xref: /xnu-11215.1.10/osfmk/kern/exclaves_debug.h (revision 8d741a5de7ff4191bf97d57b9f54c2f6d4a15585) 
1 /*
2  * Copyright (c) 2023 Apple Inc. All rights reserved.
3  *
4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5  *
6  * This file contains Original Code and/or Modifications of Original Code
7  * as defined in and that are subject to the Apple Public Source License
8  * Version 2.0 (the 'License'). You may not use this file except in
9  * compliance with the License. The rights granted to you under the License
10  * may not be used to create, or enable the creation or redistribution of,
11  * unlawful or unlicensed copies of an Apple operating system, or to
12  * circumvent, violate, or enable the circumvention or violation of, any
13  * terms of an Apple operating system software license agreement.
14  *
15  * Please obtain a copy of the License at
16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
17  *
18  * The Original Code and all software distributed under the License are
19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23  * Please see the License for the specific language governing rights and
24  * limitations under the License.
25  *
26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27  */
28 
29 #pragma once
30 
31 #if CONFIG_EXCLAVES
32 
33 #include <sys/cdefs.h>
34 #include <stdbool.h>
35 
36 #include <kern/assert.h>
37 #include <kern/debug.h>
38 
39 #include <mach/exclaves.h>
40 
41 #if DEVELOPMENT || DEBUG
42 extern unsigned int exclaves_debug;
43 #else
44 #define exclaves_debug 0
45 #endif /* DEVELOPMENT || DEBUG */
46 
47 /* Flag values in exclaves_debug boot-arg/sysctl */
48 __options_closed_decl(exclaves_debug_flags, unsigned int, {
49 	exclaves_debug_show_errors = 0x1,
50 	exclaves_debug_show_progress = 0x2,
51 	exclaves_debug_show_scheduler_request_response = 0x4,
52 	exclaves_debug_show_storage_upcalls = 0x8,
53 	exclaves_debug_show_iokit_upcalls = 0x10,
54 	exclaves_debug_show_notification_upcalls = 0x20,
55 	exclaves_debug_show_test_output = 0x40,
56 	exclaves_debug_show_lifecycle_upcalls = 0x80,
57 });
58 
59 #define EXCLAVES_ENABLE_SHOW_ERRORS                     (DEVELOPMENT || DEBUG)
60 #define EXCLAVES_ENABLE_SHOW_PROGRESS                   (DEVELOPMENT || DEBUG)
61 #define EXCLAVES_ENABLE_SHOW_SCHEDULER_REQUEST_RESPONSE (DEVELOPMENT || DEBUG)
62 #define EXCLAVES_ENABLE_SHOW_STORAGE_UPCALLS            (DEVELOPMENT || DEBUG)
63 #define EXCLAVES_ENABLE_SHOW_IOKIT_UPCALLS              (DEVELOPMENT || DEBUG)
64 #define EXCLAVES_ENABLE_SHOW_NOTIFICATION_UPCALLS       (DEVELOPMENT || DEBUG)
65 #define EXCLAVES_ENABLE_SHOW_TEST_OUTPUT                (DEVELOPMENT || DEBUG)
66 #define EXCLAVES_ENABLE_SHOW_LIFECYCLE_UPCALLS          (DEVELOPMENT || DEBUG)
67 
68 #if EXCLAVES_ENABLE_SHOW_ERRORS || EXCLAVES_ENABLE_SHOW_TEST_OUTPUT
69 #define exclaves_debug_show_errors_flag (exclaves_debug_show_errors|exclaves_debug_show_test_output)
70 #else
71 #define exclaves_debug_show_errors_flag 0
72 #endif
73 #if EXCLAVES_ENABLE_SHOW_PROGRESS
74 #define exclaves_debug_show_progress_flag exclaves_debug_show_progress
75 #else
76 #define exclaves_debug_show_progress_flag 0
77 #endif
78 #if EXCLAVES_ENABLE_SHOW_SCHEDULER_REQUEST_RESPONSE
79 #define exclaves_debug_show_scheduler_request_response_flag \
80     exclaves_debug_show_scheduler_request_response
81 #else
82 #define exclaves_debug_show_scheduler_request_response_flag 0
83 #endif
84 #if EXCLAVES_ENABLE_SHOW_STORAGE_UPCALLS
85 #define exclaves_debug_show_storage_upcalls_flag \
86     exclaves_debug_show_storage_upcalls
87 #else
88 #define exclaves_debug_show_storage_upcalls_flag 0
89 #endif
90 #if EXCLAVES_ENABLE_SHOW_IOKIT_UPCALLS
91 #define exclaves_debug_show_iokit_upcalls_flag exclaves_debug_show_iokit_upcalls
92 #else
93 #define exclaves_debug_show_iokit_upcalls_flag 0
94 #endif
95 #if EXCLAVES_ENABLE_SHOW_NOTIFICATION_UPCALLS
96 #define exclaves_debug_show_notification_upcalls_flag exclaves_debug_show_notification_upcalls
97 #else
98 #define exclaves_debug_show_notification_upcalls_flag 0
99 #endif
100 #if EXCLAVES_ENABLE_SHOW_TEST_OUTPUT
101 #define exclaves_debug_show_test_output_flag exclaves_debug_show_test_output
102 #else
103 #define exclaves_debug_show_test_output_flag 0
104 #endif
105 #if EXCLAVES_ENABLE_SHOW_LIFECYCLE_UPCALLS
106 #define exclaves_debug_show_lifecycle_upcalls_flag exclaves_debug_show_lifecycle_upcalls
107 #else
108 #define exclaves_debug_show_lifecycle_upcalls_flag 0
109 #endif
110 
111 #define exclaves_debug_enabled(flag) \
112     ((bool)(exclaves_debug & exclaves_debug_##flag##_flag))
113 #define exclaves_debug_printf(flag, format, ...) ({ \
114 	if (exclaves_debug_enabled(flag)) { \
115 	        printf(format, ##__VA_ARGS__); \
116 	}})
117 
118 
119 #pragma mark exclaves relaxed requirement management
120 
121 #if DEVELOPMENT || DEVELOPMENT
122 extern exclaves_requirement_t exclaves_relaxed_requirements;
123 #else
124 extern const exclaves_requirement_t exclaves_relaxed_requirements;
125 #endif /* DEVELOPMENT || DEBUG */
126 
127 /*
128  * Return true if the specified exclaves requirement has been relaxed, false
129  * otherwise.
130  */
131 static inline bool
exclaves_requirement_is_relaxed(exclaves_requirement_t requirement)132 exclaves_requirement_is_relaxed(exclaves_requirement_t requirement)
133 {
134 	assert3u(requirement & (requirement - 1), ==, 0);
135 
136 	/*
137 	 * The medium-term plan is that the boot-arg controlling entitlements
138 	 * goes away entirely and is replaced with EXCLAVES_R_ENTITLEMENTS.
139 	 * Until that happens, for historical reasons, if the entitlement
140 	 * boot-arg has disabled EXCLAVES_PRIV_CONCLAVE_HOST, then relax
141 	 * EXCLAVES_R_CONCLAVE and EXCLAVES_R_CONCLAVE_RESOURCES here too.
142 	 */
143 	extern unsigned int exclaves_entitlement_flags;
144 	exclaves_requirement_t current = exclaves_relaxed_requirements;
145 	if ((exclaves_entitlement_flags & EXCLAVES_PRIV_CONCLAVE_HOST) == 0) {
146 		current |= EXCLAVES_R_CONCLAVE | EXCLAVES_R_CONCLAVE_RESOURCES;
147 	}
148 
149 
150 	return (requirement & current) != 0;
151 }
152 
153 /*
154  * Called when a requirement has not been met. Produces a log message and
155  * continues if the requirement is relaxed, otherwise panics.
156  */
157 #define exclaves_requirement_assert(requirement, fmt, ...) { \
158 	if (exclaves_requirement_is_relaxed(requirement)) {                   \
159 	        exclaves_debug_printf(show_errors,                            \
160 	            "exclaves: requirement was relaxed, ignoring error: "     \
161 	             fmt "\n", ##__VA_ARGS__);                                \
162 	} else {                                                              \
163 	        panic("exclaves: requirement failed: " fmt,                   \
164 	            ##__VA_ARGS__);                                           \
165 	}                                                                     \
166 };
167 
168 #endif /* CONFIG_EXCLAVES */
169