1 /*
2 * Copyright (c) 2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #if CONFIG_EXCLAVES
30
31 #include <vm/pmap.h>
32 #include <vm/vm_kern_xnu.h>
33 #include <vm/vm_map_xnu.h>
34 #include <vm/vm_memory_entry_xnu.h>
35 #include <vm/vm_page.h>
36 #include <vm/vm_page_internal.h>
37 #include <vm/vm_pageout.h>
38 #include <vm/vm_pageout_internal.h>
39 #include <vm/vm_protos.h>
40
41 #include <mach/mach_vm.h>
42 #include <mach/mach_host.h>
43
44 #include <device/device_port.h>
45
46 #include <kern/ipc_kobject.h>
47
48 #include <libkern/coreanalytics/coreanalytics.h>
49 #include <kern/ledger.h>
50
51 #include "exclaves_memory.h"
52
53 /* -------------------------------------------------------------------------- */
54 #pragma mark Accounting
55
56 typedef struct {
57 _Atomic uint64_t pages_alloced;
58 _Atomic uint64_t pages_freed;
59 _Atomic uint64_t time_allocating;
60 _Atomic uint64_t max_alloc_latency;
61 _Atomic uint64_t alloc_latency_byhighbit[16];// highbit(MCT end - MCT start)/4
62 } exclaves_allocation_statistics_t;
63
64 exclaves_allocation_statistics_t exclaves_allocation_statistics;
65
66 CA_EVENT(ca_exclaves_allocation_statistics,
67 CA_INT, pages_alloced,
68 CA_INT, pages_freed,
69 CA_INT, time_allocating,
70 CA_INT, max_alloc_latency,
71 CA_INT, alloc_latency_highbit0,
72 CA_INT, alloc_latency_highbit1,
73 CA_INT, alloc_latency_highbit2,
74 CA_INT, alloc_latency_highbit3,
75 CA_INT, alloc_latency_highbit4,
76 CA_INT, alloc_latency_highbit5,
77 CA_INT, alloc_latency_highbit6,
78 CA_INT, alloc_latency_highbit7,
79 CA_INT, alloc_latency_highbit8,
80 CA_INT, alloc_latency_highbit9,
81 CA_INT, alloc_latency_highbit10,
82 CA_INT, alloc_latency_highbit11,
83 CA_INT, alloc_latency_highbit12,
84 CA_INT, alloc_latency_highbit13,
85 CA_INT, alloc_latency_highbit14,
86 CA_INT, alloc_latency_highbit15);
87
88 void
exclaves_memory_report_accounting(void)89 exclaves_memory_report_accounting(void)
90 {
91 ca_event_t event = CA_EVENT_ALLOCATE(ca_exclaves_allocation_statistics);
92 CA_EVENT_TYPE(ca_exclaves_allocation_statistics) * e = event->data;
93
94 e->pages_alloced = os_atomic_load(&exclaves_allocation_statistics.pages_alloced, relaxed);
95 e->pages_freed = os_atomic_load(&exclaves_allocation_statistics.pages_freed, relaxed);
96 e->time_allocating = os_atomic_load(&exclaves_allocation_statistics.time_allocating, relaxed);
97 e->max_alloc_latency = os_atomic_load(&exclaves_allocation_statistics.max_alloc_latency, relaxed);
98 e->alloc_latency_highbit0 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[0], relaxed);
99 e->alloc_latency_highbit1 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[1], relaxed);
100 e->alloc_latency_highbit2 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[2], relaxed);
101 e->alloc_latency_highbit3 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[3], relaxed);
102 e->alloc_latency_highbit4 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[4], relaxed);
103 e->alloc_latency_highbit5 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[5], relaxed);
104 e->alloc_latency_highbit6 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[6], relaxed);
105 e->alloc_latency_highbit7 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[7], relaxed);
106 e->alloc_latency_highbit8 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[8], relaxed);
107 e->alloc_latency_highbit9 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[9], relaxed);
108 e->alloc_latency_highbit10 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[10], relaxed);
109 e->alloc_latency_highbit11 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[11], relaxed);
110 e->alloc_latency_highbit12 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[12], relaxed);
111 e->alloc_latency_highbit13 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[13], relaxed);
112 e->alloc_latency_highbit14 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[14], relaxed);
113 e->alloc_latency_highbit15 = os_atomic_load(&exclaves_allocation_statistics.alloc_latency_byhighbit[15], relaxed);
114
115 CA_EVENT_SEND(event);
116 }
117
118 static_assert(
119 (EXCLAVES_MEMORY_PAGEKIND_ROOTDOMAIN == XNUUPCALLS_PAGEKIND_ROOTDOMAIN) &&
120 (EXCLAVES_MEMORY_PAGEKIND_CONCLAVE == XNUUPCALLS_PAGEKIND_CONCLAVE),
121 "xnuupcalls_pagekind_s mismatch");
122 static_assert(
123 (EXCLAVES_MEMORY_PAGEKIND_ROOTDOMAIN == XNUUPCALLSV2_PAGEKIND_ROOTDOMAIN) &&
124 (EXCLAVES_MEMORY_PAGEKIND_CONCLAVE == XNUUPCALLSV2_PAGEKIND_CONCLAVE),
125 "xnuupcallsv2_pagekind_s mismatch");
126
127 static ledger_t
get_conclave_mem_ledger(exclaves_memory_pagekind_t kind)128 get_conclave_mem_ledger(exclaves_memory_pagekind_t kind)
129 {
130 ledger_t ledger;
131 switch (kind) {
132 case EXCLAVES_MEMORY_PAGEKIND_ROOTDOMAIN:
133 ledger = kernel_task->ledger;
134 break;
135 case EXCLAVES_MEMORY_PAGEKIND_CONCLAVE:
136 if (current_thread()->conclave_stop_task != NULL) {
137 ledger = current_thread()->conclave_stop_task->ledger;
138 } else {
139 ledger = current_task()->ledger;
140 }
141 break;
142 default:
143 panic("Conclave Memory ledger doesn't recognize pagekind");
144 break;
145 }
146 return ledger;
147 }
148
149
150 /* -------------------------------------------------------------------------- */
151 #pragma mark Allocation/Free
152
153 void
exclaves_memory_alloc(const uint32_t npages,uint32_t * pages,const exclaves_memory_pagekind_t kind)154 exclaves_memory_alloc(const uint32_t npages, uint32_t *pages, const exclaves_memory_pagekind_t kind)
155 {
156 uint32_t pages_left = npages;
157 vm_page_t page_list = NULL;
158 vm_page_t sequestered = NULL;
159 unsigned p = 0;
160
161 uint64_t start_time = mach_continuous_approximate_time();
162
163 while (pages_left) {
164 vm_page_t next;
165 vm_page_alloc_list(pages_left, KMA_ZERO | KMA_NOFAIL, &page_list);
166
167 vm_object_lock(exclaves_object);
168 for (vm_page_t mem = page_list; mem != VM_PAGE_NULL; mem = next) {
169 next = mem->vmp_snext;
170 if (vm_page_created(mem)) {
171 // avoid ml_static_mfree() pages due to 117505258
172 mem->vmp_snext = sequestered;
173 sequestered = mem;
174 continue;
175 }
176 mem->vmp_snext = NULL;
177
178 vm_page_lock_queues();
179 vm_page_wire(mem, VM_KERN_MEMORY_EXCLAVES, FALSE);
180 vm_page_unlock_queues();
181 /* Insert the page into the exclaves object */
182 vm_page_insert_wired(mem, exclaves_object,
183 ptoa(VM_PAGE_GET_PHYS_PAGE(mem)),
184 VM_KERN_MEMORY_EXCLAVES);
185
186 /* Retype via SPTM to SK owned */
187 sptm_retype_params_t retype_params = {
188 .raw = SPTM_RETYPE_PARAMS_NULL
189 };
190 sptm_retype(ptoa(VM_PAGE_GET_PHYS_PAGE(mem)),
191 XNU_DEFAULT, SK_DEFAULT, retype_params);
192
193 pages[p++] = VM_PAGE_GET_PHYS_PAGE(mem);
194 pages_left--;
195 }
196 vm_object_unlock(exclaves_object);
197 }
198
199 vm_page_free_list(sequestered, FALSE);
200
201 uint64_t elapsed_time = mach_continuous_approximate_time() - start_time;
202
203 os_atomic_add(&exclaves_allocation_statistics.pages_alloced, npages, relaxed);
204 os_atomic_add(&exclaves_allocation_statistics.time_allocating, elapsed_time, relaxed);
205 os_atomic_max(&exclaves_allocation_statistics.max_alloc_latency, elapsed_time, relaxed);
206 os_atomic_add(&exclaves_allocation_statistics.alloc_latency_byhighbit[ffsll(elapsed_time) / 4], elapsed_time, relaxed);
207
208 ledger_t ledger = get_conclave_mem_ledger(kind);
209 kern_return_t ledger_ret = ledger_credit(ledger,
210 task_ledgers.conclave_mem,
211 (ledger_amount_t) (npages * PAGE_SIZE));
212 if (ledger_ret != KERN_SUCCESS) {
213 panic("Ledger credit failed. count %u error code %d",
214 npages,
215 ledger_ret);
216 }
217 }
218
219 void
exclaves_memory_free(const uint32_t npages,const uint32_t * pages,const exclaves_memory_pagekind_t kind)220 exclaves_memory_free(const uint32_t npages, const uint32_t *pages, const exclaves_memory_pagekind_t kind)
221 {
222 vm_object_lock(exclaves_object);
223 for (size_t p = 0; p < npages; p++) {
224 /* Find the page in the exclaves object. */
225 vm_page_t m;
226 m = vm_page_lookup(exclaves_object, ptoa(pages[p]));
227
228 /* Assert we found the page */
229 assert(m != VM_PAGE_NULL);
230
231 /* Via SPTM, verify the page type is something ownable by xnu. */
232 assert3u(sptm_get_frame_type(ptoa(VM_PAGE_GET_PHYS_PAGE(m))),
233 ==, XNU_DEFAULT);
234
235 /* Free the page */
236 vm_page_lock_queues();
237 vm_page_free(m);
238 vm_page_unlock_queues();
239 }
240 vm_object_unlock(exclaves_object);
241
242 os_atomic_add(&exclaves_allocation_statistics.pages_freed, npages, relaxed);
243
244 ledger_t ledger = get_conclave_mem_ledger(kind);
245 kern_return_t ledger_ret = ledger_debit(ledger,
246 task_ledgers.conclave_mem,
247 (ledger_amount_t) (npages * PAGE_SIZE));
248 if (ledger_ret != KERN_SUCCESS) {
249 panic("Ledger debit failed. count %u error code %d",
250 npages,
251 ledger_ret);
252 }
253 }
254
255 static void
validate_for_mapping(uint32_t page,vm_prot_t prot)256 validate_for_mapping(uint32_t page, vm_prot_t prot)
257 {
258 const sptm_frame_type_t type = sptm_get_frame_type(ptoa(page));
259
260 // Mapping RW and type is SK_SHARED_RW.
261 if (type == SK_SHARED_RW && (prot & VM_PROT_WRITE) != 0) {
262 return;
263 }
264
265 // Mapping RO and type is SK_SHARED_RW or SH_SHARED_RO
266 if ((type == SK_SHARED_RW || type == SK_SHARED_RO) &&
267 (prot & VM_PROT_WRITE) == 0) {
268 return;
269 }
270
271 // Mismatch of type and prot
272 panic("trying to map exclaves memory (prot: %u) "
273 "but memory is of the wrong type (%u)", prot, type);
274 }
275
276 kern_return_t
exclaves_memory_map(uint32_t npages,const uint32_t * pages,vm_prot_t prot,char ** address)277 exclaves_memory_map(uint32_t npages, const uint32_t *pages, vm_prot_t prot,
278 char **address)
279 {
280 assert3u(npages, >, 0);
281
282 kern_return_t kr = KERN_FAILURE;
283 const vm_map_kernel_flags_t vmk_flags = {
284 .vmf_fixed = false,
285 .vm_tag = VM_KERN_MEMORY_EXCLAVES_SHARED,
286 };
287 const vm_size_t size = npages * PAGE_SIZE;
288
289 memory_object_t pager = device_pager_setup((memory_object_t)NULL,
290 (uintptr_t)NULL, size, DEVICE_PAGER_COHERENT);
291 assert3p(pager, !=, NULL);
292
293 for (uint32_t i = 0; i < npages; i++) {
294 validate_for_mapping(pages[i], prot);
295
296 kr = device_pager_populate_object(pager, ptoa(i), pages[i],
297 PAGE_SIZE);
298 if (kr != KERN_SUCCESS) {
299 device_pager_deallocate(pager);
300 return kr;
301 }
302 }
303
304 ipc_port_t entry = IPC_PORT_NULL;
305 kr = mach_memory_object_memory_entry_64((host_t)1, false, size,
306 prot, pager, &entry);
307 if (kr != KERN_SUCCESS) {
308 device_pager_deallocate(pager);
309 return kr;
310 }
311
312 kr = mach_vm_map_kernel(kernel_map, (mach_vm_offset_ut *)address, size, 0, vmk_flags, entry,
313 0, FALSE, prot, prot, VM_INHERIT_DEFAULT);
314
315 mach_memory_entry_port_release(entry);
316
317 if (kr != KERN_SUCCESS) {
318 device_pager_deallocate(pager);
319 return kr;
320 }
321
322 device_pager_deallocate(pager);
323
324 /*
325 * Wire the memory so that it's paged-in up-front. This memory is
326 * already wired via exclaves_memory_alloc.
327 */
328 const vm_map_offset_ut start = *(vm_map_offset_ut *)address;
329 kr = vm_map_wire_kernel(kernel_map, start, start + size, prot,
330 VM_KERN_MEMORY_EXCLAVES_SHARED, false);
331 if (kr != KERN_SUCCESS) {
332 mach_vm_deallocate(kernel_map, start, size);
333 return kr;
334 }
335
336 return KERN_SUCCESS;
337 }
338
339 kern_return_t
exclaves_memory_unmap(char * address,size_t size)340 exclaves_memory_unmap(char *address, size_t size)
341 {
342 kern_return_t kr = KERN_FAILURE;
343
344 const vm_map_offset_ut start = (vm_map_offset_ut)address;
345 kr = vm_map_unwire(kernel_map, start, start + size, false);
346 if (kr != KERN_SUCCESS) {
347 return kr;
348 }
349
350 kr = mach_vm_deallocate(kernel_map, (mach_vm_address_t)address, size);
351 if (kr != KERN_SUCCESS) {
352 return kr;
353 }
354
355 return KERN_SUCCESS;
356 }
357
358 /* -------------------------------------------------------------------------- */
359 #pragma mark Upcalls
360
361 /* Legacy upcall handlers */
362
363 tb_error_t
364 exclaves_memory_upcall_legacy_alloc(uint32_t npages, xnuupcalls_pagekind_s kind,
365 tb_error_t (^completion)(xnuupcalls_pagelist_s))
366 {
367 xnuupcalls_pagelist_s pagelist = {};
368
369 assert3u(npages, <=, ARRAY_COUNT(pagelist.pages));
370 if (npages > ARRAY_COUNT(pagelist.pages)) {
371 panic("npages");
372 }
373
374 exclaves_memory_alloc(npages, pagelist.pages,
375 (exclaves_memory_pagekind_t) kind);
376 return completion(pagelist);
377 }
378
379
380 tb_error_t
381 exclaves_memory_upcall_legacy_free(const uint32_t pages[EXCLAVES_MEMORY_MAX_REQUEST],
382 uint32_t npages, const xnuupcalls_pagekind_s kind,
383 tb_error_t (^completion)(void))
384 {
385 /* Get pointer for page list paddr */
386 assert(npages <= EXCLAVES_MEMORY_MAX_REQUEST);
387 if (npages > EXCLAVES_MEMORY_MAX_REQUEST) {
388 panic("npages");
389 }
390
391 exclaves_memory_free(npages, pages, (exclaves_memory_pagekind_t) kind);
392
393 return completion();
394 }
395
396 /* Upcall handlers */
397
398 tb_error_t
399 exclaves_memory_upcall_alloc(uint32_t npages, xnuupcallsv2_pagekind_s kind,
400 tb_error_t (^completion)(xnuupcallsv2_pagelist_s))
401 {
402 uint32_t pages[EXCLAVES_MEMORY_MAX_REQUEST];
403 xnuupcallsv2_pagelist_s pagelist = {};
404
405 assert3u(npages, <=, EXCLAVES_MEMORY_MAX_REQUEST);
406 if (npages > EXCLAVES_MEMORY_MAX_REQUEST) {
407 panic("npages");
408 }
409
410 exclaves_memory_alloc(npages, pages,
411 (exclaves_memory_pagekind_t) kind);
412
413 tb_error_t err = u32__v_assign_copy(&pagelist, pages, npages);
414 if (err != TB_ERROR_SUCCESS) {
415 panic("u32__v_assign_copy err %u", err);
416 }
417
418 return completion(pagelist);
419 }
420
421
422 tb_error_t
423 exclaves_memory_upcall_free(const xnuupcallsv2_pagelist_s pages,
424 const xnuupcallsv2_pagekind_s kind, tb_error_t (^completion)(void))
425 {
426 uint32_t _pages[EXCLAVES_MEMORY_MAX_REQUEST];
427 uint32_t *pages_ptr = _pages;
428 uint32_t __block npages = 0;
429
430 u32__v_visit(&pages, ^(size_t i, const uint32_t page) {
431 if (++npages > EXCLAVES_MEMORY_MAX_REQUEST) {
432 panic("npages");
433 }
434 pages_ptr[i] = page;
435 });
436
437 exclaves_memory_free(npages, _pages, (exclaves_memory_pagekind_t) kind);
438
439 return completion();
440 }
441
442 #endif /* CONFIG_EXCLAVES */
443