1 /*
2 * Copyright (c) 1998-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #include <IOKit/IOBSD.h>
29 #include <IOKit/IOLib.h>
30 #include <IOKit/IOService.h>
31 #include <IOKit/IOCatalogue.h>
32 #include <IOKit/IODeviceTreeSupport.h>
33 #include <IOKit/IOKitKeys.h>
34 #include <IOKit/IONVRAM.h>
35 #include <IOKit/IOPlatformExpert.h>
36 #include <IOKit/IOUserClient.h>
37 #include <libkern/c++/OSAllocation.h>
38
39 extern "C" {
40 #include <libkern/amfi/amfi.h>
41 #include <sys/codesign.h>
42 #include <vm/pmap.h>
43 #include <vm/vm_map.h>
44 #include <pexpert/pexpert.h>
45 #include <kern/clock.h>
46 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
47 #include <kern/debug.h>
48 #endif
49 #include <mach/machine.h>
50 #include <uuid/uuid.h>
51 #include <sys/vnode_internal.h>
52 #include <sys/mount.h>
53 #include <corecrypto/ccsha2.h>
54
55 // how long to wait for matching root device, secs
56 #if DEBUG
57 #define ROOTDEVICETIMEOUT 120
58 #else
59 #define ROOTDEVICETIMEOUT 60
60 #endif
61
62 extern dev_t mdevadd(int devid, uint64_t base, unsigned int size, int phys);
63 extern dev_t mdevlookup(int devid);
64 extern void mdevremoveall(void);
65 extern int mdevgetrange(int devid, uint64_t *base, uint64_t *size);
66 extern void di_root_ramfile(IORegistryEntry * entry);
67 extern int IODTGetDefault(const char *key, void *infoAddr, unsigned int infoSize);
68 extern boolean_t cpuid_vmm_present(void);
69
70 #define ROUNDUP(a, b) (((a) + ((b) - 1)) & (~((b) - 1)))
71
72 #define IOPOLLED_COREFILE (CONFIG_KDP_INTERACTIVE_DEBUGGING)
73
74 #if defined(XNU_TARGET_OS_BRIDGE)
75 #define kIOCoreDumpPath "/private/var/internal/kernelcore"
76 #elif defined(XNU_TARGET_OS_OSX)
77 #define kIOCoreDumpPath "/System/Volumes/VM/kernelcore"
78 #else
79 #define kIOCoreDumpPath "/private/var/vm/kernelcore"
80 #endif
81
82 #define SYSTEM_NVRAM_PREFIX "40A0DDD2-77F8-4392-B4A3-1E7304206516:"
83
84 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
85 /*
86 * Touched by IOFindBSDRoot() if a RAMDisk is used for the root device.
87 */
88 extern uint64_t kdp_core_ramdisk_addr;
89 extern uint64_t kdp_core_ramdisk_size;
90
91 /*
92 * A callback to indicate that the polled-mode corefile is now available.
93 */
94 extern kern_return_t kdp_core_polled_io_polled_file_available(IOCoreFileAccessCallback access_data, void *access_context, void *recipient_context);
95
96 /*
97 * A callback to indicate that the polled-mode corefile is no longer available.
98 */
99 extern kern_return_t kdp_core_polled_io_polled_file_unavailable(void);
100 #endif
101
102 #if IOPOLLED_COREFILE
103 static void IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename);
104
105 thread_call_t corefile_open_call = NULL;
106 #endif
107
108 kern_return_t
IOKitBSDInit(void)109 IOKitBSDInit( void )
110 {
111 IOService::publishResource("IOBSD");
112
113 #if IOPOLLED_COREFILE
114 corefile_open_call = thread_call_allocate_with_options(IOOpenPolledCoreFile, NULL, THREAD_CALL_PRIORITY_KERNEL, THREAD_CALL_OPTIONS_ONCE);
115 #endif
116
117 return kIOReturnSuccess;
118 }
119
120 void
IOServicePublishResource(const char * property,boolean_t value)121 IOServicePublishResource( const char * property, boolean_t value )
122 {
123 if (value) {
124 IOService::publishResource( property, kOSBooleanTrue );
125 } else {
126 IOService::getResourceService()->removeProperty( property );
127 }
128 }
129
130 boolean_t
IOServiceWaitForMatchingResource(const char * property,uint64_t timeout)131 IOServiceWaitForMatchingResource( const char * property, uint64_t timeout )
132 {
133 OSDictionary * dict = NULL;
134 IOService * match = NULL;
135 boolean_t found = false;
136
137 do {
138 dict = IOService::resourceMatching( property );
139 if (!dict) {
140 continue;
141 }
142 match = IOService::waitForMatchingService( dict, timeout );
143 if (match) {
144 found = true;
145 }
146 } while (false);
147
148 if (dict) {
149 dict->release();
150 }
151 if (match) {
152 match->release();
153 }
154
155 return found;
156 }
157
158 boolean_t
IOCatalogueMatchingDriversPresent(const char * property)159 IOCatalogueMatchingDriversPresent( const char * property )
160 {
161 OSDictionary * dict = NULL;
162 OSOrderedSet * set = NULL;
163 SInt32 generationCount = 0;
164 boolean_t found = false;
165
166 do {
167 dict = OSDictionary::withCapacity(1);
168 if (!dict) {
169 continue;
170 }
171 dict->setObject( property, kOSBooleanTrue );
172 set = gIOCatalogue->findDrivers( dict, &generationCount );
173 if (set && (set->getCount() > 0)) {
174 found = true;
175 }
176 } while (false);
177
178 if (dict) {
179 dict->release();
180 }
181 if (set) {
182 set->release();
183 }
184
185 return found;
186 }
187
188 OSDictionary *
IOBSDNameMatching(const char * name)189 IOBSDNameMatching( const char * name )
190 {
191 OSDictionary * dict;
192 const OSSymbol * str = NULL;
193
194 do {
195 dict = IOService::serviceMatching( gIOServiceKey );
196 if (!dict) {
197 continue;
198 }
199 str = OSSymbol::withCString( name );
200 if (!str) {
201 continue;
202 }
203 dict->setObject( kIOBSDNameKey, (OSObject *) str );
204 str->release();
205
206 return dict;
207 } while (false);
208
209 if (dict) {
210 dict->release();
211 }
212 if (str) {
213 str->release();
214 }
215
216 return NULL;
217 }
218
219 OSDictionary *
IOUUIDMatching(void)220 IOUUIDMatching( void )
221 {
222 return IOService::resourceMatching( "boot-uuid-media" );
223 }
224
225 OSDictionary *
IONetworkNamePrefixMatching(const char * prefix)226 IONetworkNamePrefixMatching( const char * prefix )
227 {
228 OSDictionary * matching;
229 OSDictionary * propDict = NULL;
230 const OSSymbol * str = NULL;
231 char networkType[128];
232
233 do {
234 matching = IOService::serviceMatching( "IONetworkInterface" );
235 if (matching == NULL) {
236 continue;
237 }
238
239 propDict = OSDictionary::withCapacity(1);
240 if (propDict == NULL) {
241 continue;
242 }
243
244 str = OSSymbol::withCString( prefix );
245 if (str == NULL) {
246 continue;
247 }
248
249 propDict->setObject( "IOInterfaceNamePrefix", (OSObject *) str );
250 str->release();
251 str = NULL;
252
253 // see if we're contrained to netroot off of specific network type
254 if (PE_parse_boot_argn( "network-type", networkType, 128 )) {
255 str = OSSymbol::withCString( networkType );
256 if (str) {
257 propDict->setObject( "IONetworkRootType", str);
258 str->release();
259 str = NULL;
260 }
261 }
262
263 if (matching->setObject( gIOPropertyMatchKey,
264 (OSObject *) propDict ) != true) {
265 continue;
266 }
267
268 propDict->release();
269 propDict = NULL;
270
271 return matching;
272 } while (false);
273
274 if (matching) {
275 matching->release();
276 }
277 if (propDict) {
278 propDict->release();
279 }
280 if (str) {
281 str->release();
282 }
283
284 return NULL;
285 }
286
287 static bool
IORegisterNetworkInterface(IOService * netif)288 IORegisterNetworkInterface( IOService * netif )
289 {
290 // A network interface is typically named and registered
291 // with BSD after receiving a request from a user space
292 // "namer". However, for cases when the system needs to
293 // root from the network, this registration task must be
294 // done inside the kernel and completed before the root
295 // device is handed to BSD.
296
297 IOService * stack;
298 OSNumber * zero = NULL;
299 OSString * path = NULL;
300 OSDictionary * dict = NULL;
301 OSDataAllocation<char> pathBuf;
302 int len;
303 enum { kMaxPathLen = 512 };
304
305 do {
306 stack = IOService::waitForService(
307 IOService::serviceMatching("IONetworkStack"));
308 if (stack == NULL) {
309 break;
310 }
311
312 dict = OSDictionary::withCapacity(3);
313 if (dict == NULL) {
314 break;
315 }
316
317 zero = OSNumber::withNumber((UInt64) 0, 32);
318 if (zero == NULL) {
319 break;
320 }
321
322 pathBuf = OSDataAllocation<char>( kMaxPathLen, OSAllocateMemory );
323 if (!pathBuf) {
324 break;
325 }
326
327 len = kMaxPathLen;
328 if (netif->getPath( pathBuf.data(), &len, gIOServicePlane )
329 == false) {
330 break;
331 }
332
333 path = OSString::withCStringNoCopy(pathBuf.data());
334 if (path == NULL) {
335 break;
336 }
337
338 dict->setObject( "IOInterfaceUnit", zero );
339 dict->setObject( kIOPathMatchKey, path );
340
341 stack->setProperties( dict );
342 }while (false);
343
344 if (zero) {
345 zero->release();
346 }
347 if (path) {
348 path->release();
349 }
350 if (dict) {
351 dict->release();
352 }
353
354 return netif->getProperty( kIOBSDNameKey ) != NULL;
355 }
356
357 OSDictionary *
IOOFPathMatching(const char * path,char * buf,int maxLen)358 IOOFPathMatching( const char * path, char * buf, int maxLen )
359 {
360 OSDictionary * matching = NULL;
361 OSString * str;
362 char * comp;
363 int len;
364
365 do {
366 len = ((int) strlen( kIODeviceTreePlane ":" ));
367 maxLen -= len;
368 if (maxLen <= 0) {
369 continue;
370 }
371
372 strlcpy( buf, kIODeviceTreePlane ":", len + 1 );
373 comp = buf + len;
374
375 len = ((int) strnlen( path, INT_MAX ));
376 maxLen -= len;
377 if (maxLen <= 0) {
378 continue;
379 }
380 strlcpy( comp, path, len + 1 );
381
382 matching = OSDictionary::withCapacity( 1 );
383 if (!matching) {
384 continue;
385 }
386
387 str = OSString::withCString( buf );
388 if (!str) {
389 continue;
390 }
391 matching->setObject( kIOPathMatchKey, str );
392 str->release();
393
394 return matching;
395 } while (false);
396
397 if (matching) {
398 matching->release();
399 }
400
401 return NULL;
402 }
403
404 static int didRam = 0;
405 enum { kMaxPathBuf = 512, kMaxBootVar = 128 };
406
407 bool
IOGetBootUUID(char * uuid)408 IOGetBootUUID(char *uuid)
409 {
410 IORegistryEntry *entry;
411 OSData *uuid_data = NULL;
412 bool result = false;
413
414 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
415 uuid_data = (OSData *)entry->getProperty("boot-uuid");
416 if (uuid_data) {
417 unsigned int length = uuid_data->getLength();
418 if (length <= sizeof(uuid_string_t)) {
419 /* ensure caller's buffer is fully initialized: */
420 bzero(uuid, sizeof(uuid_string_t));
421 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
422 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
423 /* guarantee nul-termination: */
424 uuid[sizeof(uuid_string_t) - 1] = '\0';
425 result = true;
426 } else {
427 uuid = NULL;
428 }
429 }
430 OSSafeReleaseNULL(entry);
431 }
432 return result;
433 }
434
435 bool
IOGetApfsPrebootUUID(char * uuid)436 IOGetApfsPrebootUUID(char *uuid)
437 {
438 IORegistryEntry *entry;
439 OSData *uuid_data = NULL;
440 bool result = false;
441
442 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
443 uuid_data = (OSData *)entry->getProperty("apfs-preboot-uuid");
444
445 if (uuid_data) {
446 unsigned int length = uuid_data->getLength();
447 if (length <= sizeof(uuid_string_t)) {
448 /* ensure caller's buffer is fully initialized: */
449 bzero(uuid, sizeof(uuid_string_t));
450 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
451 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
452 /* guarantee nul-termination: */
453 uuid[sizeof(uuid_string_t) - 1] = '\0';
454 result = true;
455 } else {
456 uuid = NULL;
457 }
458 }
459 OSSafeReleaseNULL(entry);
460 }
461 return result;
462 }
463
464 bool
IOGetAssociatedApfsVolgroupUUID(char * uuid)465 IOGetAssociatedApfsVolgroupUUID(char *uuid)
466 {
467 IORegistryEntry *entry;
468 OSData *uuid_data = NULL;
469 bool result = false;
470
471 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
472 uuid_data = (OSData *)entry->getProperty("associated-volume-group");
473
474 if (uuid_data) {
475 unsigned int length = uuid_data->getLength();
476
477 if (length <= sizeof(uuid_string_t)) {
478 /* ensure caller's buffer is fully initialized: */
479 bzero(uuid, sizeof(uuid_string_t));
480 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
481 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
482 /* guarantee nul-termination: */
483 uuid[sizeof(uuid_string_t) - 1] = '\0';
484 result = true;
485 } else {
486 uuid = NULL;
487 }
488 }
489 OSSafeReleaseNULL(entry);
490 }
491 return result;
492 }
493
494 bool
IOGetBootObjectsPath(char * path_prefix)495 IOGetBootObjectsPath(char *path_prefix)
496 {
497 IORegistryEntry *entry;
498 OSData *path_prefix_data = NULL;
499 bool result = false;
500
501 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
502 path_prefix_data = (OSData *)entry->getProperty("boot-objects-path");
503
504 if (path_prefix_data) {
505 unsigned int length = path_prefix_data->getLength();
506
507 if (length <= MAXPATHLEN) {
508 /* ensure caller's buffer is fully initialized: */
509 bzero(path_prefix, MAXPATHLEN);
510 /* copy the content of path_prefix_data->getBytesNoCopy() into path_prefix */
511 memcpy(path_prefix, path_prefix_data->getBytesNoCopy(), length);
512 /* guarantee nul-termination: */
513 path_prefix[MAXPATHLEN - 1] = '\0';
514 result = true;
515 } else {
516 path_prefix = NULL;
517 }
518 }
519 OSSafeReleaseNULL(entry);
520 }
521 return result;
522 }
523
524
525 bool
IOGetBootManifestHash(char * hash_data,size_t * hash_data_size)526 IOGetBootManifestHash(char *hash_data, size_t *hash_data_size)
527 {
528 IORegistryEntry *entry = NULL;
529 OSData *manifest_hash_data = NULL;
530 bool result = false;
531
532 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
533 manifest_hash_data = (OSData *)entry->getProperty("boot-manifest-hash");
534 if (manifest_hash_data) {
535 unsigned int length = manifest_hash_data->getLength();
536 /* hashed with SHA2-384 or SHA1, the boot manifest hash should be 48 Bytes or less */
537 if ((length <= CCSHA384_OUTPUT_SIZE) && (*hash_data_size >= CCSHA384_OUTPUT_SIZE)) {
538 /* ensure caller's buffer is fully initialized: */
539 bzero(hash_data, CCSHA384_OUTPUT_SIZE);
540 /* copy the content of manifest_hash_data->getBytesNoCopy() into hash_data */
541 memcpy(hash_data, manifest_hash_data->getBytesNoCopy(), length);
542 *hash_data_size = length;
543 result = true;
544 } else {
545 hash_data = NULL;
546 *hash_data_size = 0;
547 }
548 }
549 OSSafeReleaseNULL(entry);
550 }
551
552 return result;
553 }
554
555 /*
556 * Set NVRAM to boot into the right flavor of Recovery,
557 * optionally passing a UUID of a volume that failed to boot.
558 * If `reboot` is true, reboot immediately.
559 *
560 * Returns true if `mode` was understood, false otherwise.
561 * (Does not return if `reboot` is true.)
562 */
563 boolean_t
IOSetRecoveryBoot(bsd_bootfail_mode_t mode,uuid_t volume_uuid,boolean_t reboot)564 IOSetRecoveryBoot(bsd_bootfail_mode_t mode, uuid_t volume_uuid, boolean_t reboot)
565 {
566 IODTNVRAM *nvram = NULL;
567 const OSSymbol *boot_command_sym = NULL;
568 OSString *boot_command_recover = NULL;
569
570 if (mode == BSD_BOOTFAIL_SEAL_BROKEN) {
571 const char *boot_mode = "ssv-seal-broken";
572 uuid_string_t volume_uuid_str;
573
574 // Set `recovery-broken-seal-uuid = <volume_uuid>`.
575 if (volume_uuid) {
576 uuid_unparse_upper(volume_uuid, volume_uuid_str);
577
578 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-broken-seal-uuid",
579 volume_uuid_str, sizeof(uuid_string_t))) {
580 IOLog("Failed to write recovery-broken-seal-uuid to NVRAM.\n");
581 }
582 }
583
584 // Set `recovery-boot-mode = ssv-seal-broken`.
585 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-boot-mode", boot_mode,
586 (const unsigned int) strlen(boot_mode))) {
587 IOLog("Failed to write recovery-boot-mode to NVRAM.\n");
588 }
589 } else if (mode == BSD_BOOTFAIL_MEDIA_MISSING) {
590 const char *boot_picker_reason = "missing-boot-media";
591
592 // Set `boot-picker-bringup-reason = missing-boot-media`.
593 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "boot-picker-bringup-reason",
594 boot_picker_reason, (const unsigned int) strlen(boot_picker_reason))) {
595 IOLog("Failed to write boot-picker-bringup-reason to NVRAM.\n");
596 }
597
598 // Set `boot-command = recover-system`.
599
600 // Construct an OSSymbol and an OSString to be the (key, value) pair
601 // we write to NVRAM. Unfortunately, since our value must be an OSString
602 // instead of an OSData, we cannot use PEWriteNVRAMProperty() here.
603 boot_command_sym = OSSymbol::withCStringNoCopy(SYSTEM_NVRAM_PREFIX "boot-command");
604 boot_command_recover = OSString::withCStringNoCopy("recover-system");
605 if (boot_command_sym == NULL || boot_command_recover == NULL) {
606 IOLog("Failed to create boot-command strings.\n");
607 goto do_reboot;
608 }
609
610 // Wait for NVRAM to be readable...
611 nvram = OSDynamicCast(IODTNVRAM, IOService::waitForService(
612 IOService::serviceMatching("IODTNVRAM")));
613 if (nvram == NULL) {
614 IOLog("Failed to acquire IODTNVRAM object.\n");
615 goto do_reboot;
616 }
617
618 // Wait for NVRAM to be writable...
619 if (!IOServiceWaitForMatchingResource("IONVRAM", UINT64_MAX)) {
620 IOLog("Failed to wait for IONVRAM service.\n");
621 // attempt the work anyway...
622 }
623
624 // Write the new boot-command to NVRAM, and sync if successful.
625 if (!nvram->setProperty(boot_command_sym, boot_command_recover)) {
626 IOLog("Failed to save new boot-command to NVRAM.\n");
627 } else {
628 nvram->sync();
629 }
630 } else {
631 IOLog("Unknown mode: %d\n", mode);
632 return false;
633 }
634
635 // Clean up and reboot!
636 do_reboot:
637 if (boot_command_recover != NULL) {
638 boot_command_recover->release();
639 }
640
641 if (boot_command_sym != NULL) {
642 boot_command_sym->release();
643 }
644
645 if (reboot) {
646 IOLog("\nAbout to reboot into Recovery!\n");
647 (void)PEHaltRestart(kPERestartCPU);
648 }
649
650 return true;
651 }
652
653 kern_return_t
IOFindBSDRoot(char * rootName,unsigned int rootNameSize,dev_t * root,u_int32_t * oflags)654 IOFindBSDRoot( char * rootName, unsigned int rootNameSize,
655 dev_t * root, u_int32_t * oflags )
656 {
657 mach_timespec_t t;
658 IOService * service;
659 IORegistryEntry * regEntry;
660 OSDictionary * matching = NULL;
661 OSString * iostr;
662 OSNumber * off;
663 OSData * data = NULL;
664
665 UInt32 flags = 0;
666 int mnr, mjr;
667 const char * mediaProperty = NULL;
668 char * rdBootVar;
669 OSDataAllocation<char> str;
670 const char * look = NULL;
671 int len;
672 bool debugInfoPrintedOnce = false;
673 bool needNetworkKexts = false;
674 const char * uuidStr = NULL;
675
676 static int mountAttempts = 0;
677
678 int xchar, dchar;
679
680 // stall here for anyone matching on the IOBSD resource to finish (filesystems)
681 matching = IOService::serviceMatching(gIOResourcesKey);
682 assert(matching);
683 matching->setObject(gIOResourceMatchedKey, gIOBSDKey);
684
685 if ((service = IOService::waitForMatchingService(matching, 30ULL * kSecondScale))) {
686 OSSafeReleaseNULL(service);
687 } else {
688 IOLog("!BSD\n");
689 }
690 matching->release();
691 matching = NULL;
692
693 if (mountAttempts++) {
694 IOLog("mount(%d) failed\n", mountAttempts);
695 IOSleep( 5 * 1000 );
696 }
697
698 str = OSDataAllocation<char>( kMaxPathBuf + kMaxBootVar, OSAllocateMemory );
699 if (!str) {
700 return kIOReturnNoMemory;
701 }
702 rdBootVar = str.data() + kMaxPathBuf;
703
704 if (!PE_parse_boot_argn("rd", rdBootVar, kMaxBootVar )
705 && !PE_parse_boot_argn("rootdev", rdBootVar, kMaxBootVar )) {
706 rdBootVar[0] = 0;
707 }
708
709 if ((regEntry = IORegistryEntry::fromPath( "/chosen", gIODTPlane ))) {
710 do {
711 di_root_ramfile(regEntry);
712 OSObject* unserializedContainer = NULL;
713 data = OSDynamicCast(OSData, regEntry->getProperty( "root-matching" ));
714 if (data) {
715 unserializedContainer = OSUnserializeXML((char *)data->getBytesNoCopy());
716 matching = OSDynamicCast(OSDictionary, unserializedContainer);
717 if (matching) {
718 continue;
719 }
720 }
721 OSSafeReleaseNULL(unserializedContainer);
722
723 data = (OSData *) regEntry->getProperty( "boot-uuid" );
724 if (data) {
725 uuidStr = (const char*)data->getBytesNoCopy();
726 OSString *uuidString = OSString::withCString( uuidStr );
727
728 // match the boot-args boot-uuid processing below
729 if (uuidString) {
730 IOLog("rooting via boot-uuid from /chosen: %s\n", uuidStr);
731 IOService::publishResource( "boot-uuid", uuidString );
732 uuidString->release();
733 matching = IOUUIDMatching();
734 mediaProperty = "boot-uuid-media";
735 continue;
736 } else {
737 uuidStr = NULL;
738 }
739 }
740 } while (false);
741 OSSafeReleaseNULL(regEntry);
742 }
743
744 //
745 // See if we have a RAMDisk property in /chosen/memory-map. If so, make it into a device.
746 // It will become /dev/mdx, where x is 0-f.
747 //
748
749 if (!didRam) { /* Have we already build this ram disk? */
750 didRam = 1; /* Remember we did this */
751 if ((regEntry = IORegistryEntry::fromPath( "/chosen/memory-map", gIODTPlane ))) { /* Find the map node */
752 data = (OSData *)regEntry->getProperty("RAMDisk"); /* Find the ram disk, if there */
753 if (data) { /* We found one */
754 uintptr_t *ramdParms;
755 ramdParms = (uintptr_t *)data->getBytesNoCopy(); /* Point to the ram disk base and size */
756 #if __LP64__
757 #define MAX_PHYS_RAM (((uint64_t)UINT_MAX) << 12)
758 if (ramdParms[1] > MAX_PHYS_RAM) {
759 panic("ramdisk params");
760 }
761 #endif /* __LP64__ */
762 (void)mdevadd(-1, ml_static_ptovirt(ramdParms[0]) >> 12, (unsigned int) (ramdParms[1] >> 12), 0); /* Initialize it and pass back the device number */
763 }
764 regEntry->release(); /* Toss the entry */
765 }
766 }
767
768 //
769 // Now check if we are trying to root on a memory device
770 //
771
772 if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) {
773 dchar = xchar = rdBootVar[2]; /* Get the actual device */
774 if ((xchar >= '0') && (xchar <= '9')) {
775 xchar = xchar - '0'; /* If digit, convert */
776 } else {
777 xchar = xchar & ~' '; /* Fold to upper case */
778 if ((xchar >= 'A') && (xchar <= 'F')) { /* Is this a valid digit? */
779 xchar = (xchar & 0xF) + 9; /* Convert the hex digit */
780 dchar = dchar | ' '; /* Fold to lower case */
781 } else {
782 xchar = -1; /* Show bogus */
783 }
784 }
785 if (xchar >= 0) { /* Do we have a valid memory device name? */
786 OSSafeReleaseNULL(matching);
787 *root = mdevlookup(xchar); /* Find the device number */
788 if (*root >= 0) { /* Did we find one? */
789 rootName[0] = 'm'; /* Build root name */
790 rootName[1] = 'd'; /* Build root name */
791 rootName[2] = (char) dchar; /* Build root name */
792 rootName[3] = 0; /* Build root name */
793 IOLog("BSD root: %s, major %d, minor %d\n", rootName, major(*root), minor(*root));
794 *oflags = 0; /* Show that this is not network */
795
796 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
797 /* retrieve final ramdisk range and initialize KDP variables */
798 if (mdevgetrange(xchar, &kdp_core_ramdisk_addr, &kdp_core_ramdisk_size) != 0) {
799 IOLog("Unable to retrieve range for root memory device %d\n", xchar);
800 kdp_core_ramdisk_addr = 0;
801 kdp_core_ramdisk_size = 0;
802 }
803 #endif
804
805 goto iofrootx; /* Join common exit... */
806 }
807 panic("IOFindBSDRoot: specified root memory device, %s, has not been configured", rdBootVar); /* Not there */
808 }
809 }
810
811 if ((!matching) && rdBootVar[0]) {
812 // by BSD name
813 look = rdBootVar;
814 if (look[0] == '*') {
815 look++;
816 }
817
818 if (strncmp( look, "en", strlen( "en" )) == 0) {
819 matching = IONetworkNamePrefixMatching( "en" );
820 needNetworkKexts = true;
821 } else if (strncmp( look, "uuid", strlen( "uuid" )) == 0) {
822 OSDataAllocation<char> uuid( kMaxBootVar, OSAllocateMemory );
823
824 if (uuid) {
825 OSString *uuidString;
826
827 if (!PE_parse_boot_argn( "boot-uuid", uuid.data(), kMaxBootVar )) {
828 panic( "rd=uuid but no boot-uuid=<value> specified" );
829 }
830 uuidString = OSString::withCString(uuid.data());
831 if (uuidString) {
832 IOService::publishResource( "boot-uuid", uuidString );
833 uuidString->release();
834 IOLog("\nWaiting for boot volume with UUID %s\n", uuid.data());
835 matching = IOUUIDMatching();
836 mediaProperty = "boot-uuid-media";
837 }
838 }
839 } else {
840 matching = IOBSDNameMatching( look );
841 }
842 }
843
844 if (!matching) {
845 OSString * astring;
846 // Match any HFS media
847
848 matching = IOService::serviceMatching( "IOMedia" );
849 assert(matching);
850 astring = OSString::withCStringNoCopy("Apple_HFS");
851 if (astring) {
852 matching->setObject("Content", astring);
853 astring->release();
854 }
855 }
856
857 if (gIOKitDebug & kIOWaitQuietBeforeRoot) {
858 IOLog( "Waiting for matching to complete\n" );
859 IOService::getPlatform()->waitQuiet();
860 }
861
862 if (matching) {
863 OSSerialize * s = OSSerialize::withCapacity( 5 );
864
865 if (matching->serialize( s )) {
866 IOLog( "Waiting on %s\n", s->text());
867 }
868 s->release();
869 }
870
871 char namep[8];
872 if (needNetworkKexts
873 || PE_parse_boot_argn("-s", namep, sizeof(namep))) {
874 IOService::startDeferredMatches();
875 }
876
877 do {
878 t.tv_sec = ROOTDEVICETIMEOUT;
879 t.tv_nsec = 0;
880 matching->retain();
881 service = IOService::waitForService( matching, &t );
882 if ((!service) || (mountAttempts == 10)) {
883 #if !XNU_TARGET_OS_OSX || !defined(__arm64__)
884 PE_display_icon( 0, "noroot");
885 IOLog( "Still waiting for root device\n" );
886 #endif
887
888 if (!debugInfoPrintedOnce) {
889 debugInfoPrintedOnce = true;
890 if (gIOKitDebug & kIOLogDTree) {
891 IOLog("\nDT plane:\n");
892 IOPrintPlane( gIODTPlane );
893 }
894 if (gIOKitDebug & kIOLogServiceTree) {
895 IOLog("\nService plane:\n");
896 IOPrintPlane( gIOServicePlane );
897 }
898 if (gIOKitDebug & kIOLogMemory) {
899 IOPrintMemory();
900 }
901 }
902
903 #if XNU_TARGET_OS_OSX && defined(__arm64__)
904 // The disk isn't found - have the user pick from System Recovery.
905 (void)IOSetRecoveryBoot(BSD_BOOTFAIL_MEDIA_MISSING, NULL, true);
906 #elif XNU_TARGET_OS_IOS
907 panic("Failed to mount root device");
908 #endif
909 }
910 } while (!service);
911
912 OSSafeReleaseNULL(matching);
913
914 if (service && mediaProperty) {
915 service = (IOService *)service->getProperty(mediaProperty);
916 }
917
918 mjr = 0;
919 mnr = 0;
920
921 // If the IOService we matched to is a subclass of IONetworkInterface,
922 // then make sure it has been registered with BSD and has a BSD name
923 // assigned.
924
925 if (service
926 && service->metaCast( "IONetworkInterface" )
927 && !IORegisterNetworkInterface( service )) {
928 service = NULL;
929 }
930
931 if (service) {
932 len = kMaxPathBuf;
933 service->getPath( str.data(), &len, gIOServicePlane );
934 IOLog("Got boot device = %s\n", str.data());
935
936 iostr = (OSString *) service->getProperty( kIOBSDNameKey );
937 if (iostr) {
938 strlcpy( rootName, iostr->getCStringNoCopy(), rootNameSize );
939 }
940 off = (OSNumber *) service->getProperty( kIOBSDMajorKey );
941 if (off) {
942 mjr = off->unsigned32BitValue();
943 }
944 off = (OSNumber *) service->getProperty( kIOBSDMinorKey );
945 if (off) {
946 mnr = off->unsigned32BitValue();
947 }
948
949 if (service->metaCast( "IONetworkInterface" )) {
950 flags |= 1;
951 }
952 } else {
953 IOLog( "Wait for root failed\n" );
954 strlcpy( rootName, "en0", rootNameSize );
955 flags |= 1;
956 }
957
958 IOLog( "BSD root: %s", rootName );
959 if (mjr) {
960 IOLog(", major %d, minor %d\n", mjr, mnr );
961 } else {
962 IOLog("\n");
963 }
964
965 *root = makedev( mjr, mnr );
966 *oflags = flags;
967
968 iofrootx:
969
970 IOService::setRootMedia(service);
971
972 if ((gIOKitDebug & (kIOLogDTree | kIOLogServiceTree | kIOLogMemory)) && !debugInfoPrintedOnce) {
973 IOService::getPlatform()->waitQuiet();
974 if (gIOKitDebug & kIOLogDTree) {
975 IOLog("\nDT plane:\n");
976 IOPrintPlane( gIODTPlane );
977 }
978 if (gIOKitDebug & kIOLogServiceTree) {
979 IOLog("\nService plane:\n");
980 IOPrintPlane( gIOServicePlane );
981 }
982 if (gIOKitDebug & kIOLogMemory) {
983 IOPrintMemory();
984 }
985 }
986
987 return kIOReturnSuccess;
988 }
989
990 void
IOSetImageBoot(void)991 IOSetImageBoot(void)
992 {
993 // this will unhide all IOMedia, without waiting for kernelmanagement to start
994 IOService::setRootMedia(NULL);
995 }
996
997 bool
IORamDiskBSDRoot(void)998 IORamDiskBSDRoot(void)
999 {
1000 char rdBootVar[kMaxBootVar];
1001 if (PE_parse_boot_argn("rd", rdBootVar, kMaxBootVar )
1002 || PE_parse_boot_argn("rootdev", rdBootVar, kMaxBootVar )) {
1003 if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) {
1004 return true;
1005 }
1006 }
1007 return false;
1008 }
1009
1010 void
IOSecureBSDRoot(const char * rootName)1011 IOSecureBSDRoot(const char * rootName)
1012 {
1013 #if CONFIG_SECURE_BSD_ROOT
1014 IOReturn result;
1015 IOPlatformExpert *pe;
1016 OSDictionary *matching;
1017 const OSSymbol *functionName = OSSymbol::withCStringNoCopy("SecureRootName");
1018
1019 matching = IOService::serviceMatching("IOPlatformExpert");
1020 assert(matching);
1021 pe = (IOPlatformExpert *) IOService::waitForMatchingService(matching, 30ULL * kSecondScale);
1022 matching->release();
1023 assert(pe);
1024 // Returns kIOReturnNotPrivileged is the root device is not secure.
1025 // Returns kIOReturnUnsupported if "SecureRootName" is not implemented.
1026 result = pe->callPlatformFunction(functionName, false, (void *)rootName, (void *)NULL, (void *)NULL, (void *)NULL);
1027 functionName->release();
1028 OSSafeReleaseNULL(pe);
1029
1030 if (result == kIOReturnNotPrivileged) {
1031 mdevremoveall();
1032 }
1033
1034 #endif // CONFIG_SECURE_BSD_ROOT
1035 }
1036
1037 void *
IOBSDRegistryEntryForDeviceTree(char * path)1038 IOBSDRegistryEntryForDeviceTree(char * path)
1039 {
1040 return IORegistryEntry::fromPath(path, gIODTPlane);
1041 }
1042
1043 void
IOBSDRegistryEntryRelease(void * entry)1044 IOBSDRegistryEntryRelease(void * entry)
1045 {
1046 IORegistryEntry * regEntry = (IORegistryEntry *)entry;
1047
1048 if (regEntry) {
1049 regEntry->release();
1050 }
1051 return;
1052 }
1053
1054 const void *
IOBSDRegistryEntryGetData(void * entry,char * property_name,int * packet_length)1055 IOBSDRegistryEntryGetData(void * entry, char * property_name,
1056 int * packet_length)
1057 {
1058 OSData * data;
1059 IORegistryEntry * regEntry = (IORegistryEntry *)entry;
1060
1061 data = (OSData *) regEntry->getProperty(property_name);
1062 if (data) {
1063 *packet_length = data->getLength();
1064 return data->getBytesNoCopy();
1065 }
1066 return NULL;
1067 }
1068
1069 kern_return_t
IOBSDGetPlatformUUID(uuid_t uuid,mach_timespec_t timeout)1070 IOBSDGetPlatformUUID( uuid_t uuid, mach_timespec_t timeout )
1071 {
1072 IOService * resources;
1073 OSString * string;
1074
1075 resources = IOService::waitForService( IOService::resourceMatching( kIOPlatformUUIDKey ), (timeout.tv_sec || timeout.tv_nsec) ? &timeout : NULL );
1076 if (resources == NULL) {
1077 return KERN_OPERATION_TIMED_OUT;
1078 }
1079
1080 string = (OSString *) IOService::getPlatform()->getProvider()->getProperty( kIOPlatformUUIDKey );
1081 if (string == NULL) {
1082 return KERN_NOT_SUPPORTED;
1083 }
1084
1085 uuid_parse( string->getCStringNoCopy(), uuid );
1086
1087 return KERN_SUCCESS;
1088 }
1089 } /* extern "C" */
1090
1091 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1092
1093 #include <sys/conf.h>
1094 #include <sys/lock.h>
1095 #include <sys/vnode.h>
1096 #include <sys/vnode_if.h>
1097 #include <sys/vnode_internal.h>
1098 #include <sys/fcntl.h>
1099 #include <sys/fsctl.h>
1100 #include <sys/mount.h>
1101 #include <IOKit/IOPolledInterface.h>
1102 #include <IOKit/IOBufferMemoryDescriptor.h>
1103
1104 // see HFSIOC_VOLUME_STATUS in APFS/HFS
1105 #define HFS_IOCTL_VOLUME_STATUS _IOR('h', 24, u_int32_t)
1106
1107 LCK_GRP_DECLARE(gIOPolledCoreFileGrp, "polled_corefile");
1108 LCK_MTX_DECLARE(gIOPolledCoreFileMtx, &gIOPolledCoreFileGrp);
1109
1110 IOPolledFileIOVars * gIOPolledCoreFileVars;
1111 kern_return_t gIOPolledCoreFileOpenRet = kIOReturnNotReady;
1112 IOPolledCoreFileMode_t gIOPolledCoreFileMode = kIOPolledCoreFileModeNotInitialized;
1113
1114 #if IOPOLLED_COREFILE
1115
1116 #if defined(XNU_TARGET_OS_BRIDGE)
1117 // On bridgeOS allocate a 150MB corefile and leave 150MB free
1118 #define kIOCoreDumpSize 150ULL*1024ULL*1024ULL
1119 #define kIOCoreDumpFreeSize 150ULL*1024ULL*1024ULL
1120
1121 #elif !defined(XNU_TARGET_OS_OSX) /* defined(XNU_TARGET_OS_BRIDGE) */
1122 // On embedded devices with >3GB DRAM we allocate a 500MB corefile
1123 // otherwise allocate a 350MB corefile. Leave 350 MB free
1124
1125 #define kIOCoreDumpMinSize 350ULL*1024ULL*1024ULL
1126 #define kIOCoreDumpLargeSize 500ULL*1024ULL*1024ULL
1127
1128 #define kIOCoreDumpFreeSize 350ULL*1024ULL*1024ULL
1129
1130 #else /* defined(XNU_TARGET_OS_BRIDGE) */
1131 // on macOS devices allocate a corefile sized at 1GB / 32GB of DRAM,
1132 // fallback to a 1GB corefile and leave at least 1GB free
1133 #define kIOCoreDumpMinSize 1024ULL*1024ULL*1024ULL
1134 #define kIOCoreDumpIncrementalSize 1024ULL*1024ULL*1024ULL
1135
1136 #define kIOCoreDumpFreeSize 1024ULL*1024ULL*1024ULL
1137
1138 // on older macOS devices we allocate a 1MB file at boot
1139 // to store a panic time stackshot
1140 #define kIOStackshotFileSize 1024ULL*1024ULL
1141
1142 #endif /* defined(XNU_TARGET_OS_BRIDGE) */
1143
1144 static IOPolledCoreFileMode_t
GetCoreFileMode()1145 GetCoreFileMode()
1146 {
1147 if (on_device_corefile_enabled()) {
1148 return kIOPolledCoreFileModeCoredump;
1149 } else if (panic_stackshot_to_disk_enabled()) {
1150 return kIOPolledCoreFileModeStackshot;
1151 } else {
1152 return kIOPolledCoreFileModeDisabled;
1153 }
1154 }
1155
1156 static void
IOCoreFileGetSize(uint64_t * ideal_size,uint64_t * fallback_size,uint64_t * free_space_to_leave,IOPolledCoreFileMode_t mode)1157 IOCoreFileGetSize(uint64_t *ideal_size, uint64_t *fallback_size, uint64_t *free_space_to_leave, IOPolledCoreFileMode_t mode)
1158 {
1159 unsigned int requested_corefile_size = 0;
1160
1161 *ideal_size = *fallback_size = *free_space_to_leave = 0;
1162
1163 // If a custom size was requested, override the ideal and requested sizes
1164 if (PE_parse_boot_argn("corefile_size_mb", &requested_corefile_size,
1165 sizeof(requested_corefile_size))) {
1166 IOLog("Boot-args specify %d MB kernel corefile\n", requested_corefile_size);
1167
1168 *ideal_size = *fallback_size = (requested_corefile_size * 1024ULL * 1024ULL);
1169 return;
1170 }
1171
1172 unsigned int status_flags = 0;
1173 int error = VNOP_IOCTL(rootvnode, HFS_IOCTL_VOLUME_STATUS, (caddr_t)&status_flags, 0,
1174 vfs_context_kernel());
1175 if (!error) {
1176 if (status_flags & (VQ_VERYLOWDISK | VQ_LOWDISK | VQ_NEARLOWDISK)) {
1177 IOLog("Volume is low on space. Not allocating kernel corefile.\n");
1178 return;
1179 }
1180 } else {
1181 IOLog("Couldn't retrieve volume status. Error %d\n", error);
1182 }
1183
1184 #if defined(XNU_TARGET_OS_BRIDGE)
1185 #pragma unused(mode)
1186 *ideal_size = *fallback_size = kIOCoreDumpSize;
1187 *free_space_to_leave = kIOCoreDumpFreeSize;
1188 #elif !defined(XNU_TARGET_OS_OSX) /* defined(XNU_TARGET_OS_BRIDGE) */
1189 #pragma unused(mode)
1190 *ideal_size = *fallback_size = kIOCoreDumpMinSize;
1191
1192 if (max_mem > (3 * 1024ULL * 1024ULL * 1024ULL)) {
1193 *ideal_size = kIOCoreDumpLargeSize;
1194 }
1195
1196 *free_space_to_leave = kIOCoreDumpFreeSize;
1197 #else /* defined(XNU_TARGET_OS_BRIDGE) */
1198 if (mode == kIOPolledCoreFileModeCoredump) {
1199 *ideal_size = *fallback_size = kIOCoreDumpMinSize;
1200 if (kIOCoreDumpIncrementalSize != 0 && max_mem > (32 * 1024ULL * 1024ULL * 1024ULL)) {
1201 *ideal_size = ((ROUNDUP(max_mem, (32 * 1024ULL * 1024ULL * 1024ULL)) / (32 * 1024ULL * 1024ULL * 1024ULL)) * kIOCoreDumpIncrementalSize);
1202 }
1203 *free_space_to_leave = kIOCoreDumpFreeSize;
1204 } else if (mode == kIOPolledCoreFileModeStackshot) {
1205 *ideal_size = *fallback_size = *free_space_to_leave = kIOStackshotFileSize;
1206 }
1207 #endif /* defined(XNU_TARGET_OS_BRIDGE) */
1208
1209 return;
1210 }
1211
1212 static IOReturn
IOAccessCoreFileData(void * context,boolean_t write,uint64_t offset,int length,void * buffer)1213 IOAccessCoreFileData(void *context, boolean_t write, uint64_t offset, int length, void *buffer)
1214 {
1215 errno_t vnode_error = 0;
1216 vfs_context_t vfs_context;
1217 vnode_t vnode_ptr = (vnode_t) context;
1218
1219 vfs_context = vfs_context_kernel();
1220 vnode_error = vn_rdwr(write ? UIO_WRITE : UIO_READ, vnode_ptr, (caddr_t)buffer, length, offset,
1221 UIO_SYSSPACE, IO_SWAP_DISPATCH | IO_SYNC | IO_NOCACHE | IO_UNIT, vfs_context_ucred(vfs_context), NULL, vfs_context_proc(vfs_context));
1222
1223 if (vnode_error) {
1224 IOLog("Failed to %s the corefile. Error %d\n", write ? "write to" : "read from", vnode_error);
1225 return kIOReturnError;
1226 }
1227
1228 return kIOReturnSuccess;
1229 }
1230
1231 static void
IOOpenPolledCoreFile(thread_call_param_t __unused,thread_call_param_t corefilename)1232 IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename)
1233 {
1234 assert(corefilename != NULL);
1235
1236 IOReturn err;
1237 char *filename = (char *) corefilename;
1238 uint64_t corefile_size_bytes = 0, corefile_fallback_size_bytes = 0, free_space_to_leave_bytes = 0;
1239 IOPolledCoreFileMode_t mode_to_init = GetCoreFileMode();
1240
1241 if (gIOPolledCoreFileVars) {
1242 return;
1243 }
1244 if (!IOPolledInterface::gMetaClass.getInstanceCount()) {
1245 return;
1246 }
1247
1248 if (gIOPolledCoreFileMode == kIOPolledCoreFileModeUnlinked) {
1249 return;
1250 }
1251
1252 if (mode_to_init == kIOPolledCoreFileModeDisabled) {
1253 gIOPolledCoreFileMode = kIOPolledCoreFileModeDisabled;
1254 return;
1255 }
1256
1257 // We'll overwrite this once we open the file, we update this to mark that we have made
1258 // it past initialization
1259 gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed;
1260
1261 IOCoreFileGetSize(&corefile_size_bytes, &corefile_fallback_size_bytes, &free_space_to_leave_bytes, mode_to_init);
1262
1263 if (corefile_size_bytes == 0 && corefile_fallback_size_bytes == 0) {
1264 gIOPolledCoreFileMode = kIOPolledCoreFileModeUnlinked;
1265 return;
1266 }
1267
1268 do {
1269 err = IOPolledFileOpen(filename, kIOPolledFileCreate, corefile_size_bytes, free_space_to_leave_bytes,
1270 NULL, 0, &gIOPolledCoreFileVars, NULL, NULL, NULL);
1271 if (kIOReturnSuccess == err) {
1272 break;
1273 } else if (kIOReturnNoSpace == err) {
1274 IOLog("Failed to open corefile of size %llu MB (low disk space)",
1275 (corefile_size_bytes / (1024ULL * 1024ULL)));
1276 if (corefile_size_bytes == corefile_fallback_size_bytes) {
1277 gIOPolledCoreFileOpenRet = err;
1278 return;
1279 }
1280 } else {
1281 IOLog("Failed to open corefile of size %llu MB (returned error 0x%x)\n",
1282 (corefile_size_bytes / (1024ULL * 1024ULL)), err);
1283 gIOPolledCoreFileOpenRet = err;
1284 return;
1285 }
1286
1287 err = IOPolledFileOpen(filename, kIOPolledFileCreate, corefile_fallback_size_bytes, free_space_to_leave_bytes,
1288 NULL, 0, &gIOPolledCoreFileVars, NULL, NULL, NULL);
1289 if (kIOReturnSuccess != err) {
1290 IOLog("Failed to open corefile of size %llu MB (returned error 0x%x)\n",
1291 (corefile_fallback_size_bytes / (1024ULL * 1024ULL)), err);
1292 gIOPolledCoreFileOpenRet = err;
1293 return;
1294 }
1295 } while (false);
1296
1297 gIOPolledCoreFileOpenRet = IOPolledFilePollersSetup(gIOPolledCoreFileVars, kIOPolledPreflightCoreDumpState);
1298 if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) {
1299 IOPolledFileClose(&gIOPolledCoreFileVars, 0, NULL, 0, 0, 0, false);
1300 IOLog("IOPolledFilePollersSetup for corefile failed with error: 0x%x\n", err);
1301 } else {
1302 IOLog("Opened corefile of size %llu MB\n", (corefile_size_bytes / (1024ULL * 1024ULL)));
1303 gIOPolledCoreFileMode = mode_to_init;
1304 }
1305
1306 // Provide the "polled file available" callback with a temporary way to read from the file
1307 (void) IOProvideCoreFileAccess(kdp_core_polled_io_polled_file_available, NULL);
1308
1309 return;
1310 }
1311
1312 kern_return_t
IOProvideCoreFileAccess(IOCoreFileAccessRecipient recipient,void * recipient_context)1313 IOProvideCoreFileAccess(IOCoreFileAccessRecipient recipient, void *recipient_context)
1314 {
1315 kern_return_t error = kIOReturnSuccess;
1316 errno_t vnode_error = 0;
1317 vfs_context_t vfs_context;
1318 vnode_t vnode_ptr;
1319
1320 if (!recipient) {
1321 return kIOReturnBadArgument;
1322 }
1323
1324 if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) {
1325 return kIOReturnNotReady;
1326 }
1327
1328 // Open the kernel corefile
1329 vfs_context = vfs_context_kernel();
1330 vnode_error = vnode_open(kIOCoreDumpPath, (FREAD | FWRITE | O_NOFOLLOW), 0600, 0, &vnode_ptr, vfs_context);
1331 if (vnode_error) {
1332 IOLog("Failed to open the corefile. Error %d\n", vnode_error);
1333 return kIOReturnError;
1334 }
1335
1336 // Call the recipient function
1337 error = recipient(IOAccessCoreFileData, (void *)vnode_ptr, recipient_context);
1338
1339 // Close the kernel corefile
1340 vnode_close(vnode_ptr, FREAD | FWRITE, vfs_context);
1341
1342 return error;
1343 }
1344
1345 static void
IOClosePolledCoreFile(void)1346 IOClosePolledCoreFile(void)
1347 {
1348 // Notify kdp core that the corefile is no longer available
1349 (void) kdp_core_polled_io_polled_file_unavailable();
1350
1351 gIOPolledCoreFileOpenRet = kIOReturnNotOpen;
1352 gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed;
1353 IOPolledFilePollersClose(gIOPolledCoreFileVars, kIOPolledPostflightCoreDumpState);
1354 IOPolledFileClose(&gIOPolledCoreFileVars, 0, NULL, 0, 0, 0, false);
1355 }
1356
1357 static void
IOUnlinkPolledCoreFile(void)1358 IOUnlinkPolledCoreFile(void)
1359 {
1360 // Notify kdp core that the corefile is no longer available
1361 (void) kdp_core_polled_io_polled_file_unavailable();
1362
1363 gIOPolledCoreFileOpenRet = kIOReturnNotOpen;
1364 gIOPolledCoreFileMode = kIOPolledCoreFileModeUnlinked;
1365 IOPolledFilePollersClose(gIOPolledCoreFileVars, kIOPolledPostflightCoreDumpState);
1366 IOPolledFileClose(&gIOPolledCoreFileVars, 0, NULL, 0, 0, 0, true);
1367 }
1368
1369 #endif /* IOPOLLED_COREFILE */
1370
1371 extern "C" void
IOBSDMountChange(struct mount * mp,uint32_t op)1372 IOBSDMountChange(struct mount * mp, uint32_t op)
1373 {
1374 #if IOPOLLED_COREFILE
1375 uint64_t flags;
1376 char path[128];
1377 int pathLen;
1378 vnode_t vn;
1379 int result;
1380
1381 lck_mtx_lock(&gIOPolledCoreFileMtx);
1382
1383 switch (op) {
1384 case kIOMountChangeMount:
1385 case kIOMountChangeDidResize:
1386
1387 if (gIOPolledCoreFileVars) {
1388 break;
1389 }
1390 flags = vfs_flags(mp);
1391 if (MNT_RDONLY & flags) {
1392 break;
1393 }
1394 if (!(MNT_LOCAL & flags)) {
1395 break;
1396 }
1397
1398 vn = vfs_vnodecovered(mp);
1399 if (!vn) {
1400 break;
1401 }
1402 pathLen = sizeof(path);
1403 result = vn_getpath(vn, &path[0], &pathLen);
1404 vnode_put(vn);
1405 if (0 != result) {
1406 break;
1407 }
1408 if (!pathLen) {
1409 break;
1410 }
1411 #if defined(XNU_TARGET_OS_BRIDGE)
1412 // on bridgeOS systems we put the core in /private/var/internal. We don't
1413 // want to match with /private/var because /private/var/internal is often mounted
1414 // over /private/var
1415 if ((pathLen - 1) < (int) strlen("/private/var/internal")) {
1416 break;
1417 }
1418 #endif
1419 if (0 != strncmp(path, kIOCoreDumpPath, pathLen - 1)) {
1420 break;
1421 }
1422
1423 thread_call_enter1(corefile_open_call, (void *) kIOCoreDumpPath);
1424 break;
1425
1426 case kIOMountChangeUnmount:
1427 case kIOMountChangeWillResize:
1428 if (gIOPolledCoreFileVars && (mp == kern_file_mount(gIOPolledCoreFileVars->fileRef))) {
1429 thread_call_cancel_wait(corefile_open_call);
1430 IOClosePolledCoreFile();
1431 }
1432 break;
1433 }
1434
1435 lck_mtx_unlock(&gIOPolledCoreFileMtx);
1436 #endif /* IOPOLLED_COREFILE */
1437 }
1438
1439 extern "C" void
IOBSDLowSpaceUnlinkKernelCore(void)1440 IOBSDLowSpaceUnlinkKernelCore(void)
1441 {
1442 #if IOPOLLED_COREFILE
1443 lck_mtx_lock(&gIOPolledCoreFileMtx);
1444 if (gIOPolledCoreFileVars) {
1445 thread_call_cancel_wait(corefile_open_call);
1446 IOUnlinkPolledCoreFile();
1447 }
1448 lck_mtx_unlock(&gIOPolledCoreFileMtx);
1449 #endif
1450 }
1451
1452 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1453
1454 extern "C"
1455 OS_ALWAYS_INLINE
1456 boolean_t
IOCurrentTaskHasStringEntitlement(const char * entitlement,const char * value)1457 IOCurrentTaskHasStringEntitlement(const char *entitlement, const char *value)
1458 {
1459 return IOTaskHasStringEntitlement(NULL, entitlement, value);
1460 }
1461
1462 extern "C" boolean_t
IOTaskHasStringEntitlement(task_t task,const char * entitlement,const char * value)1463 IOTaskHasStringEntitlement(task_t task, const char *entitlement, const char *value)
1464 {
1465 if (task == kernel_task) {
1466 return false;
1467 } else if (!entitlement || !value) {
1468 return false;
1469 }
1470
1471 size_t name_length = strnlen(entitlement, CE_MAX_KEY_SIZE);
1472 if (name_length >= CE_MAX_KEY_SIZE) {
1473 printf("entitlement name length exceeds maximum allowed\n");
1474 return false;
1475 }
1476
1477 size_t value_length = strnlen(value, CE_MAX_KEY_SIZE);
1478 if (value_length >= CE_MAX_KEY_SIZE) {
1479 printf("entitlement value length exceeds maximum allowed\n");
1480 return false;
1481 }
1482
1483 CEQuery_t query = {
1484 CESelectDictValueDynamic((const uint8_t*)entitlement, name_length),
1485 CEIsDynamicStringAllowed((const uint8_t*)value, value_length)
1486 };
1487
1488 #if PMAP_CS_ENABLE && !CONFIG_X86_64_COMPAT
1489
1490 /*
1491 * If we have PMAP_CS available and code signing is enabled, then we perform
1492 * the entitlement check in the PPL.
1493 *
1494 * Note that the security benefits of doing so are questionable. The PPL has
1495 * already locked down the entitlements blob, so we could simply have XNU go
1496 * through the locked entitlements blob instead of switching into the PPL to
1497 * perform the check. Afterall, the entitlement will be enforced by XNU and
1498 * not the PPL, so trapping into the PPL for the check means little.
1499 *
1500 * Nevertheless, this is kept around to be consistent with how some of the
1501 * other interfaces perform their entitlement checks.
1502 */
1503
1504 if (pmap_cs_enabled()) {
1505 if (task == NULL || task == current_task()) {
1506 /* NULL task implies current_task */
1507 return pmap_query_entitlements(NULL, query, 2, NULL);
1508 }
1509
1510 vm_map_t task_map = get_task_map_reference(task);
1511 if (task_map) {
1512 pmap_t pmap = vm_map_get_pmap(task_map);
1513 if (pmap && pmap_query_entitlements(pmap, query, 2, NULL)) {
1514 vm_map_deallocate(task_map);
1515 return true;
1516 }
1517 vm_map_deallocate(task_map);
1518 }
1519 return false;
1520 }
1521
1522 #endif
1523
1524 /* AMFI interface needs to be available */
1525 if (amfi == NULL) {
1526 panic("CoreEntitlements: (IOTask): AMFI interface not available");
1527 }
1528
1529 if (task == NULL) {
1530 /* NULL task implies current_task */
1531 task = current_task();
1532 }
1533
1534 proc_t p = (proc_t)get_bsdtask_info(task);
1535 if (p == NULL) {
1536 /* Cannot proceed if we don't have a proc structure */
1537 return false;
1538 }
1539
1540 struct cs_blob* csblob = csproc_get_blob(p);
1541 if (csblob == NULL) {
1542 /* Cannot proceed if process doesn't have a code signature */
1543 return false;
1544 }
1545
1546 void* osents = csblob_os_entitlements_get(csblob);
1547 if (osents == NULL) {
1548 return false;
1549 }
1550
1551 CEError_t ce_err = amfi->CoreEntitlements.kQueryCannotBeSatisfied;
1552 ce_err = amfi->OSEntitlements_query(osents, (uint8_t*)csblob_get_cdhash(csblob), query, 2);
1553
1554 return ce_err == amfi->CoreEntitlements.kNoError;
1555 }
1556
1557 extern "C"
1558 OS_ALWAYS_INLINE
1559 boolean_t
IOCurrentTaskHasEntitlement(const char * entitlement)1560 IOCurrentTaskHasEntitlement(const char * entitlement)
1561 {
1562 return IOTaskHasEntitlement(NULL, entitlement);
1563 }
1564
1565 extern "C" boolean_t
IOTaskHasEntitlement(task_t task,const char * entitlement)1566 IOTaskHasEntitlement(task_t task, const char * entitlement)
1567 {
1568 // Don't do this
1569 if (task == kernel_task || entitlement == NULL) {
1570 return false;
1571 }
1572 size_t entlen = strlen(entitlement);
1573 CEQuery_t query = {
1574 CESelectDictValueDynamic((const uint8_t*)entitlement, entlen),
1575 CEMatchBool(true)
1576 };
1577
1578 #if PMAP_CS_ENABLE && !CONFIG_X86_64_COMPAT
1579 if (pmap_cs_enabled()) {
1580 if (task == NULL || task == current_task()) {
1581 // NULL task means current task, which translated to the current pmap
1582 return pmap_query_entitlements(NULL, query, 2, NULL);
1583 }
1584 vm_map_t task_map = get_task_map_reference(task);
1585 if (task_map) {
1586 pmap_t pmap = vm_map_get_pmap(task_map);
1587 if (pmap && pmap_query_entitlements(pmap, query, 2, NULL)) {
1588 vm_map_deallocate(task_map);
1589 return true;
1590 }
1591 vm_map_deallocate(task_map);
1592 }
1593 return false;
1594 }
1595 #endif
1596 if (task == NULL) {
1597 task = current_task();
1598 }
1599
1600 proc_t p = (proc_t)get_bsdtask_info(task);
1601
1602 if (p == NULL) {
1603 return false;
1604 }
1605
1606 struct cs_blob* csblob = csproc_get_blob(p);
1607 if (csblob == NULL) {
1608 return false;
1609 }
1610
1611 void* osents = csblob_os_entitlements_get(csblob);
1612 if (osents == NULL) {
1613 return false;
1614 }
1615
1616 if (!amfi) {
1617 panic("CoreEntitlements: (IOTask): No AMFI\n");
1618 }
1619
1620 return amfi->OSEntitlements_query(osents, (uint8_t*)csblob_get_cdhash(csblob), query, 2) == amfi->CoreEntitlements.kNoError;
1621 }
1622
1623 extern "C" boolean_t
IOVnodeHasEntitlement(vnode_t vnode,int64_t off,const char * entitlement)1624 IOVnodeHasEntitlement(vnode_t vnode, int64_t off, const char *entitlement)
1625 {
1626 OSObject * obj;
1627 off_t offset = (off_t)off;
1628
1629 obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement);
1630 if (!obj) {
1631 return false;
1632 }
1633 obj->release();
1634 return obj != kOSBooleanFalse;
1635 }
1636
1637 extern "C" char *
IOVnodeGetEntitlement(vnode_t vnode,int64_t off,const char * entitlement)1638 IOVnodeGetEntitlement(vnode_t vnode, int64_t off, const char *entitlement)
1639 {
1640 OSObject *obj = NULL;
1641 OSString *str = NULL;
1642 size_t len;
1643 char *value = NULL;
1644 off_t offset = (off_t)off;
1645
1646 obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement);
1647 if (obj != NULL) {
1648 str = OSDynamicCast(OSString, obj);
1649 if (str != NULL) {
1650 len = str->getLength() + 1;
1651 value = (char *)kalloc_data(len, Z_WAITOK);
1652 strlcpy(value, str->getCStringNoCopy(), len);
1653 }
1654 obj->release();
1655 }
1656 return value;
1657 }
1658
1659 extern "C"
1660 OS_ALWAYS_INLINE
1661 char *
IOCurrentTaskGetEntitlement(const char * entitlement)1662 IOCurrentTaskGetEntitlement(const char * entitlement)
1663 {
1664 return IOTaskGetEntitlement(current_task(), entitlement);
1665 }
1666
1667 extern "C" char *
IOTaskGetEntitlement(task_t task,const char * entitlement)1668 IOTaskGetEntitlement(task_t task, const char * entitlement)
1669 {
1670 OSObject * obj = NULL;
1671 OSDictionary * entitlements = NULL;
1672 OSString * str = NULL;
1673 size_t len = 0;
1674 char * value = NULL;
1675
1676 if (task == kernel_task || task == NULL || entitlement == NULL) {
1677 goto finish;
1678 }
1679
1680 entitlements = IOUserClient::copyClientEntitlements(task);
1681 if (entitlements == NULL) {
1682 goto finish;
1683 }
1684
1685 obj = entitlements->getObject(entitlement);
1686 str = OSDynamicCast(OSString, obj);
1687 if (str != NULL) {
1688 len = str->getLength() + 1;
1689 value = (char *)kalloc_data(len, (zalloc_flags_t)(Z_ZERO | Z_WAITOK | Z_NOFAIL));
1690 strlcpy(value, str->getCStringNoCopy(), len);
1691 }
1692
1693 finish:
1694 OSSafeReleaseNULL(entitlements);
1695
1696 return value;
1697 }
1698