1 | /* |
2 | * Copyright (c) 2008-2016 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | extern "C" { |
30 | #include <libkern/OSKextLibPrivate.h> |
31 | #include <libkern/mkext.h> |
32 | }; |
33 | |
34 | #include <kern/telemetry.h> |
35 | #include <libkern/c++/OSContainers.h> |
36 | #include <libkern/c++/OSKext.h> |
37 | #include <libkern/OSKextLib.h> |
38 | #include <libkern/OSKextLibPrivate.h> |
39 | |
40 | extern "C" { |
41 | #if PRAGMA_MARK |
42 | #pragma mark C-based kext interface (loading/loaded kexts only) |
43 | #endif |
44 | /********************************************************************* |
45 | *********************************************************************/ |
46 | kern_return_t |
47 | OSKextLoadKextWithIdentifier(const char * bundle_id) |
48 | { |
49 | return OSKext::loadKextWithIdentifier(kextIdentifier: bundle_id); |
50 | } |
51 | |
52 | uint32_t OSKextGetLoadTagForIdentifier(const char * kextIdentifier); |
53 | /********************************************************************* |
54 | *********************************************************************/ |
55 | uint32_t |
56 | OSKextGetLoadTagForIdentifier(const char * kextIdentifier) |
57 | { |
58 | uint32_t result = kOSKextInvalidLoadTag; |
59 | OSKext * theKext = NULL; // must release |
60 | |
61 | if (!kextIdentifier) { |
62 | goto finish; |
63 | } |
64 | |
65 | theKext = OSKext::lookupKextWithIdentifier(kextIdentifier); |
66 | if (theKext && theKext->isLoaded()) { |
67 | result = theKext->getLoadTag(); |
68 | } |
69 | finish: |
70 | if (theKext) { |
71 | theKext->release(); |
72 | } |
73 | return result; |
74 | } |
75 | |
76 | /********************************************************************* |
77 | *********************************************************************/ |
78 | |
79 | // FIXME: Implementation of this function is hidden from the static analyzer. |
80 | // The analyzer is worried about the lack of release and suggests |
81 | // refactoring the code into the typical non-owning container pattern. |
82 | // Feel free to remove the #ifndef and address the warning! |
83 | #ifndef __clang_analyzer__ |
84 | OSReturn |
85 | OSKextRetainKextWithLoadTag(uint32_t loadTag) |
86 | { |
87 | OSReturn result = kOSKextReturnNotFound; |
88 | OSKext * theKext = NULL;// do not release; as this function is a retain |
89 | |
90 | if (loadTag == kOSKextInvalidLoadTag) { |
91 | result = kOSKextReturnInvalidArgument; |
92 | goto finish; |
93 | } |
94 | theKext = OSKext::lookupKextWithLoadTag(aTag: loadTag); |
95 | if (theKext) { |
96 | result = kOSReturnSuccess; |
97 | |
98 | OSKextLog(aKext: theKext, |
99 | kOSKextLogDebugLevel | |
100 | kOSKextLogKextBookkeepingFlag, |
101 | format: "Kext %s (load tag %d) has been retained." , |
102 | theKext->getIdentifierCString(), |
103 | loadTag); |
104 | |
105 | /* Call this after so a log message about autounload comes second. |
106 | */ |
107 | theKext->setAutounloadEnabled(true); |
108 | } else { |
109 | OSKextLog(aKext: theKext, |
110 | kOSKextLogErrorLevel | |
111 | kOSKextLogKextBookkeepingFlag, |
112 | format: "Can't retain kext with load tag %d - no such kext is loaded." , |
113 | loadTag); |
114 | } |
115 | finish: |
116 | return result; |
117 | } |
118 | #endif // __clang_analyzer__ |
119 | |
120 | /********************************************************************* |
121 | *********************************************************************/ |
122 | |
123 | // FIXME: Implementation of this function is hidden from the static analyzer. |
124 | // The analyzer is worried about the double release and suggests |
125 | // refactoring the code into the typical non-owning container pattern. |
126 | // Feel free to remove the #ifndef and address the warning! |
127 | #ifndef __clang_analyzer__ |
128 | OSReturn |
129 | OSKextReleaseKextWithLoadTag(uint32_t loadTag) |
130 | { |
131 | OSReturn result = kOSKextReturnNotFound; |
132 | OSKext * theKext = NULL; // must release twice! |
133 | |
134 | if (loadTag == kOSKextInvalidLoadTag) { |
135 | result = kOSKextReturnInvalidArgument; |
136 | goto finish; |
137 | } |
138 | theKext = OSKext::lookupKextWithLoadTag(aTag: loadTag); |
139 | if (theKext) { |
140 | result = kOSReturnSuccess; |
141 | OSKext::considerUnloads(); // schedule autounload pass |
142 | theKext->release(); // do the release the caller wants |
143 | theKext->release(); // now do the release on the lookup |
144 | OSKextLog(aKext: theKext, |
145 | kOSKextLogDebugLevel | |
146 | kOSKextLogKextBookkeepingFlag, |
147 | format: "Kext %s (load tag %d) has been released." , |
148 | theKext->getIdentifierCString(), |
149 | loadTag); |
150 | } else { |
151 | OSKextLog(aKext: theKext, |
152 | kOSKextLogErrorLevel | |
153 | kOSKextLogKextBookkeepingFlag, |
154 | format: "Can't release kext with load tag %d - no such kext is loaded." , |
155 | loadTag); |
156 | } |
157 | |
158 | // xxx - should I check that the refcount of the OSKext is above the lower bound? |
159 | // xxx - do we want a OSKextGetRetainCountOfKextWithLoadTag()? |
160 | finish: |
161 | return result; |
162 | } |
163 | #endif // __clang_analyzer__ |
164 | |
165 | /********************************************************************* |
166 | * Not to be called by the kext being unloaded! |
167 | *********************************************************************/ |
168 | OSReturn |
169 | OSKextUnloadKextWithLoadTag(uint32_t loadTag) |
170 | { |
171 | return OSKext::removeKextWithLoadTag(loadTag, |
172 | /* terminateServicesAndRemovePersonalitiesFlag */ false); |
173 | } |
174 | |
175 | |
176 | #if PRAGMA_MARK |
177 | #pragma mark Kext Requests |
178 | #endif |
179 | /********************************************************************* |
180 | * Kext Requests |
181 | *********************************************************************/ |
182 | OSReturn |
183 | OSKextRequestResource( |
184 | const char * kextIdentifier, |
185 | const char * resourceName, |
186 | OSKextRequestResourceCallback callback, |
187 | void * context, |
188 | OSKextRequestTag * requestTagOut) |
189 | { |
190 | return OSKext::requestResource(kextIdentifier, resourceName, |
191 | callback, context, requestTagOut); |
192 | } |
193 | |
194 | /********************************************************************* |
195 | *********************************************************************/ |
196 | OSReturn |
197 | OSKextCancelRequest( |
198 | OSKextRequestTag requestTag, |
199 | void ** contextOut) |
200 | { |
201 | return OSKext::cancelRequest(requestTag, contextOut); |
202 | } |
203 | |
204 | #if PRAGMA_MARK |
205 | #pragma mark MIG Functions & Wrappers |
206 | #endif |
207 | /********************************************************************* |
208 | * IMPORTANT: vm_map_copyout_size() consumes the requestIn copy |
209 | * object on success. Therefore once it has been invoked successfully, |
210 | * this routine *must* return KERN_SUCCESS, regardless of our actual |
211 | * result. Our contract with the caller is that requestIn must be |
212 | * caller-deallocated if we return an error. We use op_result to return |
213 | * the real result of our work. |
214 | *********************************************************************/ |
215 | kern_return_t |
216 | kext_request( |
217 | host_priv_t hostPriv, |
218 | /* in only */ uint32_t clientLogSpec, |
219 | /* in only */ vm_offset_t requestIn, |
220 | /* in only */ mach_msg_type_number_t requestLengthIn, |
221 | /* out only */ vm_offset_t * responseOut, |
222 | /* out only */ mach_msg_type_number_t * responseLengthOut, |
223 | /* out only */ vm_offset_t * logDataOut, |
224 | /* out only */ mach_msg_type_number_t * logDataLengthOut, |
225 | /* out only */ kern_return_t * op_result) |
226 | { |
227 | kern_return_t result = KERN_FAILURE; |
228 | vm_map_address_t map_addr = 0; // do not free/deallocate |
229 | char * request = NULL;// must vm_deallocate |
230 | |
231 | mkext2_header * = NULL;// do not release |
232 | bool isMkext = false; |
233 | |
234 | char * response = NULL;// must kmem_free |
235 | uint32_t responseLength = 0; |
236 | char * logData = NULL;// must kmem_free |
237 | uint32_t logDataLength = 0; |
238 | |
239 | /* MIG doesn't pass "out" parameters as empty, so clear them immediately |
240 | * just in case, or MIG will try to copy out bogus data. |
241 | */ |
242 | *op_result = KERN_FAILURE; |
243 | *responseOut = 0; |
244 | *responseLengthOut = 0; |
245 | *logDataOut = 0; |
246 | *logDataLengthOut = 0; |
247 | |
248 | /* Check for input. Don't discard what isn't there, though. |
249 | */ |
250 | if (!requestLengthIn || !requestIn) { |
251 | OSKextLog(/* kext */ NULL, |
252 | kOSKextLogErrorLevel | |
253 | kOSKextLogIPCFlag, |
254 | format: "Invalid request from user space (no data)." ); |
255 | *op_result = KERN_INVALID_ARGUMENT; |
256 | goto finish; |
257 | } |
258 | |
259 | result = vm_map_copyout_size(dst_map: kernel_map, dst_addr: &map_addr, copy: (vm_map_copy_t)requestIn, copy_size: requestLengthIn); |
260 | if (result != KERN_SUCCESS) { |
261 | OSKextLog(/* kext */ NULL, |
262 | kOSKextLogErrorLevel | |
263 | kOSKextLogIPCFlag, |
264 | format: "vm_map_copyout() failed for request from user space." ); |
265 | /* |
266 | * If we return an error it is our caller's responsibility to |
267 | * deallocate the requestIn copy object, so do not deallocate it |
268 | * here. See comment above. |
269 | */ |
270 | goto finish; |
271 | } |
272 | request = CAST_DOWN(char *, map_addr); |
273 | |
274 | /* Check if request is an mkext; this is always a load request |
275 | * and requires root access. If it isn't an mkext, see if it's |
276 | * an XML request, and check the request to see if that requires |
277 | * root access. |
278 | */ |
279 | if (requestLengthIn > sizeof(mkext2_header)) { |
280 | mkextHeader = (mkext2_header *)request; |
281 | if (MKEXT_GET_MAGIC(mkextHeader) == MKEXT_MAGIC && |
282 | MKEXT_GET_SIGNATURE(mkextHeader) == MKEXT_SIGN) { |
283 | isMkext = true; |
284 | } |
285 | } |
286 | |
287 | if (isMkext) { |
288 | #if defined(SECURE_KERNEL) || !CONFIG_KXLD |
289 | // xxx - something tells me if we have a secure kernel we don't even |
290 | // xxx - want to log a message here. :-) |
291 | *op_result = KERN_NOT_SUPPORTED; |
292 | goto finish; |
293 | #else |
294 | // xxx - can we find out if calling task is kextd? |
295 | // xxx - can we find the name of the calling task? |
296 | if (hostPriv == HOST_PRIV_NULL) { |
297 | OSKextLog(/* kext */ NULL, |
298 | kOSKextLogErrorLevel | |
299 | kOSKextLogLoadFlag | kOSKextLogIPCFlag, |
300 | "Attempt by non-root process to load a kext." ); |
301 | *op_result = kOSKextReturnNotPrivileged; |
302 | goto finish; |
303 | } |
304 | |
305 | *op_result = OSKext::loadFromMkext((OSKextLogSpec)clientLogSpec, |
306 | request, requestLengthIn, |
307 | &logData, &logDataLength); |
308 | |
309 | #endif /* defined(SECURE_KERNEL) */ |
310 | } else { |
311 | /* If the request isn't an mkext, then is should be XML. Parse it |
312 | * if possible and hand the request over to OSKext. |
313 | */ |
314 | *op_result = OSKext::handleRequest(hostPriv, |
315 | clientLogSpec: (OSKextLogSpec)clientLogSpec, |
316 | requestBuffer: request, requestLength: requestLengthIn, |
317 | responseOut: &response, responseLengthOut: &responseLength, |
318 | logInfoOut: &logData, logInfoLengthOut: &logDataLength); |
319 | } |
320 | |
321 | if (response && responseLength > 0) { |
322 | kern_return_t copyin_result; |
323 | |
324 | copyin_result = vm_map_copyin(src_map: kernel_map, |
325 | CAST_USER_ADDR_T(response), len: responseLength, |
326 | /* src_destroy */ false, copy_result: (vm_map_copy_t *)responseOut); |
327 | if (copyin_result == KERN_SUCCESS) { |
328 | *responseLengthOut = responseLength; |
329 | } else { |
330 | OSKextLog(/* kext */ NULL, |
331 | kOSKextLogErrorLevel | |
332 | kOSKextLogIPCFlag, |
333 | format: "Failed to copy response to request from user space." ); |
334 | *op_result = copyin_result; // xxx - should we map to our own code? |
335 | *responseOut = 0; |
336 | *responseLengthOut = 0; |
337 | goto finish; |
338 | } |
339 | } |
340 | |
341 | if (logData && logDataLength > 0) { |
342 | kern_return_t copyin_result; |
343 | |
344 | copyin_result = vm_map_copyin(src_map: kernel_map, |
345 | CAST_USER_ADDR_T(logData), len: logDataLength, |
346 | /* src_destroy */ false, copy_result: (vm_map_copy_t *)logDataOut); |
347 | if (copyin_result == KERN_SUCCESS) { |
348 | *logDataLengthOut = logDataLength; |
349 | } else { |
350 | OSKextLog(/* kext */ NULL, |
351 | kOSKextLogErrorLevel | |
352 | kOSKextLogIPCFlag, |
353 | format: "Failed to copy log data for request from user space." ); |
354 | *op_result = copyin_result; // xxx - should we map to our own code? |
355 | *logDataOut = 0; |
356 | *logDataLengthOut = 0; |
357 | goto finish; |
358 | } |
359 | } |
360 | |
361 | finish: |
362 | if (request) { |
363 | (void)vm_deallocate(target_task: kernel_map, address: (vm_offset_t)request, size: requestLengthIn); |
364 | } |
365 | if (response) { |
366 | /* 11981737 - clear uninitialized data in last page */ |
367 | kmem_free(map: kernel_map, addr: (vm_offset_t)response, size: round_page(x: responseLength)); |
368 | } |
369 | if (logData) { |
370 | /* 11981737 - clear uninitialized data in last page */ |
371 | kmem_free(map: kernel_map, addr: (vm_offset_t)logData, size: round_page(x: logDataLength)); |
372 | } |
373 | |
374 | return result; |
375 | } |
376 | |
377 | /********************************************************************* |
378 | * Gets the vm_map for the current kext |
379 | *********************************************************************/ |
380 | extern vm_offset_t segPRELINKTEXTB; |
381 | extern vm_offset_t segLINKB; |
382 | extern unsigned long segSizePRELINKTEXT; |
383 | extern vm_map_t g_kext_map; |
384 | |
385 | vm_map_t |
386 | kext_get_vm_map(kmod_info_t *info) |
387 | { |
388 | vm_map_t kext_map = NULL; |
389 | kc_format_t kcformat; |
390 | |
391 | if (PE_get_primary_kc_format(type: &kcformat) && kcformat == KCFormatFileset) { |
392 | /* Check if the kext is from the boot KC */ |
393 | assert(segLINKB >= (segPRELINKTEXTB + segSizePRELINKTEXT)); |
394 | if ((info->address >= segPRELINKTEXTB) && |
395 | (info->address < segLINKB)) { |
396 | kext_map = kernel_map; |
397 | } else { |
398 | kext_map = g_kext_map; |
399 | } |
400 | } else { |
401 | if ((info->address >= segPRELINKTEXTB) && |
402 | (info->address < (segPRELINKTEXTB + segSizePRELINKTEXT))) { |
403 | kext_map = kernel_map; |
404 | } else { |
405 | kext_map = g_kext_map; |
406 | } |
407 | } |
408 | |
409 | return kext_map; |
410 | } |
411 | |
412 | |
413 | #if PRAGMA_MARK |
414 | /********************************************************************/ |
415 | #pragma mark Weak linking support |
416 | /********************************************************************/ |
417 | #endif |
418 | void |
419 | kext_weak_symbol_referenced(void) |
420 | { |
421 | panic("A kext referenced an unresolved weak symbol" ); |
422 | } |
423 | |
424 | const void * const gOSKextUnresolved = (const void *)&kext_weak_symbol_referenced; |
425 | |
426 | #if PRAGMA_MARK |
427 | #pragma mark Kernel-Internal C Functions |
428 | #endif |
429 | /********************************************************************* |
430 | * Called from startup.c. |
431 | *********************************************************************/ |
432 | void |
433 | OSKextRemoveKextBootstrap(void) |
434 | { |
435 | OSKext::removeKextBootstrap(); |
436 | return; |
437 | } |
438 | |
439 | #if CONFIG_DTRACE |
440 | /********************************************************************* |
441 | *********************************************************************/ |
442 | void |
443 | OSKextRegisterKextsWithDTrace(void) |
444 | { |
445 | OSKext::registerKextsWithDTrace(); |
446 | return; |
447 | } |
448 | #endif /* CONFIG_DTRACE */ |
449 | |
450 | /********************************************************************* |
451 | *********************************************************************/ |
452 | void |
453 | kext_dump_panic_lists(int (*printf_func)(const char * fmt, ...)) |
454 | { |
455 | OSKext::printKextPanicLists(printf_func); |
456 | return; |
457 | } |
458 | |
459 | #if PRAGMA_MARK |
460 | #pragma mark Kmod Compatibility Functions |
461 | #endif |
462 | /********************************************************************* |
463 | ********************************************************************** |
464 | * KMOD COMPATIBILITY FUNCTIONS * |
465 | * (formerly in kmod.c, or C++ bridges from) * |
466 | ********************************************************************** |
467 | ********************************************************************** |
468 | * These two functions are used in various places in the kernel, but |
469 | * are not exported. We might rename them at some point to start with |
470 | * kext_ or OSKext. |
471 | * |
472 | * kmod_panic_dump() must not be called outside of a panic context. |
473 | * kmod_dump_log() must not be called in a panic context. |
474 | *********************************************************************/ |
475 | void |
476 | kmod_panic_dump(vm_offset_t * addr, unsigned int cnt) |
477 | { |
478 | extern int paniclog_append_noflush(const char *format, ...) __printflike(1, 2); |
479 | |
480 | OSKext::printKextsInBacktrace(addr, cnt, printf_func: &paniclog_append_noflush, flags: 0); |
481 | |
482 | return; |
483 | } |
484 | |
485 | void |
486 | telemetry_backtrace_add_kexts( |
487 | char *buf, |
488 | size_t buflen, |
489 | uintptr_t *frames, |
490 | uint32_t framecnt) |
491 | { |
492 | __block size_t pos = 0; |
493 | |
494 | OSKext::foreachKextInBacktrace(addr: frames, cnt: framecnt, flags: OSKext::kPrintKextsLock, |
495 | handler: ^(OSKextLoadedKextSummary *summary, uint32_t index __unused){ |
496 | uuid_string_t uuid; |
497 | uint64_t tmpAddr; |
498 | uint64_t tmpSize; |
499 | |
500 | (void) uuid_unparse(uu: summary->uuid, out: uuid); |
501 | |
502 | #if defined(__arm__) || defined(__arm64__) |
503 | tmpAddr = summary->text_exec_address; |
504 | tmpSize = summary->text_exec_size; |
505 | #else |
506 | tmpAddr = summary->address; |
507 | tmpSize = summary->size; |
508 | #endif |
509 | tmpAddr -= vm_kernel_stext; |
510 | pos += scnprintf(buf + pos, count: buflen - pos, "%s@%llx:%llx\n" , |
511 | uuid, tmpAddr, tmpAddr + tmpSize - 1); |
512 | }); |
513 | } |
514 | |
515 | /********************************************************************/ |
516 | void kmod_dump_log(vm_offset_t *addr, unsigned int cnt, boolean_t doUnslide); |
517 | |
518 | void |
519 | kmod_dump_log( |
520 | vm_offset_t * addr, |
521 | unsigned int cnt, |
522 | boolean_t doUnslide) |
523 | { |
524 | uint32_t flags = OSKext::kPrintKextsLock; |
525 | if (doUnslide) { |
526 | flags |= OSKext::kPrintKextsUnslide; |
527 | } |
528 | OSKext::printKextsInBacktrace(addr, cnt, printf_func: &printf, flags); |
529 | } |
530 | |
531 | void * |
532 | OSKextKextForAddress(const void *addr) |
533 | { |
534 | return OSKext::kextForAddress(addr); |
535 | } |
536 | |
537 | kern_return_t |
538 | OSKextGetLoadedKextSummaryForAddress( |
539 | const void * addr, |
540 | OSKextLoadedKextSummary * summary) |
541 | { |
542 | return OSKext::summaryForAddressExt(addr, summary); |
543 | } |
544 | |
545 | /********************************************************************* |
546 | * Compatibility implementation for kmod_get_info() host_priv routine. |
547 | * Only supported on old 32-bit architectures. |
548 | *********************************************************************/ |
549 | |
550 | #if PRAGMA_MARK |
551 | #pragma mark Loaded Kext Summary |
552 | #endif |
553 | |
554 | void |
555 | OSKextLoadedKextSummariesUpdated(void) |
556 | { |
557 | // Do nothing. |
558 | } |
559 | }; |
560 | |