */ |
96 | extern kern_return_t kdp_core_polled_io_polled_file_available(IOCoreFileAccessCallback access_data, void *access_context, void *recipient_context); |
97 | |
98 | /* |
99 | * A callback to indicate that the polled-mode corefile is no longer available. |
100 | */ |
101 | extern kern_return_t kdp_core_polled_io_polled_file_unavailable(void); |
102 | #endif |
103 | |
104 | #if IOPOLLED_COREFILE |
105 | static void IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename); |
106 | |
107 | thread_call_t corefile_open_call = NULL; |
108 | #endif |
109 | |
110 | kern_return_t |
111 | IOKitBSDInit( void ) |
112 | { |
113 | IOService::publishResource(key: "IOBSD" ); |
114 | |
115 | #if IOPOLLED_COREFILE |
116 | corefile_open_call = thread_call_allocate_with_options(func: IOOpenPolledCoreFile, NULL, pri: THREAD_CALL_PRIORITY_KERNEL, options: THREAD_CALL_OPTIONS_ONCE); |
117 | #endif |
118 | |
119 | return kIOReturnSuccess; |
120 | } |
121 | |
122 | void |
123 | IOServicePublishResource( const char * property, boolean_t value ) |
124 | { |
125 | if (value) { |
126 | IOService::publishResource( key: property, value: kOSBooleanTrue ); |
127 | } else { |
128 | IOService::getResourceService()->removeProperty( aKey: property ); |
129 | } |
130 | } |
131 | |
132 | boolean_t |
133 | IOServiceWaitForMatchingResource( const char * property, uint64_t timeout ) |
134 | { |
135 | OSDictionary * dict = NULL; |
136 | IOService * match = NULL; |
137 | boolean_t found = false; |
138 | |
139 | do { |
140 | dict = IOService::resourceMatching( name: property ); |
141 | if (!dict) { |
142 | continue; |
143 | } |
144 | match = IOService::waitForMatchingService( matching: dict, timeout ); |
145 | if (match) { |
146 | found = true; |
147 | } |
148 | } while (false); |
149 | |
150 | if (dict) { |
151 | dict->release(); |
152 | } |
153 | if (match) { |
154 | match->release(); |
155 | } |
156 | |
157 | return found; |
158 | } |
159 | |
160 | boolean_t |
161 | IOCatalogueMatchingDriversPresent( const char * property ) |
162 | { |
163 | OSDictionary * dict = NULL; |
164 | OSOrderedSet * set = NULL; |
165 | SInt32 generationCount = 0; |
166 | boolean_t found = false; |
167 | |
168 | do { |
169 | dict = OSDictionary::withCapacity(capacity: 1); |
170 | if (!dict) { |
171 | continue; |
172 | } |
173 | dict->setObject( aKey: property, anObject: kOSBooleanTrue ); |
174 | set = gIOCatalogue->findDrivers( matching: dict, generationCount: &generationCount ); |
175 | if (set && (set->getCount() > 0)) { |
176 | found = true; |
177 | } |
178 | } while (false); |
179 | |
180 | if (dict) { |
181 | dict->release(); |
182 | } |
183 | if (set) { |
184 | set->release(); |
185 | } |
186 | |
187 | return found; |
188 | } |
189 | |
190 | OSDictionary * |
191 | IOBSDNameMatching( const char * name ) |
192 | { |
193 | OSDictionary * dict; |
194 | const OSSymbol * str = NULL; |
195 | |
196 | do { |
197 | dict = IOService::serviceMatching( className: gIOServiceKey ); |
198 | if (!dict) { |
199 | continue; |
200 | } |
201 | str = OSSymbol::withCString( cString: name ); |
202 | if (!str) { |
203 | continue; |
204 | } |
205 | dict->setObject( kIOBSDNameKey, anObject: (OSObject *) str ); |
206 | str->release(); |
207 | |
208 | return dict; |
209 | } while (false); |
210 | |
211 | if (dict) { |
212 | dict->release(); |
213 | } |
214 | if (str) { |
215 | str->release(); |
216 | } |
217 | |
218 | return NULL; |
219 | } |
220 | |
221 | OSDictionary * |
222 | IOUUIDMatching( void ) |
223 | { |
224 | OSObject * obj; |
225 | OSDictionary * result; |
226 | |
227 | obj = OSUnserialize( |
228 | buffer: "{" |
229 | "'IOProviderClass' = 'IOResources';" |
230 | "'IOResourceMatch' = ('IOBSD', 'boot-uuid-media');" |
231 | "}" , |
232 | NULL); |
233 | result = OSDynamicCast(OSDictionary, obj); |
234 | assert(result); |
235 | |
236 | return result; |
237 | } |
238 | |
239 | OSDictionary * |
240 | IONetworkNamePrefixMatching( const char * prefix ) |
241 | { |
242 | OSDictionary * matching; |
243 | OSDictionary * propDict = NULL; |
244 | const OSSymbol * str = NULL; |
245 | char networkType[128]; |
246 | |
247 | do { |
248 | matching = IOService::serviceMatching( className: "IONetworkInterface" ); |
249 | if (matching == NULL) { |
250 | continue; |
251 | } |
252 | |
253 | propDict = OSDictionary::withCapacity(capacity: 1); |
254 | if (propDict == NULL) { |
255 | continue; |
256 | } |
257 | |
258 | str = OSSymbol::withCString( cString: prefix ); |
259 | if (str == NULL) { |
260 | continue; |
261 | } |
262 | |
263 | propDict->setObject( aKey: "IOInterfaceNamePrefix" , anObject: (OSObject *) str ); |
264 | str->release(); |
265 | str = NULL; |
266 | |
267 | // see if we're contrained to netroot off of specific network type |
268 | if (PE_parse_boot_argn( arg_string: "network-type" , arg_ptr: networkType, max_arg: 128 )) { |
269 | str = OSSymbol::withCString( cString: networkType ); |
270 | if (str) { |
271 | propDict->setObject( aKey: "IONetworkRootType" , anObject: str); |
272 | str->release(); |
273 | str = NULL; |
274 | } |
275 | } |
276 | |
277 | if (matching->setObject( aKey: gIOPropertyMatchKey, |
278 | anObject: (OSObject *) propDict ) != true) { |
279 | continue; |
280 | } |
281 | |
282 | propDict->release(); |
283 | propDict = NULL; |
284 | |
285 | return matching; |
286 | } while (false); |
287 | |
288 | if (matching) { |
289 | matching->release(); |
290 | } |
291 | if (propDict) { |
292 | propDict->release(); |
293 | } |
294 | if (str) { |
295 | str->release(); |
296 | } |
297 | |
298 | return NULL; |
299 | } |
300 | |
301 | static bool |
302 | IORegisterNetworkInterface( IOService * netif ) |
303 | { |
304 | // A network interface is typically named and registered |
305 | // with BSD after receiving a request from a user space |
306 | // "namer". However, for cases when the system needs to |
307 | // root from the network, this registration task must be |
308 | // done inside the kernel and completed before the root |
309 | // device is handed to BSD. |
310 | |
311 | IOService * stack; |
312 | OSNumber * zero = NULL; |
313 | OSString * path = NULL; |
314 | OSDictionary * dict = NULL; |
315 | OSDataAllocation<char> pathBuf; |
316 | int len; |
317 | enum { kMaxPathLen = 512 }; |
318 | |
319 | do { |
320 | stack = IOService::waitForService( |
321 | matching: IOService::serviceMatching(className: "IONetworkStack" )); |
322 | if (stack == NULL) { |
323 | break; |
324 | } |
325 | |
326 | dict = OSDictionary::withCapacity(capacity: 3); |
327 | if (dict == NULL) { |
328 | break; |
329 | } |
330 | |
331 | zero = OSNumber::withNumber(value: (UInt64) 0, numberOfBits: 32); |
332 | if (zero == NULL) { |
333 | break; |
334 | } |
335 | |
336 | pathBuf = OSDataAllocation<char>( kMaxPathLen, OSAllocateMemory ); |
337 | if (!pathBuf) { |
338 | break; |
339 | } |
340 | |
341 | len = kMaxPathLen; |
342 | if (netif->getPath( path: pathBuf.data(), length: &len, plane: gIOServicePlane ) |
343 | == false) { |
344 | break; |
345 | } |
346 | |
347 | path = OSString::withCStringNoCopy(cString: pathBuf.data()); |
348 | if (path == NULL) { |
349 | break; |
350 | } |
351 | |
352 | dict->setObject( aKey: "IOInterfaceUnit" , anObject: zero ); |
353 | dict->setObject( kIOPathMatchKey, anObject: path ); |
354 | |
355 | stack->setProperties( dict ); |
356 | }while (false); |
357 | |
358 | if (zero) { |
359 | zero->release(); |
360 | } |
361 | if (path) { |
362 | path->release(); |
363 | } |
364 | if (dict) { |
365 | dict->release(); |
366 | } |
367 | |
368 | return netif->getProperty( kIOBSDNameKey ) != NULL; |
369 | } |
370 | |
371 | OSDictionary * |
372 | IOOFPathMatching( const char * path, char * buf, int maxLen ) |
373 | { |
374 | OSDictionary * matching = NULL; |
375 | OSString * str; |
376 | char * comp; |
377 | int len; |
378 | |
379 | do { |
380 | len = ((int) strlen( kIODeviceTreePlane ":" )); |
381 | maxLen -= len; |
382 | if (maxLen <= 0) { |
383 | continue; |
384 | } |
385 | |
386 | strlcpy( dst: buf, kIODeviceTreePlane ":" , n: len + 1 ); |
387 | comp = buf + len; |
388 | |
389 | len = ((int) strnlen( s: path, INT_MAX )); |
390 | maxLen -= len; |
391 | if (maxLen <= 0) { |
392 | continue; |
393 | } |
394 | strlcpy( dst: comp, src: path, n: len + 1 ); |
395 | |
396 | matching = OSDictionary::withCapacity( capacity: 1 ); |
397 | if (!matching) { |
398 | continue; |
399 | } |
400 | |
401 | str = OSString::withCString( cString: buf ); |
402 | if (!str) { |
403 | continue; |
404 | } |
405 | matching->setObject( kIOPathMatchKey, anObject: str ); |
406 | str->release(); |
407 | |
408 | return matching; |
409 | } while (false); |
410 | |
411 | if (matching) { |
412 | matching->release(); |
413 | } |
414 | |
415 | return NULL; |
416 | } |
417 | |
418 | static int didRam = 0; |
419 | enum { kMaxPathBuf = 512, kMaxBootVar = 128 }; |
420 | |
421 | bool |
422 | IOGetBootUUID(char *uuid) |
423 | { |
424 | IORegistryEntry *entry; |
425 | OSData *uuid_data = NULL; |
426 | bool result = false; |
427 | |
428 | if ((entry = IORegistryEntry::fromPath(path: "/chosen" , plane: gIODTPlane))) { |
429 | uuid_data = (OSData *)entry->getProperty(aKey: "boot-uuid" ); |
430 | if (uuid_data) { |
431 | unsigned int length = uuid_data->getLength(); |
432 | if (length <= sizeof(uuid_string_t)) { |
433 | /* ensure caller's buffer is fully initialized: */ |
434 | bzero(s: uuid, n: sizeof(uuid_string_t)); |
435 | /* copy the content of uuid_data->getBytesNoCopy() into uuid */ |
436 | memcpy(dst: uuid, src: uuid_data->getBytesNoCopy(), n: length); |
437 | /* guarantee nul-termination: */ |
438 | uuid[sizeof(uuid_string_t) - 1] = '\0'; |
439 | result = true; |
440 | } else { |
441 | uuid = NULL; |
442 | } |
443 | } |
444 | OSSafeReleaseNULL(entry); |
445 | } |
446 | return result; |
447 | } |
448 | |
449 | bool |
450 | IOGetApfsPrebootUUID(char *uuid) |
451 | { |
452 | IORegistryEntry *entry; |
453 | OSData *uuid_data = NULL; |
454 | bool result = false; |
455 | |
456 | if ((entry = IORegistryEntry::fromPath(path: "/chosen" , plane: gIODTPlane))) { |
457 | uuid_data = (OSData *)entry->getProperty(aKey: "apfs-preboot-uuid" ); |
458 | |
459 | if (uuid_data) { |
460 | unsigned int length = uuid_data->getLength(); |
461 | if (length <= sizeof(uuid_string_t)) { |
462 | /* ensure caller's buffer is fully initialized: */ |
463 | bzero(s: uuid, n: sizeof(uuid_string_t)); |
464 | /* copy the content of uuid_data->getBytesNoCopy() into uuid */ |
465 | memcpy(dst: uuid, src: uuid_data->getBytesNoCopy(), n: length); |
466 | /* guarantee nul-termination: */ |
467 | uuid[sizeof(uuid_string_t) - 1] = '\0'; |
468 | result = true; |
469 | } else { |
470 | uuid = NULL; |
471 | } |
472 | } |
473 | OSSafeReleaseNULL(entry); |
474 | } |
475 | return result; |
476 | } |
477 | |
478 | bool |
479 | IOGetAssociatedApfsVolgroupUUID(char *uuid) |
480 | { |
481 | IORegistryEntry *entry; |
482 | OSData *uuid_data = NULL; |
483 | bool result = false; |
484 | |
485 | if ((entry = IORegistryEntry::fromPath(path: "/chosen" , plane: gIODTPlane))) { |
486 | uuid_data = (OSData *)entry->getProperty(aKey: "associated-volume-group" ); |
487 | |
488 | if (uuid_data) { |
489 | unsigned int length = uuid_data->getLength(); |
490 | |
491 | if (length <= sizeof(uuid_string_t)) { |
492 | /* ensure caller's buffer is fully initialized: */ |
493 | bzero(s: uuid, n: sizeof(uuid_string_t)); |
494 | /* copy the content of uuid_data->getBytesNoCopy() into uuid */ |
495 | memcpy(dst: uuid, src: uuid_data->getBytesNoCopy(), n: length); |
496 | /* guarantee nul-termination: */ |
497 | uuid[sizeof(uuid_string_t) - 1] = '\0'; |
498 | result = true; |
499 | } else { |
500 | uuid = NULL; |
501 | } |
502 | } |
503 | OSSafeReleaseNULL(entry); |
504 | } |
505 | return result; |
506 | } |
507 | |
508 | bool |
509 | IOGetBootObjectsPath(char *path_prefix) |
510 | { |
511 | IORegistryEntry *entry; |
512 | OSData *path_prefix_data = NULL; |
513 | bool result = false; |
514 | |
515 | if ((entry = IORegistryEntry::fromPath(path: "/chosen" , plane: gIODTPlane))) { |
516 | path_prefix_data = (OSData *)entry->getProperty(aKey: "boot-objects-path" ); |
517 | |
518 | if (path_prefix_data) { |
519 | unsigned int length = path_prefix_data->getLength(); |
520 | |
521 | if (length <= MAXPATHLEN) { |
522 | /* ensure caller's buffer is fully initialized: */ |
523 | bzero(s: path_prefix, MAXPATHLEN); |
524 | /* copy the content of path_prefix_data->getBytesNoCopy() into path_prefix */ |
525 | memcpy(dst: path_prefix, src: path_prefix_data->getBytesNoCopy(), n: length); |
526 | /* guarantee nul-termination: */ |
527 | path_prefix[MAXPATHLEN - 1] = '\0'; |
528 | result = true; |
529 | } else { |
530 | path_prefix = NULL; |
531 | } |
532 | } |
533 | OSSafeReleaseNULL(entry); |
534 | } |
535 | return result; |
536 | } |
537 | |
538 | |
539 | bool |
540 | IOGetBootManifestHash(char *hash_data, size_t *hash_data_size) |
541 | { |
542 | IORegistryEntry *entry = NULL; |
543 | OSData *manifest_hash_data = NULL; |
544 | bool result = false; |
545 | |
546 | if ((entry = IORegistryEntry::fromPath(path: "/chosen" , plane: gIODTPlane))) { |
547 | manifest_hash_data = (OSData *)entry->getProperty(aKey: "boot-manifest-hash" ); |
548 | if (manifest_hash_data) { |
549 | unsigned int length = manifest_hash_data->getLength(); |
550 | /* hashed with SHA2-384 or SHA1, the boot manifest hash should be 48 Bytes or less */ |
551 | if ((length <= CCSHA384_OUTPUT_SIZE) && (*hash_data_size >= CCSHA384_OUTPUT_SIZE)) { |
552 | /* ensure caller's buffer is fully initialized: */ |
553 | bzero(s: hash_data, CCSHA384_OUTPUT_SIZE); |
554 | /* copy the content of manifest_hash_data->getBytesNoCopy() into hash_data */ |
555 | memcpy(dst: hash_data, src: manifest_hash_data->getBytesNoCopy(), n: length); |
556 | *hash_data_size = length; |
557 | result = true; |
558 | } else { |
559 | hash_data = NULL; |
560 | *hash_data_size = 0; |
561 | } |
562 | } |
563 | OSSafeReleaseNULL(entry); |
564 | } |
565 | |
566 | return result; |
567 | } |
568 | |
569 | /* |
570 | * Set NVRAM to boot into the right flavor of Recovery, |
571 | * optionally passing a UUID of a volume that failed to boot. |
572 | * If `reboot` is true, reboot immediately. |
573 | * |
574 | * Returns true if `mode` was understood, false otherwise. |
575 | * (Does not return if `reboot` is true.) |
576 | */ |
577 | boolean_t |
578 | IOSetRecoveryBoot(bsd_bootfail_mode_t mode, uuid_t volume_uuid, boolean_t reboot) |
579 | { |
580 | IODTNVRAM *nvram = NULL; |
581 | const OSSymbol *boot_command_sym = NULL; |
582 | OSString *boot_command_recover = NULL; |
583 | |
584 | if (mode == BSD_BOOTFAIL_SEAL_BROKEN) { |
585 | const char *boot_mode = "ssv-seal-broken" ; |
586 | uuid_string_t volume_uuid_str; |
587 | |
588 | // Set `recovery-broken-seal-uuid = <volume_uuid>`. |
589 | if (volume_uuid) { |
590 | uuid_unparse_upper(uu: volume_uuid, out: volume_uuid_str); |
591 | |
592 | if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-broken-seal-uuid" , |
593 | value: volume_uuid_str, len: sizeof(uuid_string_t))) { |
594 | IOLog(format: "Failed to write recovery-broken-seal-uuid to NVRAM.\n" ); |
595 | } |
596 | } |
597 | |
598 | // Set `recovery-boot-mode = ssv-seal-broken`. |
599 | if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-boot-mode" , value: boot_mode, |
600 | len: (const unsigned int) strlen(s: boot_mode))) { |
601 | IOLog(format: "Failed to write recovery-boot-mode to NVRAM.\n" ); |
602 | } |
603 | } else if (mode == BSD_BOOTFAIL_MEDIA_MISSING) { |
604 | const char *boot_picker_reason = "missing-boot-media" ; |
605 | |
606 | // Set `boot-picker-bringup-reason = missing-boot-media`. |
607 | if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "boot-picker-bringup-reason" , |
608 | value: boot_picker_reason, len: (const unsigned int) strlen(s: boot_picker_reason))) { |
609 | IOLog(format: "Failed to write boot-picker-bringup-reason to NVRAM.\n" ); |
610 | } |
611 | |
612 | // Set `boot-command = recover-system`. |
613 | |
614 | // Construct an OSSymbol and an OSString to be the (key, value) pair |
615 | // we write to NVRAM. Unfortunately, since our value must be an OSString |
616 | // instead of an OSData, we cannot use PEWriteNVRAMProperty() here. |
617 | boot_command_sym = OSSymbol::withCStringNoCopy(SYSTEM_NVRAM_PREFIX "boot-command" ); |
618 | boot_command_recover = OSString::withCStringNoCopy(cString: "recover-system" ); |
619 | if (boot_command_sym == NULL || boot_command_recover == NULL) { |
620 | IOLog(format: "Failed to create boot-command strings.\n" ); |
621 | goto do_reboot; |
622 | } |
623 | |
624 | // Wait for NVRAM to be readable... |
625 | nvram = OSDynamicCast(IODTNVRAM, IOService::waitForService( |
626 | IOService::serviceMatching("IODTNVRAM" ))); |
627 | if (nvram == NULL) { |
628 | IOLog(format: "Failed to acquire IODTNVRAM object.\n" ); |
629 | goto do_reboot; |
630 | } |
631 | |
632 | // Wait for NVRAM to be writable... |
633 | if (!IOServiceWaitForMatchingResource(property: "IONVRAM" , UINT64_MAX)) { |
634 | IOLog(format: "Failed to wait for IONVRAM service.\n" ); |
635 | // attempt the work anyway... |
636 | } |
637 | |
638 | // Write the new boot-command to NVRAM, and sync if successful. |
639 | if (!nvram->setProperty(aKey: boot_command_sym, anObject: boot_command_recover)) { |
640 | IOLog(format: "Failed to save new boot-command to NVRAM.\n" ); |
641 | } else { |
642 | nvram->sync(); |
643 | } |
644 | } else { |
645 | IOLog(format: "Unknown mode: %d\n" , mode); |
646 | return false; |
647 | } |
648 | |
649 | // Clean up and reboot! |
650 | do_reboot: |
651 | if (boot_command_recover != NULL) { |
652 | boot_command_recover->release(); |
653 | } |
654 | |
655 | if (boot_command_sym != NULL) { |
656 | boot_command_sym->release(); |
657 | } |
658 | |
659 | if (reboot) { |
660 | IOLog(format: "\nAbout to reboot into Recovery!\n" ); |
661 | (void)PEHaltRestart(type: kPEPanicRestartCPUNoCallouts); |
662 | } |
663 | |
664 | return true; |
665 | } |
666 | |
667 | kern_return_t |
668 | IOFindBSDRoot( char * rootName, unsigned int rootNameSize, |
669 | dev_t * root, u_int32_t * oflags ) |
670 | { |
671 | mach_timespec_t t; |
672 | IOService * service; |
673 | IORegistryEntry * regEntry; |
674 | OSDictionary * matching = NULL; |
675 | OSString * iostr; |
676 | OSNumber * off; |
677 | OSData * data = NULL; |
678 | |
679 | UInt32 flags = 0; |
680 | int mnr, mjr; |
681 | const char * mediaProperty = NULL; |
682 | char * rdBootVar; |
683 | OSDataAllocation<char> str; |
684 | const char * look = NULL; |
685 | int len; |
686 | bool debugInfoPrintedOnce = false; |
687 | bool needNetworkKexts = false; |
688 | const char * uuidStr = NULL; |
689 | |
690 | static int mountAttempts = 0; |
691 | |
692 | int xchar, dchar; |
693 | |
694 | // stall here for anyone matching on the IOBSD resource to finish (filesystems) |
695 | matching = IOService::serviceMatching(className: gIOResourcesKey); |
696 | assert(matching); |
697 | matching->setObject(aKey: gIOResourceMatchedKey, anObject: gIOBSDKey); |
698 | |
699 | if ((service = IOService::waitForMatchingService(matching, timeout: 30ULL * kSecondScale))) { |
700 | OSSafeReleaseNULL(service); |
701 | } else { |
702 | IOLog(format: "!BSD\n" ); |
703 | } |
704 | matching->release(); |
705 | matching = NULL; |
706 | |
707 | if (mountAttempts++) { |
708 | IOLog(format: "mount(%d) failed\n" , mountAttempts); |
709 | IOSleep( milliseconds: 5 * 1000 ); |
710 | } |
711 | |
712 | str = OSDataAllocation<char>( kMaxPathBuf + kMaxBootVar, OSAllocateMemory ); |
713 | if (!str) { |
714 | return kIOReturnNoMemory; |
715 | } |
716 | rdBootVar = str.data() + kMaxPathBuf; |
717 | |
718 | if (!PE_parse_boot_argn(arg_string: "rd" , arg_ptr: rdBootVar, max_arg: kMaxBootVar ) |
719 | && !PE_parse_boot_argn(arg_string: "rootdev" , arg_ptr: rdBootVar, max_arg: kMaxBootVar )) { |
720 | rdBootVar[0] = 0; |
721 | } |
722 | |
723 | if ((regEntry = IORegistryEntry::fromPath( path: "/chosen" , plane: gIODTPlane ))) { |
724 | do { |
725 | di_root_ramfile(entry: regEntry); |
726 | OSObject* unserializedContainer = NULL; |
727 | data = OSDynamicCast(OSData, regEntry->getProperty( "root-matching" )); |
728 | if (data) { |
729 | unserializedContainer = OSUnserializeXML(buffer: (char *)data->getBytesNoCopy()); |
730 | matching = OSDynamicCast(OSDictionary, unserializedContainer); |
731 | if (matching) { |
732 | continue; |
733 | } |
734 | } |
735 | OSSafeReleaseNULL(unserializedContainer); |
736 | |
737 | data = (OSData *) regEntry->getProperty( aKey: "boot-uuid" ); |
738 | if (data) { |
739 | uuidStr = (const char*)data->getBytesNoCopy(); |
740 | OSString *uuidString = OSString::withCString( cString: uuidStr ); |
741 | |
742 | // match the boot-args boot-uuid processing below |
743 | if (uuidString) { |
744 | IOLog(format: "rooting via boot-uuid from /chosen: %s\n" , uuidStr); |
745 | IOService::publishResource( key: "boot-uuid" , value: uuidString ); |
746 | uuidString->release(); |
747 | matching = IOUUIDMatching(); |
748 | mediaProperty = "boot-uuid-media" ; |
749 | continue; |
750 | } else { |
751 | uuidStr = NULL; |
752 | } |
753 | } |
754 | } while (false); |
755 | OSSafeReleaseNULL(regEntry); |
756 | } |
757 | |
758 | // |
759 | // See if we have a RAMDisk property in /chosen/memory-map. If so, make it into a device. |
760 | // It will become /dev/mdx, where x is 0-f. |
761 | // |
762 | |
763 | if (!didRam) { /* Have we already build this ram disk? */ |
764 | didRam = 1; /* Remember we did this */ |
765 | if ((regEntry = IORegistryEntry::fromPath( path: "/chosen/memory-map" , plane: gIODTPlane ))) { /* Find the map node */ |
766 | data = (OSData *)regEntry->getProperty(aKey: "RAMDisk" ); /* Find the ram disk, if there */ |
767 | if (data) { /* We found one */ |
768 | uintptr_t *ramdParms; |
769 | ramdParms = (uintptr_t *)data->getBytesNoCopy(); /* Point to the ram disk base and size */ |
770 | #if __LP64__ |
771 | #define MAX_PHYS_RAM (((uint64_t)UINT_MAX) << 12) |
772 | if (ramdParms[1] > MAX_PHYS_RAM) { |
773 | panic("ramdisk params" ); |
774 | } |
775 | #endif /* __LP64__ */ |
776 | (void)mdevadd(devid: -1, base: ml_static_ptovirt(ramdParms[0]) >> 12, size: (unsigned int) (ramdParms[1] >> 12), phys: 0); /* Initialize it and pass back the device number */ |
777 | } |
778 | regEntry->release(); /* Toss the entry */ |
779 | } |
780 | } |
781 | |
782 | // |
783 | // Now check if we are trying to root on a memory device |
784 | // |
785 | |
786 | if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) { |
787 | dchar = xchar = rdBootVar[2]; /* Get the actual device */ |
788 | if ((xchar >= '0') && (xchar <= '9')) { |
789 | xchar = xchar - '0'; /* If digit, convert */ |
790 | } else { |
791 | xchar = xchar & ~' '; /* Fold to upper case */ |
792 | if ((xchar >= 'A') && (xchar <= 'F')) { /* Is this a valid digit? */ |
793 | xchar = (xchar & 0xF) + 9; /* Convert the hex digit */ |
794 | dchar = dchar | ' '; /* Fold to lower case */ |
795 | } else { |
796 | xchar = -1; /* Show bogus */ |
797 | } |
798 | } |
799 | if (xchar >= 0) { /* Do we have a valid memory device name? */ |
800 | OSSafeReleaseNULL(matching); |
801 | *root = mdevlookup(devid: xchar); /* Find the device number */ |
802 | if (*root >= 0) { /* Did we find one? */ |
803 | rootName[0] = 'm'; /* Build root name */ |
804 | rootName[1] = 'd'; /* Build root name */ |
805 | rootName[2] = (char) dchar; /* Build root name */ |
806 | rootName[3] = 0; /* Build root name */ |
807 | IOLog(format: "BSD root: %s, major %d, minor %d\n" , rootName, major(x: *root), minor(x: *root)); |
808 | *oflags = 0; /* Show that this is not network */ |
809 | |
810 | #if CONFIG_KDP_INTERACTIVE_DEBUGGING |
811 | /* retrieve final ramdisk range and initialize KDP variables */ |
812 | if (mdevgetrange(devid: xchar, base: &kdp_core_ramdisk_addr, size: &kdp_core_ramdisk_size) != 0) { |
813 | IOLog(format: "Unable to retrieve range for root memory device %d\n" , xchar); |
814 | kdp_core_ramdisk_addr = 0; |
815 | kdp_core_ramdisk_size = 0; |
816 | } |
817 | #endif |
818 | |
819 | goto iofrootx; /* Join common exit... */ |
820 | } |
821 | panic("IOFindBSDRoot: specified root memory device, %s, has not been configured" , rdBootVar); /* Not there */ |
822 | } |
823 | } |
824 | |
825 | if ((!matching) && rdBootVar[0]) { |
826 | // by BSD name |
827 | look = rdBootVar; |
828 | if (look[0] == '*') { |
829 | look++; |
830 | } |
831 | |
832 | if (strncmp( s1: look, s2: "en" , n: strlen( s: "en" )) == 0) { |
833 | matching = IONetworkNamePrefixMatching( prefix: "en" ); |
834 | needNetworkKexts = true; |
835 | } else if (strncmp( s1: look, s2: "uuid" , n: strlen( s: "uuid" )) == 0) { |
836 | OSDataAllocation<char> uuid( kMaxBootVar, OSAllocateMemory ); |
837 | |
838 | if (uuid) { |
839 | OSString *uuidString; |
840 | |
841 | if (!PE_parse_boot_argn( arg_string: "boot-uuid" , arg_ptr: uuid.data(), max_arg: kMaxBootVar )) { |
842 | panic( "rd=uuid but no boot-uuid=<value> specified" ); |
843 | } |
844 | uuidString = OSString::withCString(cString: uuid.data()); |
845 | if (uuidString) { |
846 | IOService::publishResource( key: "boot-uuid" , value: uuidString ); |
847 | uuidString->release(); |
848 | IOLog(format: "\nWaiting for boot volume with UUID %s\n" , uuid.data()); |
849 | matching = IOUUIDMatching(); |
850 | mediaProperty = "boot-uuid-media" ; |
851 | } |
852 | } |
853 | } else { |
854 | matching = IOBSDNameMatching( name: look ); |
855 | } |
856 | } |
857 | |
858 | if (!matching) { |
859 | OSString * astring; |
860 | // Match any HFS media |
861 | |
862 | matching = IOService::serviceMatching( className: "IOMedia" ); |
863 | assert(matching); |
864 | astring = OSString::withCStringNoCopy(cString: "Apple_HFS" ); |
865 | if (astring) { |
866 | matching->setObject(aKey: "Content" , anObject: astring); |
867 | astring->release(); |
868 | } |
869 | } |
870 | |
871 | if (gIOKitDebug & kIOWaitQuietBeforeRoot) { |
872 | IOLog( format: "Waiting for matching to complete\n" ); |
873 | IOService::getPlatform()->waitQuiet(); |
874 | } |
875 | |
876 | if (matching) { |
877 | OSSerialize * s = OSSerialize::withCapacity( capacity: 5 ); |
878 | |
879 | if (matching->serialize( serializer: s )) { |
880 | IOLog( format: "Waiting on %s\n" , s->text()); |
881 | } |
882 | s->release(); |
883 | } |
884 | |
885 | char namep[8]; |
886 | if (needNetworkKexts |
887 | || PE_parse_boot_argn(arg_string: "-s" , arg_ptr: namep, max_arg: sizeof(namep))) { |
888 | IOService::startDeferredMatches(); |
889 | } |
890 | |
891 | do { |
892 | t.tv_sec = ROOTDEVICETIMEOUT; |
893 | t.tv_nsec = 0; |
894 | matching->retain(); |
895 | service = IOService::waitForService( matching, timeout: &t ); |
896 | if ((!service) || (mountAttempts == 10)) { |
897 | #if !XNU_TARGET_OS_OSX || !defined(__arm64__) |
898 | PE_display_icon( 0, "noroot" ); |
899 | IOLog( "Still waiting for root device\n" ); |
900 | #endif |
901 | |
902 | if (!debugInfoPrintedOnce) { |
903 | debugInfoPrintedOnce = true; |
904 | if (gIOKitDebug & kIOLogDTree) { |
905 | IOLog(format: "\nDT plane:\n" ); |
906 | IOPrintPlane( plane: gIODTPlane ); |
907 | } |
908 | if (gIOKitDebug & kIOLogServiceTree) { |
909 | IOLog(format: "\nService plane:\n" ); |
910 | IOPrintPlane( plane: gIOServicePlane ); |
911 | } |
912 | if (gIOKitDebug & kIOLogMemory) { |
913 | IOPrintMemory(); |
914 | } |
915 | } |
916 | |
917 | #if XNU_TARGET_OS_OSX && defined(__arm64__) |
918 | // The disk isn't found - have the user pick from System Recovery. |
919 | (void)IOSetRecoveryBoot(mode: BSD_BOOTFAIL_MEDIA_MISSING, NULL, reboot: true); |
920 | #elif XNU_TARGET_OS_IOS |
921 | panic("Failed to mount root device" ); |
922 | #endif |
923 | } |
924 | } while (!service); |
925 | |
926 | OSSafeReleaseNULL(matching); |
927 | |
928 | if (service && mediaProperty) { |
929 | service = (IOService *)service->getProperty(aKey: mediaProperty); |
930 | } |
931 | |
932 | mjr = 0; |
933 | mnr = 0; |
934 | |
935 | // If the IOService we matched to is a subclass of IONetworkInterface, |
936 | // then make sure it has been registered with BSD and has a BSD name |
937 | // assigned. |
938 | |
939 | if (service |
940 | && service->metaCast( toMeta: "IONetworkInterface" ) |
941 | && !IORegisterNetworkInterface( netif: service )) { |
942 | service = NULL; |
943 | } |
944 | |
945 | if (service) { |
946 | len = kMaxPathBuf; |
947 | service->getPath( path: str.data(), length: &len, plane: gIOServicePlane ); |
948 | IOLog(format: "Got boot device = %s\n" , str.data()); |
949 | |
950 | iostr = (OSString *) service->getProperty( kIOBSDNameKey ); |
951 | if (iostr) { |
952 | strlcpy( dst: rootName, src: iostr->getCStringNoCopy(), n: rootNameSize ); |
953 | } |
954 | off = (OSNumber *) service->getProperty( kIOBSDMajorKey ); |
955 | if (off) { |
956 | mjr = off->unsigned32BitValue(); |
957 | } |
958 | off = (OSNumber *) service->getProperty( kIOBSDMinorKey ); |
959 | if (off) { |
960 | mnr = off->unsigned32BitValue(); |
961 | } |
962 | |
963 | if (service->metaCast( toMeta: "IONetworkInterface" )) { |
964 | flags |= 1; |
965 | } |
966 | } else { |
967 | IOLog( format: "Wait for root failed\n" ); |
968 | strlcpy( dst: rootName, src: "en0" , n: rootNameSize ); |
969 | flags |= 1; |
970 | } |
971 | |
972 | IOLog( format: "BSD root: %s" , rootName ); |
973 | if (mjr) { |
974 | IOLog(format: ", major %d, minor %d\n" , mjr, mnr ); |
975 | } else { |
976 | IOLog(format: "\n" ); |
977 | } |
978 | |
979 | *root = makedev( major: mjr, minor: mnr ); |
980 | *oflags = flags; |
981 | |
982 | iofrootx: |
983 | |
984 | IOService::setRootMedia(service); |
985 | |
986 | if ((gIOKitDebug & (kIOLogDTree | kIOLogServiceTree | kIOLogMemory)) && !debugInfoPrintedOnce) { |
987 | IOService::getPlatform()->waitQuiet(); |
988 | if (gIOKitDebug & kIOLogDTree) { |
989 | IOLog(format: "\nDT plane:\n" ); |
990 | IOPrintPlane( plane: gIODTPlane ); |
991 | } |
992 | if (gIOKitDebug & kIOLogServiceTree) { |
993 | IOLog(format: "\nService plane:\n" ); |
994 | IOPrintPlane( plane: gIOServicePlane ); |
995 | } |
996 | if (gIOKitDebug & kIOLogMemory) { |
997 | IOPrintMemory(); |
998 | } |
999 | } |
1000 | |
1001 | return kIOReturnSuccess; |
1002 | } |
1003 | |
1004 | void |
1005 | IOSetImageBoot(void) |
1006 | { |
1007 | // this will unhide all IOMedia, without waiting for kernelmanagement to start |
1008 | IOService::setRootMedia(NULL); |
1009 | } |
1010 | |
1011 | bool |
1012 | IORamDiskBSDRoot(void) |
1013 | { |
1014 | char rdBootVar[kMaxBootVar]; |
1015 | if (PE_parse_boot_argn(arg_string: "rd" , arg_ptr: rdBootVar, max_arg: kMaxBootVar ) |
1016 | || PE_parse_boot_argn(arg_string: "rootdev" , arg_ptr: rdBootVar, max_arg: kMaxBootVar )) { |
1017 | if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) { |
1018 | return true; |
1019 | } |
1020 | } |
1021 | return false; |
1022 | } |
1023 | |
1024 | void |
1025 | IOSecureBSDRoot(const char * rootName) |
1026 | { |
1027 | #if CONFIG_SECURE_BSD_ROOT |
1028 | IOReturn result; |
1029 | IOPlatformExpert *pe; |
1030 | OSDictionary *matching; |
1031 | const OSSymbol *functionName = OSSymbol::withCStringNoCopy(cString: "SecureRootName" ); |
1032 | |
1033 | matching = IOService::serviceMatching(className: "IOPlatformExpert" ); |
1034 | assert(matching); |
1035 | pe = (IOPlatformExpert *) IOService::waitForMatchingService(matching, timeout: 30ULL * kSecondScale); |
1036 | matching->release(); |
1037 | assert(pe); |
1038 | // Returns kIOReturnNotPrivileged is the root device is not secure. |
1039 | // Returns kIOReturnUnsupported if "SecureRootName" is not implemented. |
1040 | result = pe->callPlatformFunction(functionName, waitForFunction: false, param1: (void *)rootName, param2: (void *)NULL, param3: (void *)NULL, param4: (void *)NULL); |
1041 | functionName->release(); |
1042 | OSSafeReleaseNULL(pe); |
1043 | |
1044 | if (result == kIOReturnNotPrivileged) { |
1045 | mdevremoveall(); |
1046 | } |
1047 | |
1048 | #endif // CONFIG_SECURE_BSD_ROOT |
1049 | } |
1050 | |
1051 | void * |
1052 | IOBSDRegistryEntryForDeviceTree(char * path) |
1053 | { |
1054 | return IORegistryEntry::fromPath(path, plane: gIODTPlane); |
1055 | } |
1056 | |
1057 | void |
1058 | IOBSDRegistryEntryRelease(void * entry) |
1059 | { |
1060 | IORegistryEntry * regEntry = (IORegistryEntry *)entry; |
1061 | |
1062 | if (regEntry) { |
1063 | regEntry->release(); |
1064 | } |
1065 | return; |
1066 | } |
1067 | |
1068 | const void * |
1069 | IOBSDRegistryEntryGetData(void * entry, char * property_name, |
1070 | int * packet_length) |
1071 | { |
1072 | OSData * data; |
1073 | IORegistryEntry * regEntry = (IORegistryEntry *)entry; |
1074 | |
1075 | data = (OSData *) regEntry->getProperty(aKey: property_name); |
1076 | if (data) { |
1077 | *packet_length = data->getLength(); |
1078 | return data->getBytesNoCopy(); |
1079 | } |
1080 | return NULL; |
1081 | } |
1082 | |
1083 | kern_return_t |
1084 | IOBSDGetPlatformUUID( uuid_t uuid, mach_timespec_t timeout ) |
1085 | { |
1086 | IOService * resources; |
1087 | OSString * string; |
1088 | |
1089 | resources = IOService::waitForService( matching: IOService::resourceMatching( kIOPlatformUUIDKey ), timeout: (timeout.tv_sec || timeout.tv_nsec) ? &timeout : NULL ); |
1090 | if (resources == NULL) { |
1091 | return KERN_OPERATION_TIMED_OUT; |
1092 | } |
1093 | |
1094 | string = (OSString *) IOService::getPlatform()->getProvider()->getProperty( kIOPlatformUUIDKey ); |
1095 | if (string == NULL) { |
1096 | return KERN_NOT_SUPPORTED; |
1097 | } |
1098 | |
1099 | uuid_parse( in: string->getCStringNoCopy(), uu: uuid ); |
1100 | |
1101 | return KERN_SUCCESS; |
1102 | } |
1103 | } /* extern "C" */ |
1104 | |
1105 | /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ |
1106 | |
1107 | #include <sys/conf.h> |
1108 | #include <sys/lock.h> |
1109 | #include <sys/vnode.h> |
1110 | #include <sys/vnode_if.h> |
1111 | #include <sys/vnode_internal.h> |
1112 | #include <sys/fcntl.h> |
1113 | #include <sys/fsctl.h> |
1114 | #include <sys/mount.h> |
1115 | #include <IOKit/IOPolledInterface.h> |
1116 | #include <IOKit/IOBufferMemoryDescriptor.h> |
1117 | |
1118 | // see HFSIOC_VOLUME_STATUS in APFS/HFS |
1119 | #define HFS_IOCTL_VOLUME_STATUS _IOR('h', 24, u_int32_t) |
1120 | |
1121 | LCK_GRP_DECLARE(gIOPolledCoreFileGrp, "polled_corefile" ); |
1122 | LCK_MTX_DECLARE(gIOPolledCoreFileMtx, &gIOPolledCoreFileGrp); |
1123 | |
1124 | IOPolledFileIOVars * gIOPolledCoreFileVars; |
1125 | kern_return_t gIOPolledCoreFileOpenRet = kIOReturnNotReady; |
1126 | IOPolledCoreFileMode_t gIOPolledCoreFileMode = kIOPolledCoreFileModeNotInitialized; |
1127 | |
1128 | #if IOPOLLED_COREFILE |
1129 | |
1130 | #define ONE_MB 1024ULL * 1024ULL |
1131 | |
1132 | #if defined(XNU_TARGET_OS_BRIDGE) |
1133 | // On bridgeOS allocate a 150MB corefile and leave 150MB free |
1134 | #define kIOCoreDumpSize 150ULL * ONE_MB |
1135 | #define kIOCoreDumpFreeSize 150ULL * ONE_MB |
1136 | |
1137 | #elif defined(XNU_TARGET_OS_OSX) |
1138 | |
1139 | // on macOS devices allocate a corefile sized at 1GB / 32GB of DRAM, |
1140 | // fallback to a 1GB corefile and leave at least 1GB free |
1141 | #define kIOCoreDumpMinSize 1024ULL * ONE_MB |
1142 | #define kIOCoreDumpIncrementalSize 1024ULL * ONE_MB |
1143 | |
1144 | #define kIOCoreDumpFreeSize 1024ULL * ONE_MB |
1145 | |
1146 | // on older macOS devices we allocate a 1MB file at boot |
1147 | // to store a panic time stackshot |
1148 | #define kIOStackshotFileSize ONE_MB |
1149 | |
1150 | #else /* defined(XNU_TARGET_OS_BRIDGE) */ |
1151 | |
1152 | // On embedded devices with >3GB DRAM we allocate a 500MB corefile |
1153 | // otherwise allocate a 350MB corefile. Leave 350 MB free |
1154 | #define kIOCoreDumpMinSize 350ULL * ONE_MB |
1155 | #define kIOCoreDumpLargeSize 500ULL * ONE_MB |
1156 | |
1157 | #define kIOCoreDumpFreeSize 350ULL * ONE_MB |
1158 | |
1159 | #endif /* defined(XNU_TARGET_OS_BRIDGE) */ |
1160 | |
1161 | static IOPolledCoreFileMode_t |
1162 | GetCoreFileMode() |
1163 | { |
1164 | if (on_device_corefile_enabled()) { |
1165 | return kIOPolledCoreFileModeCoredump; |
1166 | } else if (panic_stackshot_to_disk_enabled()) { |
1167 | return kIOPolledCoreFileModeStackshot; |
1168 | } else { |
1169 | return kIOPolledCoreFileModeDisabled; |
1170 | } |
1171 | } |
1172 | |
1173 | static void |
1174 | IOCoreFileGetSize(uint64_t *ideal_size, uint64_t *fallback_size, uint64_t *free_space_to_leave, IOPolledCoreFileMode_t mode) |
1175 | { |
1176 | unsigned int requested_corefile_size = 0; |
1177 | |
1178 | *ideal_size = *fallback_size = *free_space_to_leave = 0; |
1179 | |
1180 | // If a custom size was requested, override the ideal and requested sizes |
1181 | if (PE_parse_boot_argn(arg_string: "corefile_size_mb" , arg_ptr: &requested_corefile_size, |
1182 | max_arg: sizeof(requested_corefile_size))) { |
1183 | IOLog(format: "Boot-args specify %d MB kernel corefile\n" , requested_corefile_size); |
1184 | |
1185 | *ideal_size = *fallback_size = (requested_corefile_size * ONE_MB); |
1186 | return; |
1187 | } |
1188 | |
1189 | unsigned int status_flags = 0; |
1190 | int error = VNOP_IOCTL(vp: rootvnode, HFS_IOCTL_VOLUME_STATUS, data: (caddr_t)&status_flags, fflag: 0, |
1191 | ctx: vfs_context_kernel()); |
1192 | if (!error) { |
1193 | if (status_flags & (VQ_VERYLOWDISK | VQ_LOWDISK | VQ_NEARLOWDISK)) { |
1194 | IOLog(format: "Volume is low on space. Not allocating kernel corefile.\n" ); |
1195 | return; |
1196 | } |
1197 | } else { |
1198 | IOLog(format: "Couldn't retrieve volume status. Error %d\n" , error); |
1199 | } |
1200 | |
1201 | #if defined(XNU_TARGET_OS_BRIDGE) |
1202 | #pragma unused(mode) |
1203 | *ideal_size = *fallback_size = kIOCoreDumpSize; |
1204 | *free_space_to_leave = kIOCoreDumpFreeSize; |
1205 | #elif !defined(XNU_TARGET_OS_OSX) /* defined(XNU_TARGET_OS_BRIDGE) */ |
1206 | #pragma unused(mode) |
1207 | *ideal_size = *fallback_size = kIOCoreDumpMinSize; |
1208 | |
1209 | if (max_mem > (3 * 1024ULL * ONE_MB)) { |
1210 | *ideal_size = kIOCoreDumpLargeSize; |
1211 | } |
1212 | |
1213 | *free_space_to_leave = kIOCoreDumpFreeSize; |
1214 | #else /* defined(XNU_TARGET_OS_BRIDGE) */ |
1215 | if (mode == kIOPolledCoreFileModeCoredump) { |
1216 | *ideal_size = *fallback_size = kIOCoreDumpMinSize; |
1217 | if (kIOCoreDumpIncrementalSize != 0 && max_mem > (32 * 1024ULL * ONE_MB)) { |
1218 | *ideal_size = ((ROUNDUP(max_mem, (32 * 1024ULL * ONE_MB)) / (32 * 1024ULL * ONE_MB)) * kIOCoreDumpIncrementalSize); |
1219 | } |
1220 | *free_space_to_leave = kIOCoreDumpFreeSize; |
1221 | } else if (mode == kIOPolledCoreFileModeStackshot) { |
1222 | *ideal_size = *fallback_size = *free_space_to_leave = kIOStackshotFileSize; |
1223 | } |
1224 | #endif /* defined(XNU_TARGET_OS_BRIDGE) */ |
1225 | |
1226 | #if EXCLAVES_COREDUMP |
1227 | *ideal_size += sk_core_size(); |
1228 | #endif /* EXCLAVES_COREDUMP */ |
1229 | |
1230 | return; |
1231 | } |
1232 | |
1233 | static IOReturn |
1234 | IOAccessCoreFileData(void *context, boolean_t write, uint64_t offset, int length, void *buffer) |
1235 | { |
1236 | errno_t vnode_error = 0; |
1237 | vfs_context_t vfs_context; |
1238 | vnode_t vnode_ptr = (vnode_t) context; |
1239 | |
1240 | vfs_context = vfs_context_kernel(); |
1241 | vnode_error = vn_rdwr(rw: write ? UIO_WRITE : UIO_READ, vp: vnode_ptr, base: (caddr_t)buffer, len: length, offset, |
1242 | segflg: UIO_SYSSPACE, IO_SWAP_DISPATCH | IO_SYNC | IO_NOCACHE | IO_UNIT, cred: vfs_context_ucred(ctx: vfs_context), NULL, p: vfs_context_proc(ctx: vfs_context)); |
1243 | |
1244 | if (vnode_error) { |
1245 | IOLog(format: "Failed to %s the corefile. Error %d\n" , write ? "write to" : "read from" , vnode_error); |
1246 | return kIOReturnError; |
1247 | } |
1248 | |
1249 | return kIOReturnSuccess; |
1250 | } |
1251 | |
1252 | static void |
1253 | IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename) |
1254 | { |
1255 | assert(corefilename != NULL); |
1256 | |
1257 | IOReturn err; |
1258 | char *filename = (char *) corefilename; |
1259 | uint64_t corefile_size_bytes = 0, corefile_fallback_size_bytes = 0, free_space_to_leave_bytes = 0; |
1260 | IOPolledCoreFileMode_t mode_to_init = GetCoreFileMode(); |
1261 | |
1262 | if (gIOPolledCoreFileVars) { |
1263 | return; |
1264 | } |
1265 | if (!IOPolledInterface::gMetaClass.getInstanceCount()) { |
1266 | return; |
1267 | } |
1268 | |
1269 | if (gIOPolledCoreFileMode == kIOPolledCoreFileModeUnlinked) { |
1270 | return; |
1271 | } |
1272 | |
1273 | if (mode_to_init == kIOPolledCoreFileModeDisabled) { |
1274 | gIOPolledCoreFileMode = kIOPolledCoreFileModeDisabled; |
1275 | return; |
1276 | } |
1277 | |
1278 | // We'll overwrite this once we open the file, we update this to mark that we have made |
1279 | // it past initialization |
1280 | gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed; |
1281 | |
1282 | IOCoreFileGetSize(ideal_size: &corefile_size_bytes, fallback_size: &corefile_fallback_size_bytes, free_space_to_leave: &free_space_to_leave_bytes, mode: mode_to_init); |
1283 | |
1284 | if (corefile_size_bytes == 0 && corefile_fallback_size_bytes == 0) { |
1285 | gIOPolledCoreFileMode = kIOPolledCoreFileModeUnlinked; |
1286 | return; |
1287 | } |
1288 | |
1289 | do { |
1290 | err = IOPolledFileOpen(filename, flags: kIOPolledFileCreate, setFileSize: corefile_size_bytes, fsFreeSize: free_space_to_leave_bytes, |
1291 | NULL, write_file_len: 0, fileVars: &gIOPolledCoreFileVars, NULL, NULL, NULL); |
1292 | if (kIOReturnSuccess == err) { |
1293 | break; |
1294 | } else if (kIOReturnNoSpace == err) { |
1295 | IOLog(format: "Failed to open corefile of size %llu MB (low disk space)" , |
1296 | (corefile_size_bytes / (1024ULL * 1024ULL))); |
1297 | if (corefile_size_bytes == corefile_fallback_size_bytes) { |
1298 | gIOPolledCoreFileOpenRet = err; |
1299 | return; |
1300 | } |
1301 | } else { |
1302 | IOLog(format: "Failed to open corefile of size %llu MB (returned error 0x%x)\n" , |
1303 | (corefile_size_bytes / (1024ULL * 1024ULL)), err); |
1304 | gIOPolledCoreFileOpenRet = err; |
1305 | return; |
1306 | } |
1307 | |
1308 | err = IOPolledFileOpen(filename, flags: kIOPolledFileCreate, setFileSize: corefile_fallback_size_bytes, fsFreeSize: free_space_to_leave_bytes, |
1309 | NULL, write_file_len: 0, fileVars: &gIOPolledCoreFileVars, NULL, NULL, NULL); |
1310 | if (kIOReturnSuccess != err) { |
1311 | IOLog(format: "Failed to open corefile of size %llu MB (returned error 0x%x)\n" , |
1312 | (corefile_fallback_size_bytes / (1024ULL * 1024ULL)), err); |
1313 | gIOPolledCoreFileOpenRet = err; |
1314 | return; |
1315 | } |
1316 | } while (false); |
1317 | |
1318 | gIOPolledCoreFileOpenRet = IOPolledFilePollersSetup(vars: gIOPolledCoreFileVars, openState: kIOPolledPreflightCoreDumpState); |
1319 | if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) { |
1320 | IOPolledFileClose(pVars: &gIOPolledCoreFileVars, write_offset: 0, NULL, write_length: 0, discard_offset: 0, discard_end: 0, unlink: false); |
1321 | IOLog(format: "IOPolledFilePollersSetup for corefile failed with error: 0x%x\n" , err); |
1322 | } else { |
1323 | IOLog(format: "Opened corefile of size %llu MB\n" , (corefile_size_bytes / (1024ULL * 1024ULL))); |
1324 | gIOPolledCoreFileMode = mode_to_init; |
1325 | } |
1326 | |
1327 | // Provide the "polled file available" callback with a temporary way to read from the file |
1328 | (void) IOProvideCoreFileAccess(recipient: kdp_core_polled_io_polled_file_available, NULL); |
1329 | |
1330 | return; |
1331 | } |
1332 | |
1333 | kern_return_t |
1334 | IOProvideCoreFileAccess(IOCoreFileAccessRecipient recipient, void *recipient_context) |
1335 | { |
1336 | kern_return_t error = kIOReturnSuccess; |
1337 | errno_t vnode_error = 0; |
1338 | vfs_context_t vfs_context; |
1339 | vnode_t vnode_ptr; |
1340 | |
1341 | if (!recipient) { |
1342 | return kIOReturnBadArgument; |
1343 | } |
1344 | |
1345 | if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) { |
1346 | return kIOReturnNotReady; |
1347 | } |
1348 | |
1349 | // Open the kernel corefile |
1350 | vfs_context = vfs_context_kernel(); |
1351 | vnode_error = vnode_open(kIOCoreDumpPath, fmode: (FREAD | FWRITE | O_NOFOLLOW), cmode: 0600, flags: 0, vpp: &vnode_ptr, ctx: vfs_context); |
1352 | if (vnode_error) { |
1353 | IOLog(format: "Failed to open the corefile. Error %d\n" , vnode_error); |
1354 | return kIOReturnError; |
1355 | } |
1356 | |
1357 | // Call the recipient function |
1358 | error = recipient(IOAccessCoreFileData, (void *)vnode_ptr, recipient_context); |
1359 | |
1360 | // Close the kernel corefile |
1361 | vnode_close(vp: vnode_ptr, FREAD | FWRITE, ctx: vfs_context); |
1362 | |
1363 | return error; |
1364 | } |
1365 | |
1366 | static void |
1367 | IOClosePolledCoreFile(void) |
1368 | { |
1369 | // Notify kdp core that the corefile is no longer available |
1370 | (void) kdp_core_polled_io_polled_file_unavailable(); |
1371 | |
1372 | gIOPolledCoreFileOpenRet = kIOReturnNotOpen; |
1373 | gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed; |
1374 | IOPolledFilePollersClose(vars: gIOPolledCoreFileVars, state: kIOPolledPostflightCoreDumpState); |
1375 | IOPolledFileClose(pVars: &gIOPolledCoreFileVars, write_offset: 0, NULL, write_length: 0, discard_offset: 0, discard_end: 0, unlink: false); |
1376 | } |
1377 | |
1378 | static void |
1379 | IOUnlinkPolledCoreFile(void) |
1380 | { |
1381 | // Notify kdp core that the corefile is no longer available |
1382 | (void) kdp_core_polled_io_polled_file_unavailable(); |
1383 | |
1384 | gIOPolledCoreFileOpenRet = kIOReturnNotOpen; |
1385 | gIOPolledCoreFileMode = kIOPolledCoreFileModeUnlinked; |
1386 | IOPolledFilePollersClose(vars: gIOPolledCoreFileVars, state: kIOPolledPostflightCoreDumpState); |
1387 | IOPolledFileClose(pVars: &gIOPolledCoreFileVars, write_offset: 0, NULL, write_length: 0, discard_offset: 0, discard_end: 0, unlink: true); |
1388 | } |
1389 | |
1390 | #endif /* IOPOLLED_COREFILE */ |
1391 | |
1392 | extern "C" void |
1393 | IOBSDMountChange(struct mount * mp, uint32_t op) |
1394 | { |
1395 | #if IOPOLLED_COREFILE |
1396 | uint64_t flags; |
1397 | char path[128]; |
1398 | int pathLen; |
1399 | vnode_t vn; |
1400 | int result; |
1401 | |
1402 | lck_mtx_lock(lck: &gIOPolledCoreFileMtx); |
1403 | |
1404 | switch (op) { |
1405 | case kIOMountChangeMount: |
1406 | case kIOMountChangeDidResize: |
1407 | |
1408 | if (gIOPolledCoreFileVars) { |
1409 | break; |
1410 | } |
1411 | flags = vfs_flags(mp); |
1412 | if (MNT_RDONLY & flags) { |
1413 | break; |
1414 | } |
1415 | if (!(MNT_LOCAL & flags)) { |
1416 | break; |
1417 | } |
1418 | |
1419 | vn = vfs_vnodecovered(mp); |
1420 | if (!vn) { |
1421 | break; |
1422 | } |
1423 | pathLen = sizeof(path); |
1424 | result = vn_getpath(vp: vn, pathbuf: &path[0], len: &pathLen); |
1425 | vnode_put(vp: vn); |
1426 | if (0 != result) { |
1427 | break; |
1428 | } |
1429 | if (!pathLen) { |
1430 | break; |
1431 | } |
1432 | #if defined(XNU_TARGET_OS_BRIDGE) |
1433 | // on bridgeOS systems we put the core in /private/var/internal. We don't |
1434 | // want to match with /private/var because /private/var/internal is often mounted |
1435 | // over /private/var |
1436 | if ((pathLen - 1) < (int) strlen("/private/var/internal" )) { |
1437 | break; |
1438 | } |
1439 | #endif |
1440 | if (0 != strncmp(s1: path, kIOCoreDumpPath, n: pathLen - 1)) { |
1441 | break; |
1442 | } |
1443 | |
1444 | thread_call_enter1(call: corefile_open_call, param1: (void *) kIOCoreDumpPath); |
1445 | break; |
1446 | |
1447 | case kIOMountChangeUnmount: |
1448 | case kIOMountChangeWillResize: |
1449 | if (gIOPolledCoreFileVars && (mp == kern_file_mount(ref: gIOPolledCoreFileVars->fileRef))) { |
1450 | thread_call_cancel_wait(call: corefile_open_call); |
1451 | IOClosePolledCoreFile(); |
1452 | } |
1453 | break; |
1454 | } |
1455 | |
1456 | lck_mtx_unlock(lck: &gIOPolledCoreFileMtx); |
1457 | #endif /* IOPOLLED_COREFILE */ |
1458 | } |
1459 | |
1460 | extern "C" void |
1461 | IOBSDLowSpaceUnlinkKernelCore(void) |
1462 | { |
1463 | #if IOPOLLED_COREFILE |
1464 | lck_mtx_lock(lck: &gIOPolledCoreFileMtx); |
1465 | if (gIOPolledCoreFileVars) { |
1466 | thread_call_cancel_wait(call: corefile_open_call); |
1467 | IOUnlinkPolledCoreFile(); |
1468 | } |
1469 | lck_mtx_unlock(lck: &gIOPolledCoreFileMtx); |
1470 | #endif |
1471 | } |
1472 | |
1473 | /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ |
1474 | |
1475 | static char* |
1476 | copyOSStringAsCString(OSString *string) |
1477 | { |
1478 | size_t string_length = 0; |
1479 | char *c_string = NULL; |
1480 | |
1481 | if (string == NULL) { |
1482 | return NULL; |
1483 | } |
1484 | string_length = string->getLength() + 1; |
1485 | |
1486 | /* Allocate kernel data memory for the string */ |
1487 | c_string = (char*)kalloc_data(string_length, (zalloc_flags_t)(Z_ZERO | Z_WAITOK | Z_NOFAIL)); |
1488 | assert(c_string != NULL); |
1489 | |
1490 | /* Copy in the string */ |
1491 | strlcpy(dst: c_string, src: string->getCStringNoCopy(), n: string_length); |
1492 | |
1493 | return c_string; |
1494 | } |
1495 | |
1496 | extern "C" OS_ALWAYS_INLINE boolean_t |
1497 | IOCurrentTaskHasStringEntitlement(const char *entitlement, const char *value) |
1498 | { |
1499 | return IOTaskHasStringEntitlement(NULL, entitlement, value); |
1500 | } |
1501 | |
1502 | extern "C" boolean_t |
1503 | IOTaskHasStringEntitlement(task_t task, const char *entitlement, const char *value) |
1504 | { |
1505 | if (task == NULL) { |
1506 | task = current_task(); |
1507 | } |
1508 | |
1509 | /* Validate input arguments */ |
1510 | if (task == kernel_task || entitlement == NULL || value == NULL) { |
1511 | return false; |
1512 | } |
1513 | proc_t proc = (proc_t)get_bsdtask_info(task); |
1514 | |
1515 | kern_return_t ret = amfi->OSEntitlements.queryEntitlementStringWithProc( |
1516 | proc, |
1517 | entitlement, |
1518 | value); |
1519 | |
1520 | if (ret == KERN_SUCCESS) { |
1521 | return true; |
1522 | } |
1523 | |
1524 | return false; |
1525 | } |
1526 | |
1527 | extern "C" OS_ALWAYS_INLINE boolean_t |
1528 | IOCurrentTaskHasEntitlement(const char *entitlement) |
1529 | { |
1530 | return IOTaskHasEntitlement(NULL, entitlement); |
1531 | } |
1532 | |
1533 | extern "C" boolean_t |
1534 | IOTaskHasEntitlement(task_t task, const char *entitlement) |
1535 | { |
1536 | if (task == NULL) { |
1537 | task = current_task(); |
1538 | } |
1539 | |
1540 | /* Validate input arguments */ |
1541 | if (task == kernel_task || entitlement == NULL) { |
1542 | return false; |
1543 | } |
1544 | proc_t proc = (proc_t)get_bsdtask_info(task); |
1545 | |
1546 | kern_return_t ret = amfi->OSEntitlements.queryEntitlementBooleanWithProc( |
1547 | proc, |
1548 | entitlement); |
1549 | |
1550 | if (ret == KERN_SUCCESS) { |
1551 | return true; |
1552 | } |
1553 | |
1554 | return false; |
1555 | } |
1556 | |
1557 | extern "C" OS_ALWAYS_INLINE char* |
1558 | IOCurrentTaskGetEntitlement(const char *entitlement) |
1559 | { |
1560 | return IOTaskGetEntitlement(NULL, entitlement); |
1561 | } |
1562 | |
1563 | extern "C" char* |
1564 | IOTaskGetEntitlement(task_t task, const char *entitlement) |
1565 | { |
1566 | void *entitlement_object = NULL; |
1567 | char *return_value = NULL; |
1568 | |
1569 | if (task == NULL) { |
1570 | task = current_task(); |
1571 | } |
1572 | |
1573 | /* Validate input arguments */ |
1574 | if (task == kernel_task || entitlement == NULL) { |
1575 | return NULL; |
1576 | } |
1577 | proc_t proc = (proc_t)get_bsdtask_info(task); |
1578 | |
1579 | kern_return_t ret = amfi->OSEntitlements.copyEntitlementAsOSObjectWithProc( |
1580 | proc, |
1581 | entitlement, |
1582 | &entitlement_object); |
1583 | |
1584 | if (ret != KERN_SUCCESS) { |
1585 | return NULL; |
1586 | } |
1587 | assert(entitlement_object != NULL); |
1588 | |
1589 | OSObject *os_object = (OSObject*)entitlement_object; |
1590 | OSString *os_string = OSDynamicCast(OSString, os_object); |
1591 | |
1592 | /* Get a C string version of the OSString */ |
1593 | return_value = copyOSStringAsCString(string: os_string); |
1594 | |
1595 | /* Free the OSObject which was given to us */ |
1596 | OSSafeReleaseNULL(os_object); |
1597 | |
1598 | return return_value; |
1599 | } |
1600 | |
1601 | extern "C" boolean_t |
1602 | IOVnodeHasEntitlement(vnode_t vnode, int64_t off, const char *entitlement) |
1603 | { |
1604 | OSObject * obj; |
1605 | off_t offset = (off_t)off; |
1606 | |
1607 | obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement); |
1608 | if (!obj) { |
1609 | return false; |
1610 | } |
1611 | obj->release(); |
1612 | return obj != kOSBooleanFalse; |
1613 | } |
1614 | |
1615 | extern "C" char * |
1616 | IOVnodeGetEntitlement(vnode_t vnode, int64_t off, const char *entitlement) |
1617 | { |
1618 | OSObject *obj = NULL; |
1619 | OSString *str = NULL; |
1620 | size_t len; |
1621 | char *value = NULL; |
1622 | off_t offset = (off_t)off; |
1623 | |
1624 | obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement); |
1625 | if (obj != NULL) { |
1626 | str = OSDynamicCast(OSString, obj); |
1627 | if (str != NULL) { |
1628 | len = str->getLength() + 1; |
1629 | value = (char *)kalloc_data(len, Z_WAITOK); |
1630 | strlcpy(dst: value, src: str->getCStringNoCopy(), n: len); |
1631 | } |
1632 | obj->release(); |
1633 | } |
1634 | return value; |
1635 | } |
1636 | |