1/*
2 * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29extern "C" {
30#include <libkern/OSKextLibPrivate.h>
31#include <libkern/mkext.h>
32};
33
34#include <kern/telemetry.h>
35#include <libkern/c++/OSContainers.h>
36#include <libkern/c++/OSKext.h>
37#include <libkern/OSKextLib.h>
38#include <libkern/OSKextLibPrivate.h>
39
40extern "C" {
41#if PRAGMA_MARK
42#pragma mark C-based kext interface (loading/loaded kexts only)
43#endif
44/*********************************************************************
45*********************************************************************/
46kern_return_t
47OSKextLoadKextWithIdentifier(const char * bundle_id)
48{
49 return OSKext::loadKextWithIdentifier(kextIdentifier: bundle_id);
50}
51
52uint32_t OSKextGetLoadTagForIdentifier(const char * kextIdentifier);
53/*********************************************************************
54*********************************************************************/
55uint32_t
56OSKextGetLoadTagForIdentifier(const char * kextIdentifier)
57{
58 uint32_t result = kOSKextInvalidLoadTag;
59 OSKext * theKext = NULL; // must release
60
61 if (!kextIdentifier) {
62 goto finish;
63 }
64
65 theKext = OSKext::lookupKextWithIdentifier(kextIdentifier);
66 if (theKext && theKext->isLoaded()) {
67 result = theKext->getLoadTag();
68 }
69finish:
70 if (theKext) {
71 theKext->release();
72 }
73 return result;
74}
75
76/*********************************************************************
77*********************************************************************/
78
79// FIXME: Implementation of this function is hidden from the static analyzer.
80// The analyzer is worried about the lack of release and suggests
81// refactoring the code into the typical non-owning container pattern.
82// Feel free to remove the #ifndef and address the warning!
83#ifndef __clang_analyzer__
84OSReturn
85OSKextRetainKextWithLoadTag(uint32_t loadTag)
86{
87 OSReturn result = kOSKextReturnNotFound;
88 OSKext * theKext = NULL;// do not release; as this function is a retain
89
90 if (loadTag == kOSKextInvalidLoadTag) {
91 result = kOSKextReturnInvalidArgument;
92 goto finish;
93 }
94 theKext = OSKext::lookupKextWithLoadTag(aTag: loadTag);
95 if (theKext) {
96 result = kOSReturnSuccess;
97
98 OSKextLog(aKext: theKext,
99 kOSKextLogDebugLevel |
100 kOSKextLogKextBookkeepingFlag,
101 format: "Kext %s (load tag %d) has been retained.",
102 theKext->getIdentifierCString(),
103 loadTag);
104
105 /* Call this after so a log message about autounload comes second.
106 */
107 theKext->setAutounloadEnabled(true);
108 } else {
109 OSKextLog(aKext: theKext,
110 kOSKextLogErrorLevel |
111 kOSKextLogKextBookkeepingFlag,
112 format: "Can't retain kext with load tag %d - no such kext is loaded.",
113 loadTag);
114 }
115finish:
116 return result;
117}
118#endif // __clang_analyzer__
119
120/*********************************************************************
121*********************************************************************/
122
123// FIXME: Implementation of this function is hidden from the static analyzer.
124// The analyzer is worried about the double release and suggests
125// refactoring the code into the typical non-owning container pattern.
126// Feel free to remove the #ifndef and address the warning!
127#ifndef __clang_analyzer__
128OSReturn
129OSKextReleaseKextWithLoadTag(uint32_t loadTag)
130{
131 OSReturn result = kOSKextReturnNotFound;
132 OSKext * theKext = NULL; // must release twice!
133
134 if (loadTag == kOSKextInvalidLoadTag) {
135 result = kOSKextReturnInvalidArgument;
136 goto finish;
137 }
138 theKext = OSKext::lookupKextWithLoadTag(aTag: loadTag);
139 if (theKext) {
140 result = kOSReturnSuccess;
141 OSKext::considerUnloads(); // schedule autounload pass
142 theKext->release(); // do the release the caller wants
143 theKext->release(); // now do the release on the lookup
144 OSKextLog(aKext: theKext,
145 kOSKextLogDebugLevel |
146 kOSKextLogKextBookkeepingFlag,
147 format: "Kext %s (load tag %d) has been released.",
148 theKext->getIdentifierCString(),
149 loadTag);
150 } else {
151 OSKextLog(aKext: theKext,
152 kOSKextLogErrorLevel |
153 kOSKextLogKextBookkeepingFlag,
154 format: "Can't release kext with load tag %d - no such kext is loaded.",
155 loadTag);
156 }
157
158 // xxx - should I check that the refcount of the OSKext is above the lower bound?
159 // xxx - do we want a OSKextGetRetainCountOfKextWithLoadTag()?
160finish:
161 return result;
162}
163#endif // __clang_analyzer__
164
165/*********************************************************************
166* Not to be called by the kext being unloaded!
167*********************************************************************/
168OSReturn
169OSKextUnloadKextWithLoadTag(uint32_t loadTag)
170{
171 return OSKext::removeKextWithLoadTag(loadTag,
172 /* terminateServicesAndRemovePersonalitiesFlag */ false);
173}
174
175
176#if PRAGMA_MARK
177#pragma mark Kext Requests
178#endif
179/*********************************************************************
180* Kext Requests
181*********************************************************************/
182OSReturn
183OSKextRequestResource(
184 const char * kextIdentifier,
185 const char * resourceName,
186 OSKextRequestResourceCallback callback,
187 void * context,
188 OSKextRequestTag * requestTagOut)
189{
190 return OSKext::requestResource(kextIdentifier, resourceName,
191 callback, context, requestTagOut);
192}
193
194/*********************************************************************
195*********************************************************************/
196OSReturn
197OSKextCancelRequest(
198 OSKextRequestTag requestTag,
199 void ** contextOut)
200{
201 return OSKext::cancelRequest(requestTag, contextOut);
202}
203
204#if PRAGMA_MARK
205#pragma mark MIG Functions & Wrappers
206#endif
207/*********************************************************************
208* IMPORTANT: vm_map_copyout_size() consumes the requestIn copy
209* object on success. Therefore once it has been invoked successfully,
210* this routine *must* return KERN_SUCCESS, regardless of our actual
211* result. Our contract with the caller is that requestIn must be
212* caller-deallocated if we return an error. We use op_result to return
213* the real result of our work.
214*********************************************************************/
215kern_return_t
216kext_request(
217 host_priv_t hostPriv,
218 /* in only */ uint32_t clientLogSpec,
219 /* in only */ vm_offset_t requestIn,
220 /* in only */ mach_msg_type_number_t requestLengthIn,
221 /* out only */ vm_offset_t * responseOut,
222 /* out only */ mach_msg_type_number_t * responseLengthOut,
223 /* out only */ vm_offset_t * logDataOut,
224 /* out only */ mach_msg_type_number_t * logDataLengthOut,
225 /* out only */ kern_return_t * op_result)
226{
227 kern_return_t result = KERN_FAILURE;
228 vm_map_address_t map_addr = 0; // do not free/deallocate
229 char * request = NULL;// must vm_deallocate
230
231 mkext2_header * mkextHeader = NULL;// do not release
232 bool isMkext = false;
233
234 char * response = NULL;// must kmem_free
235 uint32_t responseLength = 0;
236 char * logData = NULL;// must kmem_free
237 uint32_t logDataLength = 0;
238
239 /* MIG doesn't pass "out" parameters as empty, so clear them immediately
240 * just in case, or MIG will try to copy out bogus data.
241 */
242 *op_result = KERN_FAILURE;
243 *responseOut = 0;
244 *responseLengthOut = 0;
245 *logDataOut = 0;
246 *logDataLengthOut = 0;
247
248 /* Check for input. Don't discard what isn't there, though.
249 */
250 if (!requestLengthIn || !requestIn) {
251 OSKextLog(/* kext */ NULL,
252 kOSKextLogErrorLevel |
253 kOSKextLogIPCFlag,
254 format: "Invalid request from user space (no data).");
255 *op_result = KERN_INVALID_ARGUMENT;
256 goto finish;
257 }
258
259 result = vm_map_copyout_size(dst_map: kernel_map, dst_addr: &map_addr, copy: (vm_map_copy_t)requestIn, copy_size: requestLengthIn);
260 if (result != KERN_SUCCESS) {
261 OSKextLog(/* kext */ NULL,
262 kOSKextLogErrorLevel |
263 kOSKextLogIPCFlag,
264 format: "vm_map_copyout() failed for request from user space.");
265 /*
266 * If we return an error it is our caller's responsibility to
267 * deallocate the requestIn copy object, so do not deallocate it
268 * here. See comment above.
269 */
270 goto finish;
271 }
272 request = CAST_DOWN(char *, map_addr);
273
274 /* Check if request is an mkext; this is always a load request
275 * and requires root access. If it isn't an mkext, see if it's
276 * an XML request, and check the request to see if that requires
277 * root access.
278 */
279 if (requestLengthIn > sizeof(mkext2_header)) {
280 mkextHeader = (mkext2_header *)request;
281 if (MKEXT_GET_MAGIC(mkextHeader) == MKEXT_MAGIC &&
282 MKEXT_GET_SIGNATURE(mkextHeader) == MKEXT_SIGN) {
283 isMkext = true;
284 }
285 }
286
287 if (isMkext) {
288#if defined(SECURE_KERNEL) || !CONFIG_KXLD
289 // xxx - something tells me if we have a secure kernel we don't even
290 // xxx - want to log a message here. :-)
291 *op_result = KERN_NOT_SUPPORTED;
292 goto finish;
293#else
294 // xxx - can we find out if calling task is kextd?
295 // xxx - can we find the name of the calling task?
296 if (hostPriv == HOST_PRIV_NULL) {
297 OSKextLog(/* kext */ NULL,
298 kOSKextLogErrorLevel |
299 kOSKextLogLoadFlag | kOSKextLogIPCFlag,
300 "Attempt by non-root process to load a kext.");
301 *op_result = kOSKextReturnNotPrivileged;
302 goto finish;
303 }
304
305 *op_result = OSKext::loadFromMkext((OSKextLogSpec)clientLogSpec,
306 request, requestLengthIn,
307 &logData, &logDataLength);
308
309#endif /* defined(SECURE_KERNEL) */
310 } else {
311 /* If the request isn't an mkext, then is should be XML. Parse it
312 * if possible and hand the request over to OSKext.
313 */
314 *op_result = OSKext::handleRequest(hostPriv,
315 clientLogSpec: (OSKextLogSpec)clientLogSpec,
316 requestBuffer: request, requestLength: requestLengthIn,
317 responseOut: &response, responseLengthOut: &responseLength,
318 logInfoOut: &logData, logInfoLengthOut: &logDataLength);
319 }
320
321 if (response && responseLength > 0) {
322 kern_return_t copyin_result;
323
324 copyin_result = vm_map_copyin(src_map: kernel_map,
325 CAST_USER_ADDR_T(response), len: responseLength,
326 /* src_destroy */ false, copy_result: (vm_map_copy_t *)responseOut);
327 if (copyin_result == KERN_SUCCESS) {
328 *responseLengthOut = responseLength;
329 } else {
330 OSKextLog(/* kext */ NULL,
331 kOSKextLogErrorLevel |
332 kOSKextLogIPCFlag,
333 format: "Failed to copy response to request from user space.");
334 *op_result = copyin_result; // xxx - should we map to our own code?
335 *responseOut = 0;
336 *responseLengthOut = 0;
337 goto finish;
338 }
339 }
340
341 if (logData && logDataLength > 0) {
342 kern_return_t copyin_result;
343
344 copyin_result = vm_map_copyin(src_map: kernel_map,
345 CAST_USER_ADDR_T(logData), len: logDataLength,
346 /* src_destroy */ false, copy_result: (vm_map_copy_t *)logDataOut);
347 if (copyin_result == KERN_SUCCESS) {
348 *logDataLengthOut = logDataLength;
349 } else {
350 OSKextLog(/* kext */ NULL,
351 kOSKextLogErrorLevel |
352 kOSKextLogIPCFlag,
353 format: "Failed to copy log data for request from user space.");
354 *op_result = copyin_result; // xxx - should we map to our own code?
355 *logDataOut = 0;
356 *logDataLengthOut = 0;
357 goto finish;
358 }
359 }
360
361finish:
362 if (request) {
363 (void)vm_deallocate(target_task: kernel_map, address: (vm_offset_t)request, size: requestLengthIn);
364 }
365 if (response) {
366 /* 11981737 - clear uninitialized data in last page */
367 kmem_free(map: kernel_map, addr: (vm_offset_t)response, size: round_page(x: responseLength));
368 }
369 if (logData) {
370 /* 11981737 - clear uninitialized data in last page */
371 kmem_free(map: kernel_map, addr: (vm_offset_t)logData, size: round_page(x: logDataLength));
372 }
373
374 return result;
375}
376
377/*********************************************************************
378* Gets the vm_map for the current kext
379*********************************************************************/
380extern vm_offset_t segPRELINKTEXTB;
381extern vm_offset_t segLINKB;
382extern unsigned long segSizePRELINKTEXT;
383extern vm_map_t g_kext_map;
384
385vm_map_t
386kext_get_vm_map(kmod_info_t *info)
387{
388 vm_map_t kext_map = NULL;
389 kc_format_t kcformat;
390
391 if (PE_get_primary_kc_format(type: &kcformat) && kcformat == KCFormatFileset) {
392 /* Check if the kext is from the boot KC */
393 assert(segLINKB >= (segPRELINKTEXTB + segSizePRELINKTEXT));
394 if ((info->address >= segPRELINKTEXTB) &&
395 (info->address < segLINKB)) {
396 kext_map = kernel_map;
397 } else {
398 kext_map = g_kext_map;
399 }
400 } else {
401 if ((info->address >= segPRELINKTEXTB) &&
402 (info->address < (segPRELINKTEXTB + segSizePRELINKTEXT))) {
403 kext_map = kernel_map;
404 } else {
405 kext_map = g_kext_map;
406 }
407 }
408
409 return kext_map;
410}
411
412
413#if PRAGMA_MARK
414/********************************************************************/
415#pragma mark Weak linking support
416/********************************************************************/
417#endif
418void
419kext_weak_symbol_referenced(void)
420{
421 panic("A kext referenced an unresolved weak symbol");
422}
423
424const void * const gOSKextUnresolved = (const void *)&kext_weak_symbol_referenced;
425
426#if PRAGMA_MARK
427#pragma mark Kernel-Internal C Functions
428#endif
429/*********************************************************************
430* Called from startup.c.
431*********************************************************************/
432void
433OSKextRemoveKextBootstrap(void)
434{
435 OSKext::removeKextBootstrap();
436 return;
437}
438
439#if CONFIG_DTRACE
440/*********************************************************************
441*********************************************************************/
442void
443OSKextRegisterKextsWithDTrace(void)
444{
445 OSKext::registerKextsWithDTrace();
446 return;
447}
448#endif /* CONFIG_DTRACE */
449
450/*********************************************************************
451*********************************************************************/
452void
453kext_dump_panic_lists(int (*printf_func)(const char * fmt, ...))
454{
455 OSKext::printKextPanicLists(printf_func);
456 return;
457}
458
459#if PRAGMA_MARK
460#pragma mark Kmod Compatibility Functions
461#endif
462/*********************************************************************
463**********************************************************************
464* KMOD COMPATIBILITY FUNCTIONS *
465* (formerly in kmod.c, or C++ bridges from) *
466**********************************************************************
467**********************************************************************
468* These two functions are used in various places in the kernel, but
469* are not exported. We might rename them at some point to start with
470* kext_ or OSKext.
471*
472* kmod_panic_dump() must not be called outside of a panic context.
473* kmod_dump_log() must not be called in a panic context.
474*********************************************************************/
475void
476kmod_panic_dump(vm_offset_t * addr, unsigned int cnt)
477{
478 extern int paniclog_append_noflush(const char *format, ...) __printflike(1, 2);
479
480 OSKext::printKextsInBacktrace(addr, cnt, printf_func: &paniclog_append_noflush, flags: 0);
481
482 return;
483}
484
485void
486telemetry_backtrace_add_kexts(
487 char *buf,
488 size_t buflen,
489 uintptr_t *frames,
490 uint32_t framecnt)
491{
492 __block size_t pos = 0;
493
494 OSKext::foreachKextInBacktrace(addr: frames, cnt: framecnt, flags: OSKext::kPrintKextsLock,
495 handler: ^(OSKextLoadedKextSummary *summary, uint32_t index __unused){
496 uuid_string_t uuid;
497 uint64_t tmpAddr;
498 uint64_t tmpSize;
499
500 (void) uuid_unparse(uu: summary->uuid, out: uuid);
501
502#if defined(__arm__) || defined(__arm64__)
503 tmpAddr = summary->text_exec_address;
504 tmpSize = summary->text_exec_size;
505#else
506 tmpAddr = summary->address;
507 tmpSize = summary->size;
508#endif
509 tmpAddr -= vm_kernel_stext;
510 pos += scnprintf(buf + pos, count: buflen - pos, "%s@%llx:%llx\n",
511 uuid, tmpAddr, tmpAddr + tmpSize - 1);
512 });
513}
514
515/********************************************************************/
516void kmod_dump_log(vm_offset_t *addr, unsigned int cnt, boolean_t doUnslide);
517
518void
519kmod_dump_log(
520 vm_offset_t * addr,
521 unsigned int cnt,
522 boolean_t doUnslide)
523{
524 uint32_t flags = OSKext::kPrintKextsLock;
525 if (doUnslide) {
526 flags |= OSKext::kPrintKextsUnslide;
527 }
528 OSKext::printKextsInBacktrace(addr, cnt, printf_func: &printf, flags);
529}
530
531void *
532OSKextKextForAddress(const void *addr)
533{
534 return OSKext::kextForAddress(addr);
535}
536
537kern_return_t
538OSKextGetLoadedKextSummaryForAddress(
539 const void * addr,
540 OSKextLoadedKextSummary * summary)
541{
542 return OSKext::summaryForAddressExt(addr, summary);
543}
544
545/*********************************************************************
546* Compatibility implementation for kmod_get_info() host_priv routine.
547* Only supported on old 32-bit architectures.
548*********************************************************************/
549
550#if PRAGMA_MARK
551#pragma mark Loaded Kext Summary
552#endif
553
554void
555OSKextLoadedKextSummariesUpdated(void)
556{
557 // Do nothing.
558}
559};
560