1 /*
2 * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 *
28 *
29 * Copyright (c) 1982, 1986, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from software contributed to Berkeley by
33 * Mike Karels at Berkeley Software Design, Inc.
34 *
35 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD
36 * project, to make these variables more userfriendly.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * SUCH DAMAGE.
65 *
66 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
67 */
68
69
70 #include <kern/counter.h>
71 #include <sys/param.h>
72 #include <sys/buf.h>
73 #include <sys/kernel.h>
74 #include <sys/sysctl.h>
75 #include <sys/malloc.h>
76 #include <sys/proc_internal.h>
77 #include <sys/kauth.h>
78 #include <sys/systm.h>
79 #include <sys/sysproto.h>
80
81 #include <os/atomic_private.h>
82
83 #include <security/audit/audit.h>
84 #include <pexpert/pexpert.h>
85
86 #include <IOKit/IOBSD.h>
87
88 #if CONFIG_MACF
89 #include <security/mac_framework.h>
90 #endif
91
92 #if defined(HAS_APPLE_PAC)
93 #include <os/hash.h>
94 #include <ptrauth.h>
95 #endif /* defined(HAS_APPLE_PAC) */
96
97 #include <libkern/coreanalytics/coreanalytics.h>
98
99 static LCK_GRP_DECLARE(sysctl_lock_group, "sysctl");
100 static LCK_RW_DECLARE(sysctl_geometry_lock, &sysctl_lock_group);
101 static LCK_MTX_DECLARE(sysctl_unlocked_node_lock, &sysctl_lock_group);
102
103 /*
104 * Conditionally allow dtrace to see these functions for debugging purposes.
105 */
106 #ifdef STATIC
107 #undef STATIC
108 #endif
109 #if 0
110 #define STATIC
111 #else
112 #define STATIC static
113 #endif
114
115 /* forward declarations of static functions */
116 STATIC void sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i);
117 STATIC int sysctl_sysctl_debug(struct sysctl_oid *oidp, void *arg1,
118 int arg2, struct sysctl_req *req);
119 STATIC int sysctl_sysctl_name(struct sysctl_oid *oidp, void *arg1,
120 int arg2, struct sysctl_req *req);
121 STATIC int sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp,
122 int *name, u_int namelen, int *next, int *len, int level,
123 struct sysctl_oid **oidpp);
124 STATIC int sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l);
125 STATIC int sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l);
126 STATIC int name2oid(char *name, int *oid, size_t *len);
127 STATIC int sysctl_sysctl_name2oid(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req);
128 STATIC int sysctl_sysctl_next(struct sysctl_oid *oidp, void *arg1, int arg2,
129 struct sysctl_req *req);
130 STATIC int sysctl_sysctl_oidfmt(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req);
131 STATIC int sysctl_old_user(struct sysctl_req *req, const void *p, size_t l);
132 STATIC int sysctl_new_user(struct sysctl_req *req, void *p, size_t l);
133
134 STATIC void sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp,
135 size_t oldlen, user_addr_t newp, size_t newlen);
136 STATIC int sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, size_t namelen, struct sysctl_req *req);
137
138 int kernel_sysctl(struct proc *p, int *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen);
139 int kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
140 int userland_sysctl(boolean_t string_is_canonical,
141 char *namestring, size_t namestringlen,
142 int *name, u_int namelen, struct sysctl_req *req,
143 size_t *retval);
144
145 SECURITY_READ_ONLY_LATE(struct sysctl_oid_list) sysctl__children; /* root list */
146 __SYSCTL_EXTENSION_NODE();
147
148 /*
149 * Initialization of the MIB tree.
150 *
151 * Order by number in each list.
152 */
153
154 static void
sysctl_register_oid_locked(struct sysctl_oid * new_oidp,struct sysctl_oid * oidp)155 sysctl_register_oid_locked(struct sysctl_oid *new_oidp,
156 struct sysctl_oid *oidp)
157 {
158 struct sysctl_oid_list *parent = new_oidp->oid_parent;
159 struct sysctl_oid_list *parent_rw = NULL;
160 struct sysctl_oid *p, **prevp;
161
162 p = SLIST_FIRST(parent);
163 if (p && p->oid_number == OID_MUTABLE_ANCHOR) {
164 parent_rw = p->oid_arg1;
165 }
166
167 if (oidp->oid_number == OID_AUTO) {
168 int n = OID_AUTO_START;
169
170 /*
171 * If this oid has a number OID_AUTO, give it a number which
172 * is greater than any current oid. Make sure it is at least
173 * OID_AUTO_START to leave space for pre-assigned oid numbers.
174 */
175
176 SLIST_FOREACH_PREVPTR(p, prevp, parent, oid_link) {
177 if (p->oid_number >= n) {
178 n = p->oid_number + 1;
179 }
180 }
181
182 if (parent_rw) {
183 SLIST_FOREACH_PREVPTR(p, prevp, parent_rw, oid_link) {
184 if (p->oid_number >= n) {
185 n = p->oid_number + 1;
186 }
187 }
188 }
189
190 /*
191 * Reflect the number in an allocated OID into the template
192 * of the caller for sysctl_unregister_oid() compares.
193 */
194 oidp->oid_number = new_oidp->oid_number = n;
195 } else {
196 /*
197 * Insert the oid into the parent's list in order.
198 */
199 SLIST_FOREACH_PREVPTR(p, prevp, parent, oid_link) {
200 if (oidp->oid_number == p->oid_number) {
201 panic("attempting to register a sysctl at previously registered slot : %d",
202 oidp->oid_number);
203 } else if (oidp->oid_number < p->oid_number) {
204 break;
205 }
206 }
207
208 if (parent_rw) {
209 SLIST_FOREACH_PREVPTR(p, prevp, parent_rw, oid_link) {
210 if (oidp->oid_number == p->oid_number) {
211 panic("attempting to register a sysctl at previously registered slot : %d",
212 oidp->oid_number);
213 } else if (oidp->oid_number < p->oid_number) {
214 break;
215 }
216 }
217 }
218 }
219
220 #if defined(HAS_APPLE_PAC)
221 if (oidp->oid_handler) {
222 /*
223 * Sign oid_handler address-discriminated upon installation to make it
224 * harder to replace with an arbitrary function pointer. Blend with
225 * a hash of oid_arg1 for robustness against memory corruption.
226 */
227 oidp->oid_handler = ptrauth_auth_and_resign(oidp->oid_handler,
228 ptrauth_key_function_pointer,
229 ptrauth_function_pointer_type_discriminator(typeof(oidp->oid_handler)),
230 ptrauth_key_function_pointer,
231 ptrauth_blend_discriminator(&oidp->oid_handler,
232 os_hash_kernel_pointer(oidp->oid_arg1)));
233 }
234 #endif /* defined(HAS_APPLE_PAC) */
235
236 SLIST_NEXT(oidp, oid_link) = *prevp;
237 *prevp = oidp;
238 }
239
240 void
sysctl_register_oid(struct sysctl_oid * new_oidp)241 sysctl_register_oid(struct sysctl_oid *new_oidp)
242 {
243 struct sysctl_oid *oidp;
244
245 if (new_oidp->oid_number < OID_AUTO) {
246 panic("trying to register a node %p with an invalid oid_number: %d",
247 new_oidp, new_oidp->oid_number);
248 }
249 if (new_oidp->oid_kind & CTLFLAG_PERMANENT) {
250 panic("Use sysctl_register_oid_early to register permanent nodes");
251 }
252
253 /*
254 * The OID can be old-style (needs copy), new style without an earlier
255 * version (also needs copy), or new style with a matching version (no
256 * copy needed). Later versions are rejected (presumably, the OID
257 * structure was changed for a necessary reason).
258 */
259 if (!(new_oidp->oid_kind & CTLFLAG_OID2)) {
260 #if __x86_64__
261 oidp = kalloc_type(struct sysctl_oid, Z_WAITOK | Z_ZERO | Z_NOFAIL);
262 /*
263 * Copy the structure only through the oid_fmt field, which
264 * is the last field in a non-OID2 OID structure.
265 *
266 * Note: We may want to set the oid_descr to the
267 * oid_name (or "") at some future date.
268 */
269 memcpy(oidp, new_oidp, offsetof(struct sysctl_oid, oid_descr));
270 #else
271 panic("Old style sysctl without a version number isn't supported");
272 #endif
273 } else {
274 /* It's a later version; handle the versions we know about */
275 switch (new_oidp->oid_version) {
276 case SYSCTL_OID_VERSION:
277 /* current version */
278 oidp = new_oidp;
279 break;
280 default:
281 return; /* rejects unknown version */
282 }
283 }
284
285 lck_rw_lock_exclusive(&sysctl_geometry_lock);
286 sysctl_register_oid_locked(new_oidp, oidp);
287 lck_rw_unlock_exclusive(&sysctl_geometry_lock);
288 }
289
290 __startup_func
291 void
sysctl_register_oid_early(struct sysctl_oid * oidp)292 sysctl_register_oid_early(struct sysctl_oid *oidp)
293 {
294 assert((oidp->oid_kind & CTLFLAG_OID2) &&
295 (oidp->oid_kind & CTLFLAG_PERMANENT) &&
296 oidp->oid_version == SYSCTL_OID_VERSION);
297 assert(startup_phase < STARTUP_SUB_SYSCTL);
298
299 /*
300 * Clear the flag so that callers can use sysctl_register_oid_early
301 * again if they wish to register their node.
302 */
303 if (oidp->oid_kind & CTLFLAG_NOAUTO) {
304 oidp->oid_kind &= ~CTLFLAG_NOAUTO;
305 return;
306 }
307
308 sysctl_register_oid_locked(oidp, oidp);
309 }
310
311 void
sysctl_unregister_oid(struct sysctl_oid * oidp)312 sysctl_unregister_oid(struct sysctl_oid *oidp)
313 {
314 struct sysctl_oid *removed_oidp = NULL; /* OID removed from tree */
315 #if __x86_64__
316 struct sysctl_oid *old_oidp = NULL; /* OID compatibility copy */
317 #endif
318 struct sysctl_oid_list *lsp;
319
320 /* Get the write lock to modify the geometry */
321 lck_rw_lock_exclusive(&sysctl_geometry_lock);
322
323 lsp = oidp->oid_parent;
324 if (SLIST_FIRST(lsp) && SLIST_FIRST(lsp)->oid_number == OID_MUTABLE_ANCHOR) {
325 lsp = SLIST_FIRST(lsp)->oid_arg1;
326 }
327
328 if (oidp->oid_kind & CTLFLAG_PERMANENT) {
329 panic("Trying to unregister permanent sysctl %p", oidp);
330 }
331
332 if (!(oidp->oid_kind & CTLFLAG_OID2)) {
333 #if __x86_64__
334 /*
335 * We're using a copy so we can get the new fields in an
336 * old structure, so we have to iterate to compare the
337 * partial structure; when we find a match, we remove it
338 * normally and free the memory.
339 */
340 SLIST_FOREACH(old_oidp, lsp, oid_link) {
341 if (!memcmp(&oidp->oid_number, &old_oidp->oid_number, (offsetof(struct sysctl_oid, oid_descr) - offsetof(struct sysctl_oid, oid_number)))) {
342 break;
343 }
344 }
345 if (old_oidp != NULL) {
346 SLIST_REMOVE(lsp, old_oidp, sysctl_oid, oid_link);
347 removed_oidp = old_oidp;
348 }
349 #else
350 panic("Old style sysctl without a version number isn't supported");
351 #endif
352 } else {
353 /* It's a later version; handle the versions we know about */
354 switch (oidp->oid_version) {
355 case SYSCTL_OID_VERSION:
356 /* We can just remove the OID directly... */
357 SLIST_REMOVE(lsp, oidp, sysctl_oid, oid_link);
358 removed_oidp = oidp;
359 break;
360 default:
361 /* XXX: Can't happen; probably tree coruption.*/
362 break; /* rejects unknown version */
363 }
364 }
365
366 #if defined(HAS_APPLE_PAC)
367 if (removed_oidp && removed_oidp->oid_handler) {
368 /*
369 * Revert address-discriminated signing performed by
370 * sysctl_register_oid() (in case this oid is registered again).
371 */
372 removed_oidp->oid_handler = ptrauth_auth_and_resign(removed_oidp->oid_handler,
373 ptrauth_key_function_pointer,
374 ptrauth_blend_discriminator(&removed_oidp->oid_handler,
375 os_hash_kernel_pointer(removed_oidp->oid_arg1)),
376 ptrauth_key_function_pointer,
377 ptrauth_function_pointer_type_discriminator(typeof(removed_oidp->oid_handler)));
378 }
379 #endif /* defined(HAS_APPLE_PAC) */
380
381 /*
382 * We've removed it from the list at this point, but we don't want
383 * to return to the caller until all handler references have drained
384 * out. Doing things in this order prevent other people coming in
385 * and starting new operations against the OID node we want removed.
386 *
387 * Note: oidp could be NULL if it wasn't found.
388 */
389 while (removed_oidp && removed_oidp->oid_refcnt) {
390 lck_rw_sleep(&sysctl_geometry_lock, LCK_SLEEP_EXCLUSIVE,
391 &removed_oidp->oid_refcnt, THREAD_UNINT);
392 }
393
394 /* Release the write lock */
395 lck_rw_unlock_exclusive(&sysctl_geometry_lock);
396
397 #if __x86_64__
398 /* If it was allocated, free it after dropping the lock */
399 kfree_type(struct sysctl_oid, old_oidp);
400 #endif
401 }
402
403 /*
404 * Exported in BSDKernel.exports, kept for binary compatibility
405 */
406 #if defined(__x86_64__)
407 void
sysctl_register_fixed(void)408 sysctl_register_fixed(void)
409 {
410 }
411 #endif
412
413 /*
414 * New handler interface
415 * If the sysctl caller (user mode or kernel mode) is interested in the
416 * value (req->oldptr != NULL), we copy the data (bigValue etc.) out,
417 * if the caller wants to set the value (req->newptr), we copy
418 * the data in (*pValue etc.).
419 */
420
421 int
sysctl_io_number(struct sysctl_req * req,long long bigValue,size_t valueSize,void * pValue,int * changed)422 sysctl_io_number(struct sysctl_req *req, long long bigValue, size_t valueSize, void *pValue, int *changed)
423 {
424 int smallValue;
425 int error;
426
427 if (changed) {
428 *changed = 0;
429 }
430
431 /*
432 * Handle the various combinations of caller buffer size and
433 * data value size. We are generous in the case where the
434 * caller has specified a 32-bit buffer but the value is 64-bit
435 * sized.
436 */
437
438 /* 32 bit value expected or 32 bit buffer offered */
439 if (((valueSize == sizeof(int)) ||
440 ((req->oldlen == sizeof(int)) && (valueSize == sizeof(long long))))
441 && (req->oldptr)) {
442 smallValue = (int)bigValue;
443 if ((long long)smallValue != bigValue) {
444 return ERANGE;
445 }
446 error = SYSCTL_OUT(req, &smallValue, sizeof(smallValue));
447 } else {
448 /* any other case is either size-equal or a bug */
449 error = SYSCTL_OUT(req, &bigValue, valueSize);
450 }
451 /* error or nothing to set */
452 if (error || !req->newptr) {
453 return error;
454 }
455
456 /* set request for constant */
457 if (pValue == NULL) {
458 return EPERM;
459 }
460
461 /* set request needs to convert? */
462 if ((req->newlen == sizeof(int)) && (valueSize == sizeof(long long))) {
463 /* new value is 32 bits, upconvert to 64 bits */
464 error = SYSCTL_IN(req, &smallValue, sizeof(smallValue));
465 if (!error) {
466 *(long long *)pValue = (long long)smallValue;
467 }
468 } else if ((req->newlen == sizeof(long long)) && (valueSize == sizeof(int))) {
469 /* new value is 64 bits, downconvert to 32 bits and range check */
470 error = SYSCTL_IN(req, &bigValue, sizeof(bigValue));
471 if (!error) {
472 smallValue = (int)bigValue;
473 if ((long long)smallValue != bigValue) {
474 return ERANGE;
475 }
476 *(int *)pValue = smallValue;
477 }
478 } else {
479 /* sizes match, just copy in */
480 error = SYSCTL_IN(req, pValue, valueSize);
481 }
482 if (!error && changed) {
483 *changed = 1;
484 }
485 return error;
486 }
487
488 int
sysctl_io_string(struct sysctl_req * req,char * pValue,size_t valueSize,int trunc,int * changed)489 sysctl_io_string(struct sysctl_req *req, char *pValue, size_t valueSize, int trunc, int *changed)
490 {
491 int error;
492 size_t len = strlen(pValue) + 1;
493
494 if (changed) {
495 *changed = 0;
496 }
497
498 if (trunc && req->oldptr && req->oldlen && (req->oldlen < len)) {
499 /* If trunc != 0, if you give it a too small (but larger than
500 * 0 bytes) buffer, instead of returning ENOMEM, it truncates the
501 * returned string to the buffer size. This preserves the semantics
502 * of some library routines implemented via sysctl, which truncate
503 * their returned data, rather than simply returning an error. The
504 * returned string is always nul (ascii '\0') terminated. */
505 error = SYSCTL_OUT(req, pValue, req->oldlen - 1);
506 if (!error) {
507 char c = '\0';
508 error = SYSCTL_OUT(req, &c, 1);
509 }
510 } else {
511 /* Copy string out */
512 error = SYSCTL_OUT(req, pValue, len);
513 }
514
515 /* error or no new value */
516 if (error || !req->newptr) {
517 return error;
518 }
519
520 /* attempt to set read-only value */
521 if (valueSize == 0) {
522 return EPERM;
523 }
524
525 /* make sure there's room for the new string */
526 if (req->newlen >= valueSize) {
527 return EINVAL;
528 }
529
530 /* copy the string in and force nul termination */
531 error = SYSCTL_IN(req, pValue, req->newlen);
532 pValue[req->newlen] = '\0';
533
534 if (!error && changed) {
535 *changed = 1;
536 }
537 return error;
538 }
539
540 int
sysctl_io_opaque(struct sysctl_req * req,void * pValue,size_t valueSize,int * changed)541 sysctl_io_opaque(struct sysctl_req *req, void *pValue, size_t valueSize, int *changed)
542 {
543 int error;
544
545 if (changed) {
546 *changed = 0;
547 }
548
549 /* Copy blob out */
550 error = SYSCTL_OUT(req, pValue, valueSize);
551
552 /* error or nothing to set */
553 if (error || !req->newptr) {
554 return error;
555 }
556
557 error = SYSCTL_IN(req, pValue, valueSize);
558
559 if (!error && changed) {
560 *changed = 1;
561 }
562 return error;
563 }
564
565 /*
566 * SYSCTL_OID enumerators
567 *
568 * Because system OIDs are immutable, they are composed of 2 lists hanging from
569 * a first dummy OID_MUTABLE_ANCHOR node that has an immutable list hanging from
570 * its `oid_parent` field and a mutable list hanging from its oid_arg1 one.
571 *
572 * Those enumerators abstract away the implicit merging of those two lists in
573 * two possible order:
574 * - oid_number order (which will interleave both sorted lists)
575 * - system order which will list the immutable list first,
576 * and the mutable list second.
577 */
578 struct sysctl_oid_iterator {
579 struct sysctl_oid *a;
580 struct sysctl_oid *b;
581 };
582
583 static struct sysctl_oid_iterator
sysctl_oid_iterator_begin(struct sysctl_oid_list * l)584 sysctl_oid_iterator_begin(struct sysctl_oid_list *l)
585 {
586 struct sysctl_oid_iterator it = { };
587 struct sysctl_oid *a = SLIST_FIRST(l);
588
589 if (a == NULL) {
590 return it;
591 }
592
593 if (a->oid_number == OID_MUTABLE_ANCHOR) {
594 it.a = SLIST_NEXT(a, oid_link);
595 it.b = SLIST_FIRST((struct sysctl_oid_list *)a->oid_arg1);
596 } else {
597 it.a = a;
598 }
599 return it;
600 }
601
602 static struct sysctl_oid *
sysctl_oid_iterator_next_num_order(struct sysctl_oid_iterator * it)603 sysctl_oid_iterator_next_num_order(struct sysctl_oid_iterator *it)
604 {
605 struct sysctl_oid *a = it->a;
606 struct sysctl_oid *b = it->b;
607
608 if (a == NULL && b == NULL) {
609 return NULL;
610 }
611
612 if (a == NULL) {
613 it->b = SLIST_NEXT(b, oid_link);
614 return b;
615 }
616
617 if (b == NULL || a->oid_number <= b->oid_number) {
618 it->a = SLIST_NEXT(a, oid_link);
619 return a;
620 }
621
622 it->b = SLIST_NEXT(b, oid_link);
623 return b;
624 }
625
626 #define SYSCTL_OID_FOREACH_NUM_ORDER(oidp, l) \
627 for (struct sysctl_oid_iterator it = sysctl_oid_iterator_begin(l); \
628 ((oidp) = sysctl_oid_iterator_next_num_order(&it)); )
629
630 static struct sysctl_oid *
sysctl_oid_iterator_next_system_order(struct sysctl_oid_iterator * it)631 sysctl_oid_iterator_next_system_order(struct sysctl_oid_iterator *it)
632 {
633 struct sysctl_oid *a = it->a;
634 struct sysctl_oid *b = it->b;
635
636 if (a) {
637 it->a = SLIST_NEXT(a, oid_link);
638 return a;
639 }
640
641 if (b) {
642 it->b = SLIST_NEXT(b, oid_link);
643 return b;
644 }
645
646 return NULL;
647 }
648
649 #define SYSCTL_OID_FOREACH_SYS_ORDER(oidp, l) \
650 for (struct sysctl_oid_iterator it = sysctl_oid_iterator_begin(l); \
651 ((oidp) = sysctl_oid_iterator_next_system_order(&it)); )
652
653 /*
654 * "Staff-functions"
655 *
656 * These functions implement a presently undocumented interface
657 * used by the sysctl program to walk the tree, and get the type
658 * so it can print the value.
659 * This interface is under work and consideration, and should probably
660 * be killed with a big axe by the first person who can find the time.
661 * (be aware though, that the proper interface isn't as obvious as it
662 * may seem, there are various conflicting requirements.
663 *
664 * {0,0} printf the entire MIB-tree.
665 * {0,1,...} return the name of the "..." OID.
666 * {0,2,...} return the next OID.
667 * {0,3} return the OID of the name in "new"
668 * {0,4,...} return the kind & format info for the "..." OID.
669 */
670
671 /*
672 * sysctl_sysctl_debug_dump_node
673 *
674 * Description: Dump debug information for a given sysctl_oid_list at the
675 * given oid depth out to the kernel log, via printf
676 *
677 * Parameters: l sysctl_oid_list pointer
678 * i current node depth
679 *
680 * Returns: (void)
681 *
682 * Implicit: kernel log, modified
683 *
684 * Locks: Assumes sysctl_geometry_lock is held prior to calling
685 *
686 * Notes: This function may call itself recursively to resolve Node
687 * values, which potentially have an inferioer sysctl_oid_list
688 *
689 * This function is only callable indirectly via the function
690 * sysctl_sysctl_debug()
691 *
692 * Bugs: The node depth indentation does not work; this may be an
693 * artifact of leading space removal by the log daemon itself
694 * or some intermediate routine.
695 */
696 STATIC void
sysctl_sysctl_debug_dump_node(struct sysctl_oid_list * l,int i)697 sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i)
698 {
699 struct sysctl_oid *oidp;
700 struct sysctl_oid_list *lp;
701 const char *what;
702
703 SYSCTL_OID_FOREACH_SYS_ORDER(oidp, l) {
704 switch (oidp->oid_kind & CTLTYPE) {
705 case CTLTYPE_NODE:
706 lp = oidp->oid_arg1;
707 what = "Node ";
708 if (lp && SLIST_FIRST(lp) &&
709 SLIST_FIRST(lp)->oid_number == OID_MUTABLE_ANCHOR) {
710 what = "NodeExt";
711 } else {
712 }
713 break;
714 case CTLTYPE_INT:
715 what = "Int ";
716 break;
717 case CTLTYPE_STRING:
718 what = "String ";
719 break;
720 case CTLTYPE_QUAD:
721 what = "Quad ";
722 break;
723 case CTLTYPE_OPAQUE:
724 what = "Opaque ";
725 break;
726 default:
727 what = "Unknown";
728 break;
729 }
730
731 printf("%*s%-3d[%c%c%c%c%c] %s %s\n", i, "", oidp->oid_number,
732 oidp->oid_kind & CTLFLAG_LOCKED ? 'L':' ',
733 oidp->oid_kind & CTLFLAG_RD ? 'R':' ',
734 oidp->oid_kind & CTLFLAG_WR ? 'W':' ',
735 oidp->oid_kind & CTLFLAG_PERMANENT ? ' ':'*',
736 oidp->oid_handler ? 'h' : ' ',
737 what, oidp->oid_name);
738
739 if ((oidp->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
740 if (!oidp->oid_handler) {
741 sysctl_sysctl_debug_dump_node(lp, i + 2);
742 }
743 }
744 }
745 }
746
747 /*
748 * sysctl_sysctl_debug
749 *
750 * Description: This function implements the "sysctl.debug" portion of the
751 * OID space for sysctl.
752 *
753 * OID: 0, 0
754 *
755 * Parameters: __unused
756 *
757 * Returns: ENOENT
758 *
759 * Implicit: kernel log, modified
760 *
761 * Locks: Acquires and then releases a read lock on the
762 * sysctl_geometry_lock
763 */
764 STATIC int
sysctl_sysctl_debug(__unused struct sysctl_oid * oidp,__unused void * arg1,__unused int arg2,__unused struct sysctl_req * req)765 sysctl_sysctl_debug(__unused struct sysctl_oid *oidp, __unused void *arg1,
766 __unused int arg2, __unused struct sysctl_req *req)
767 {
768 lck_rw_lock_shared(&sysctl_geometry_lock);
769 sysctl_sysctl_debug_dump_node(&sysctl__children, 0);
770 lck_rw_done(&sysctl_geometry_lock);
771 return ENOENT;
772 }
773
774 SYSCTL_PROC(_sysctl, 0, debug, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_LOCKED,
775 0, 0, sysctl_sysctl_debug, "-", "");
776
777 /*
778 * sysctl_sysctl_name
779 *
780 * Description: Convert an OID into a string name; this is used by the user
781 * space sysctl() command line utility; this is done in a purely
782 * advisory capacity (e.g. to provide node names for "sysctl -A"
783 * output).
784 *
785 * OID: 0, 1
786 *
787 * Parameters: oidp __unused
788 * arg1 A pointer to the OID name list
789 * integer array, beginning at
790 * adjusted option base 2
791 * arg2 The number of elements which
792 * remain in the name array
793 *
794 * Returns: 0 Success
795 * SYSCTL_OUT:EPERM Permission denied
796 * SYSCTL_OUT:EFAULT Bad user supplied buffer
797 * SYSCTL_OUT:??? Return value from user function
798 * for SYSCTL_PROC leaf node
799 *
800 * Implict: Contents of user request buffer, modified
801 *
802 * Locks: Acquires and then releases a read lock on the
803 * sysctl_geometry_lock
804 *
805 * Notes: SPI (System Programming Interface); this is subject to change
806 * and may not be relied upon by third party applications; use
807 * a subprocess to communicate with the "sysctl" command line
808 * command instead, if you believe you need this functionality.
809 * Preferrably, use sysctlbyname() instead.
810 *
811 * Setting of the NULL termination of the output string is
812 * delayed until after the geometry lock is dropped. If there
813 * are no Entries remaining in the OID name list when this
814 * function is called, it will still write out the termination
815 * byte.
816 *
817 * This function differs from other sysctl functions in that
818 * it can not take an output buffer length of 0 to determine the
819 * space which will be required. It is suggested that the buffer
820 * length be PATH_MAX, and that authors of new sysctl's refrain
821 * from exceeding this string length.
822 */
823 STATIC int
sysctl_sysctl_name(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)824 sysctl_sysctl_name(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
825 struct sysctl_req *req)
826 {
827 int *name = (int *) arg1;
828 u_int namelen = arg2;
829 int error = 0;
830 struct sysctl_oid *oid;
831 struct sysctl_oid_list *lsp = &sysctl__children, *lsp2;
832 char tempbuf[10] = {};
833
834 lck_rw_lock_shared(&sysctl_geometry_lock);
835 while (namelen) {
836 if (!lsp) {
837 snprintf(tempbuf, sizeof(tempbuf), "%d", *name);
838 if (req->oldidx) {
839 error = SYSCTL_OUT(req, ".", 1);
840 }
841 if (!error) {
842 error = SYSCTL_OUT(req, tempbuf, strlen(tempbuf));
843 }
844 if (error) {
845 lck_rw_done(&sysctl_geometry_lock);
846 return error;
847 }
848 namelen--;
849 name++;
850 continue;
851 }
852 lsp2 = 0;
853 SYSCTL_OID_FOREACH_NUM_ORDER(oid, lsp) {
854 if (oid->oid_number != *name) {
855 continue;
856 }
857
858 if (req->oldidx) {
859 error = SYSCTL_OUT(req, ".", 1);
860 }
861 if (!error) {
862 error = SYSCTL_OUT(req, oid->oid_name,
863 strlen(oid->oid_name));
864 }
865 if (error) {
866 lck_rw_done(&sysctl_geometry_lock);
867 return error;
868 }
869
870 namelen--;
871 name++;
872
873 if ((oid->oid_kind & CTLTYPE) != CTLTYPE_NODE) {
874 break;
875 }
876
877 if (oid->oid_handler) {
878 break;
879 }
880
881 lsp2 = (struct sysctl_oid_list *)oid->oid_arg1;
882 break;
883 }
884 lsp = lsp2;
885 }
886 lck_rw_done(&sysctl_geometry_lock);
887 return SYSCTL_OUT(req, "", 1);
888 }
889
890 SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_name, "");
891
892 /*
893 * sysctl_sysctl_next_ls
894 *
895 * Description: For a given OID name value, return the next consecutive OID
896 * name value within the geometry tree
897 *
898 * Parameters: lsp The OID list to look in
899 * name The OID name to start from
900 * namelen The length of the OID name
901 * next Pointer to new oid storage to
902 * fill in
903 * len Pointer to receive new OID
904 * length value of storage written
905 * level OID tree depth (used to compute
906 * len value)
907 * oidpp Pointer to OID list entry
908 * pointer; used to walk the list
909 * forward across recursion
910 *
911 * Returns: 0 Returning a new entry
912 * 1 End of geometry list reached
913 *
914 * Implicit: *next Modified to contain the new OID
915 * *len Modified to contain new length
916 *
917 * Locks: Assumes sysctl_geometry_lock is held prior to calling
918 *
919 * Notes: This function will not return OID values that have special
920 * handlers, since we can not tell wheter these handlers consume
921 * elements from the OID space as parameters. For this reason,
922 * we STRONGLY discourage these types of handlers
923 */
924 STATIC int
sysctl_sysctl_next_ls(struct sysctl_oid_list * lsp,int * name,u_int namelen,int * next,int * len,int level,struct sysctl_oid ** oidpp)925 sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen,
926 int *next, int *len, int level, struct sysctl_oid **oidpp)
927 {
928 struct sysctl_oid *oidp;
929
930 *len = level;
931 SYSCTL_OID_FOREACH_NUM_ORDER(oidp, lsp) {
932 *next = oidp->oid_number;
933 *oidpp = oidp;
934
935 if (!namelen) {
936 if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) {
937 return 0;
938 }
939 if (oidp->oid_handler) {
940 /* We really should call the handler here...*/
941 return 0;
942 }
943 lsp = (struct sysctl_oid_list *)oidp->oid_arg1;
944
945 if (!SLIST_FIRST(lsp)) {
946 /* This node had no children - skip it! */
947 continue;
948 }
949
950 if (!sysctl_sysctl_next_ls(lsp, 0, 0, next + 1,
951 len, level + 1, oidpp)) {
952 return 0;
953 }
954 goto next;
955 }
956
957 if (oidp->oid_number < *name) {
958 continue;
959 }
960
961 if (oidp->oid_number > *name) {
962 if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) {
963 return 0;
964 }
965 if (oidp->oid_handler) {
966 return 0;
967 }
968 lsp = (struct sysctl_oid_list *)oidp->oid_arg1;
969 if (!sysctl_sysctl_next_ls(lsp, name + 1, namelen - 1,
970 next + 1, len, level + 1, oidpp)) {
971 return 0;
972 }
973 goto next;
974 }
975 if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) {
976 continue;
977 }
978
979 if (oidp->oid_handler) {
980 continue;
981 }
982
983 lsp = (struct sysctl_oid_list *)oidp->oid_arg1;
984 if (!sysctl_sysctl_next_ls(lsp, name + 1, namelen - 1, next + 1,
985 len, level + 1, oidpp)) {
986 return 0;
987 }
988 next:
989 namelen = 1;
990 *len = level;
991 }
992 return 1;
993 }
994
995 /*
996 * sysctl_sysctl_next
997 *
998 * Description: This is an iterator function designed to iterate the oid tree
999 * and provide a list of OIDs for use by the user space "sysctl"
1000 * command line tool
1001 *
1002 * OID: 0, 2
1003 *
1004 * Parameters: oidp __unused
1005 * arg1 Pointer to start OID name
1006 * arg2 Start OID name length
1007 * req Pointer to user request buffer
1008 *
1009 * Returns: 0 Success
1010 * ENOENT Reached end of OID space
1011 * SYSCTL_OUT:EPERM Permission denied
1012 * SYSCTL_OUT:EFAULT Bad user supplied buffer
1013 * SYSCTL_OUT:??? Return value from user function
1014 * for SYSCTL_PROC leaf node
1015 *
1016 * Implict: Contents of user request buffer, modified
1017 *
1018 * Locks: Acquires and then releases a read lock on the
1019 * sysctl_geometry_lock
1020 *
1021 * Notes: SPI (System Programming Interface); this is subject to change
1022 * and may not be relied upon by third party applications; use
1023 * a subprocess to communicate with the "sysctl" command line
1024 * command instead, if you believe you need this functionality.
1025 * Preferrably, use sysctlbyname() instead.
1026 *
1027 * This function differs from other sysctl functions in that
1028 * it can not take an output buffer length of 0 to determine the
1029 * space which will be required. It is suggested that the buffer
1030 * length be PATH_MAX, and that authors of new sysctl's refrain
1031 * from exceeding this string length.
1032 */
1033 STATIC int
sysctl_sysctl_next(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)1034 sysctl_sysctl_next(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
1035 struct sysctl_req *req)
1036 {
1037 int *name = (int *) arg1;
1038 u_int namelen = arg2;
1039 int i, j, error;
1040 struct sysctl_oid *oid;
1041 struct sysctl_oid_list *lsp = &sysctl__children;
1042 int newoid[CTL_MAXNAME] = {};
1043
1044 lck_rw_lock_shared(&sysctl_geometry_lock);
1045 i = sysctl_sysctl_next_ls(lsp, name, namelen, newoid, &j, 1, &oid);
1046 lck_rw_done(&sysctl_geometry_lock);
1047 if (i) {
1048 return ENOENT;
1049 }
1050 error = SYSCTL_OUT(req, newoid, j * sizeof(int));
1051 return error;
1052 }
1053
1054 SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_next, "");
1055
1056 /*
1057 * name2oid
1058 *
1059 * Description: Support function for use by sysctl_sysctl_name2oid(); looks
1060 * up an OID name given a string name.
1061 *
1062 * Parameters: name NULL terminated string name
1063 * oid Pointer to receive OID name
1064 * len Pointer to receive OID length
1065 * pointer value (see "Notes")
1066 *
1067 * Returns: 0 Success
1068 * ENOENT Entry not found
1069 *
1070 * Implicit: *oid Modified to contain OID value
1071 * *len Modified to contain OID length
1072 *
1073 * Locks: Assumes sysctl_geometry_lock is held prior to calling
1074 */
1075 STATIC int
name2oid(char * name,int * oid,size_t * len)1076 name2oid(char *name, int *oid, size_t *len)
1077 {
1078 struct sysctl_oid_iterator it;
1079 struct sysctl_oid *oidp;
1080 char *p;
1081 char i;
1082
1083 if (!*name) {
1084 return ENOENT;
1085 }
1086
1087 p = name + strlen(name) - 1;
1088 if (*p == '.') {
1089 *p = '\0';
1090 }
1091
1092 *len = 0;
1093
1094 for (p = name; *p && *p != '.'; p++) {
1095 ;
1096 }
1097 i = *p;
1098 if (i == '.') {
1099 *p = '\0';
1100 }
1101
1102 it = sysctl_oid_iterator_begin(&sysctl__children);
1103 oidp = sysctl_oid_iterator_next_system_order(&it);
1104
1105 while (oidp && *len < CTL_MAXNAME) {
1106 if (strcmp(name, oidp->oid_name)) {
1107 oidp = sysctl_oid_iterator_next_system_order(&it);
1108 continue;
1109 }
1110 *oid++ = oidp->oid_number;
1111 (*len)++;
1112
1113 if (i == '\0') {
1114 return 0;
1115 }
1116
1117 if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) {
1118 break;
1119 }
1120
1121 if (oidp->oid_handler) {
1122 break;
1123 }
1124
1125 it = sysctl_oid_iterator_begin(oidp->oid_arg1);
1126 oidp = sysctl_oid_iterator_next_system_order(&it);
1127
1128 *p = i; /* restore */
1129 name = p + 1;
1130 for (p = name; *p && *p != '.'; p++) {
1131 ;
1132 }
1133 i = *p;
1134 if (i == '.') {
1135 *p = '\0';
1136 }
1137 }
1138 return ENOENT;
1139 }
1140
1141 /*
1142 * sysctl_sysctl_name2oid
1143 *
1144 * Description: Translate a string name to an OID name value; this is used by
1145 * the sysctlbyname() function as well as by the "sysctl" command
1146 * line command.
1147 *
1148 * OID: 0, 3
1149 *
1150 * Parameters: oidp __unused
1151 * arg1 __unused
1152 * arg2 __unused
1153 * req Request structure
1154 *
1155 * Returns: ENOENT Input length too short
1156 * ENAMETOOLONG Input length too long
1157 * ENOMEM Could not allocate work area
1158 * SYSCTL_IN/OUT:EPERM Permission denied
1159 * SYSCTL_IN/OUT:EFAULT Bad user supplied buffer
1160 * SYSCTL_IN/OUT:??? Return value from user function
1161 * name2oid:ENOENT Not found
1162 *
1163 * Implicit: *req Contents of request, modified
1164 *
1165 * Locks: Acquires and then releases a read lock on the
1166 * sysctl_geometry_lock
1167 *
1168 * Notes: SPI (System Programming Interface); this is subject to change
1169 * and may not be relied upon by third party applications; use
1170 * a subprocess to communicate with the "sysctl" command line
1171 * command instead, if you believe you need this functionality.
1172 * Preferrably, use sysctlbyname() instead.
1173 *
1174 * This function differs from other sysctl functions in that
1175 * it can not take an output buffer length of 0 to determine the
1176 * space which will be required. It is suggested that the buffer
1177 * length be PATH_MAX, and that authors of new sysctl's refrain
1178 * from exceeding this string length.
1179 */
1180 STATIC int
sysctl_sysctl_name2oid(__unused struct sysctl_oid * oidp,__unused void * arg1,__unused int arg2,struct sysctl_req * req)1181 sysctl_sysctl_name2oid(__unused struct sysctl_oid *oidp, __unused void *arg1,
1182 __unused int arg2, struct sysctl_req *req)
1183 {
1184 char *p;
1185 int error, oid[CTL_MAXNAME] = {};
1186 size_t len = 0; /* set by name2oid() */
1187
1188 if (req->newlen < 1) {
1189 return ENOENT;
1190 }
1191 if (req->newlen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */
1192 return ENAMETOOLONG;
1193 }
1194
1195 p = (char *)kalloc_data(req->newlen + 1, Z_WAITOK);
1196 if (!p) {
1197 return ENOMEM;
1198 }
1199
1200 error = SYSCTL_IN(req, p, req->newlen);
1201 if (error) {
1202 kfree_data(p, req->newlen + 1);
1203 return error;
1204 }
1205
1206 p[req->newlen] = '\0';
1207
1208 /*
1209 * Note: We acquire and release the geometry lock here to
1210 * avoid making name2oid needlessly complex.
1211 */
1212 lck_rw_lock_shared(&sysctl_geometry_lock);
1213 error = name2oid(p, oid, &len);
1214 lck_rw_done(&sysctl_geometry_lock);
1215
1216 kfree_data(p, req->newlen + 1);
1217
1218 if (error) {
1219 return error;
1220 }
1221
1222 error = SYSCTL_OUT(req, oid, len * sizeof *oid);
1223 return error;
1224 }
1225
1226 SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_KERN | CTLFLAG_LOCKED, 0, 0,
1227 sysctl_sysctl_name2oid, "I", "");
1228
1229 /*
1230 * sysctl_sysctl_oidfmt
1231 *
1232 * Description: For a given OID name, determine the format of the data which
1233 * is associated with it. This is used by the "sysctl" command
1234 * line command.
1235 *
1236 * OID: 0, 4
1237 *
1238 * Parameters: oidp __unused
1239 * arg1 The OID name to look up
1240 * arg2 The length of the OID name
1241 * req Pointer to user request buffer
1242 *
1243 * Returns: 0 Success
1244 * EISDIR Malformed request
1245 * ENOENT No such OID name
1246 * SYSCTL_OUT:EPERM Permission denied
1247 * SYSCTL_OUT:EFAULT Bad user supplied buffer
1248 * SYSCTL_OUT:??? Return value from user function
1249 *
1250 * Implict: Contents of user request buffer, modified
1251 *
1252 * Locks: Acquires and then releases a read lock on the
1253 * sysctl_geometry_lock
1254 *
1255 * Notes: SPI (System Programming Interface); this is subject to change
1256 * and may not be relied upon by third party applications; use
1257 * a subprocess to communicate with the "sysctl" command line
1258 * command instead, if you believe you need this functionality.
1259 *
1260 * This function differs from other sysctl functions in that
1261 * it can not take an output buffer length of 0 to determine the
1262 * space which will be required. It is suggested that the buffer
1263 * length be PATH_MAX, and that authors of new sysctl's refrain
1264 * from exceeding this string length.
1265 */
1266 STATIC int
sysctl_sysctl_oidfmt(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)1267 sysctl_sysctl_oidfmt(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
1268 struct sysctl_req *req)
1269 {
1270 int *name = (int *) arg1;
1271 int error = ENOENT; /* default error: not found */
1272 u_int namelen = arg2;
1273 u_int indx;
1274 struct sysctl_oid_iterator it;
1275 struct sysctl_oid *oid;
1276
1277 lck_rw_lock_shared(&sysctl_geometry_lock);
1278
1279 it = sysctl_oid_iterator_begin(&sysctl__children);
1280 oid = sysctl_oid_iterator_next_system_order(&it);
1281
1282 indx = 0;
1283 while (oid && indx < CTL_MAXNAME) {
1284 if (oid->oid_number == name[indx]) {
1285 indx++;
1286 if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
1287 if (oid->oid_handler) {
1288 goto found;
1289 }
1290 if (indx == namelen) {
1291 goto found;
1292 }
1293 it = sysctl_oid_iterator_begin(oid->oid_arg1);
1294 oid = sysctl_oid_iterator_next_system_order(&it);
1295 } else {
1296 if (indx != namelen) {
1297 error = EISDIR;
1298 goto err;
1299 }
1300 goto found;
1301 }
1302 } else {
1303 oid = sysctl_oid_iterator_next_system_order(&it);
1304 }
1305 }
1306 /* Not found */
1307 goto err;
1308
1309 found:
1310 if (!oid->oid_fmt) {
1311 goto err;
1312 }
1313 error = SYSCTL_OUT(req,
1314 &oid->oid_kind, sizeof(oid->oid_kind));
1315 if (!error) {
1316 error = SYSCTL_OUT(req, oid->oid_fmt,
1317 strlen(oid->oid_fmt) + 1);
1318 }
1319 err:
1320 lck_rw_done(&sysctl_geometry_lock);
1321 return error;
1322 }
1323
1324 SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_oidfmt, "");
1325
1326
1327 /*
1328 * Default "handler" functions.
1329 */
1330
1331 /*
1332 * Handle an int, signed or unsigned.
1333 * Two cases:
1334 * a variable: point arg1 at it.
1335 * a constant: pass it in arg2.
1336 */
1337
1338 int
sysctl_handle_int(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)1339 sysctl_handle_int(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
1340 struct sysctl_req *req)
1341 {
1342 return sysctl_io_number(req, arg1? *(int*)arg1: arg2, sizeof(int), arg1, NULL);
1343 }
1344
1345 /*
1346 * Handle a long, signed or unsigned. arg1 points to it.
1347 */
1348
1349 int
sysctl_handle_long(__unused struct sysctl_oid * oidp,void * arg1,__unused int arg2,struct sysctl_req * req)1350 sysctl_handle_long(__unused struct sysctl_oid *oidp, void *arg1,
1351 __unused int arg2, struct sysctl_req *req)
1352 {
1353 if (!arg1) {
1354 return EINVAL;
1355 }
1356 return sysctl_io_number(req, *(long*)arg1, sizeof(long), arg1, NULL);
1357 }
1358
1359 /*
1360 * Handle a quad, signed or unsigned. arg1 points to it.
1361 */
1362
1363 int
sysctl_handle_quad(__unused struct sysctl_oid * oidp,void * arg1,__unused int arg2,struct sysctl_req * req)1364 sysctl_handle_quad(__unused struct sysctl_oid *oidp, void *arg1,
1365 __unused int arg2, struct sysctl_req *req)
1366 {
1367 if (!arg1) {
1368 return EINVAL;
1369 }
1370 return sysctl_io_number(req, *(long long*)arg1, sizeof(long long), arg1, NULL);
1371 }
1372
1373 /*
1374 * Expose an int value as a quad.
1375 *
1376 * This interface allows us to support interfaces defined
1377 * as using quad values while the implementation is still
1378 * using ints.
1379 */
1380 int
sysctl_handle_int2quad(__unused struct sysctl_oid * oidp,void * arg1,__unused int arg2,struct sysctl_req * req)1381 sysctl_handle_int2quad(__unused struct sysctl_oid *oidp, void *arg1,
1382 __unused int arg2, struct sysctl_req *req)
1383 {
1384 int error = 0;
1385 long long val;
1386 int newval;
1387
1388 if (!arg1) {
1389 return EINVAL;
1390 }
1391 val = (long long)*(int *)arg1;
1392 error = SYSCTL_OUT(req, &val, sizeof(long long));
1393
1394 if (error || !req->newptr) {
1395 return error;
1396 }
1397
1398 error = SYSCTL_IN(req, &val, sizeof(long long));
1399 if (!error) {
1400 /*
1401 * Value must be representable; check by
1402 * casting and then casting back.
1403 */
1404 newval = (int)val;
1405 if ((long long)newval != val) {
1406 error = ERANGE;
1407 } else {
1408 *(int *)arg1 = newval;
1409 }
1410 }
1411 return error;
1412 }
1413
1414 /*
1415 * Handle our generic '\0' terminated 'C' string.
1416 * Two cases:
1417 * a variable string: point arg1 at it, arg2 is max length.
1418 * a constant string: point arg1 at it, arg2 is zero.
1419 */
1420
1421 int
sysctl_handle_string(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)1422 sysctl_handle_string( __unused struct sysctl_oid *oidp, void *arg1, int arg2,
1423 struct sysctl_req *req)
1424 {
1425 return sysctl_io_string(req, arg1, arg2, 0, NULL);
1426 }
1427
1428 /*
1429 * Handle any kind of opaque data.
1430 * arg1 points to it, arg2 is the size.
1431 */
1432
1433 int
sysctl_handle_opaque(__unused struct sysctl_oid * oidp,void * arg1,int arg2,struct sysctl_req * req)1434 sysctl_handle_opaque(__unused struct sysctl_oid *oidp, void *arg1, int arg2,
1435 struct sysctl_req *req)
1436 {
1437 return sysctl_io_opaque(req, arg1, arg2, NULL);
1438 }
1439
1440 /*
1441 * Transfer functions to/from kernel space.
1442 */
1443 STATIC int
sysctl_old_kernel(struct sysctl_req * req,const void * p,size_t l)1444 sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l)
1445 {
1446 size_t i = 0;
1447
1448 if (req->oldptr) {
1449 i = l;
1450 if (i > req->oldlen - req->oldidx) {
1451 i = req->oldlen - req->oldidx;
1452 }
1453 if (i > 0) {
1454 bcopy((const void*)p, CAST_DOWN(char *, (req->oldptr + req->oldidx)), i);
1455 }
1456 }
1457 req->oldidx += l;
1458 if (req->oldptr && i != l) {
1459 return ENOMEM;
1460 }
1461 return 0;
1462 }
1463
1464 STATIC int
sysctl_new_kernel(struct sysctl_req * req,void * p,size_t l)1465 sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l)
1466 {
1467 if (!req->newptr) {
1468 return 0;
1469 }
1470 if (req->newlen - req->newidx < l) {
1471 return EINVAL;
1472 }
1473 bcopy(CAST_DOWN(char *, (req->newptr + req->newidx)), p, l);
1474 req->newidx += l;
1475 return 0;
1476 }
1477
1478 int
kernel_sysctl(struct proc * p,int * name,size_t namelen,void * old,size_t * oldlenp,void * new,size_t newlen)1479 kernel_sysctl(struct proc *p, int *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen)
1480 {
1481 int error = 0;
1482 struct sysctl_req req;
1483
1484 /*
1485 * Construct request.
1486 */
1487 bzero(&req, sizeof req);
1488 req.p = p;
1489 if (oldlenp) {
1490 req.oldlen = *oldlenp;
1491 }
1492 if (old) {
1493 req.oldptr = CAST_USER_ADDR_T(old);
1494 }
1495 if (newlen) {
1496 req.newlen = newlen;
1497 req.newptr = CAST_USER_ADDR_T(new);
1498 }
1499 req.oldfunc = sysctl_old_kernel;
1500 req.newfunc = sysctl_new_kernel;
1501 req.lock = 1;
1502
1503 /* make the request */
1504 error = sysctl_root(TRUE, FALSE, NULL, 0, name, namelen, &req);
1505
1506 if (error && error != ENOMEM) {
1507 return error;
1508 }
1509
1510 if (oldlenp) {
1511 *oldlenp = req.oldidx;
1512 }
1513
1514 return error;
1515 }
1516
1517 /*
1518 * Transfer function to/from user space.
1519 */
1520 STATIC int
sysctl_old_user(struct sysctl_req * req,const void * p,size_t l)1521 sysctl_old_user(struct sysctl_req *req, const void *p, size_t l)
1522 {
1523 int error = 0;
1524 size_t i = 0;
1525
1526 if (req->oldptr) {
1527 if (req->oldlen - req->oldidx < l) {
1528 return ENOMEM;
1529 }
1530 i = l;
1531 if (i > req->oldlen - req->oldidx) {
1532 i = req->oldlen - req->oldidx;
1533 }
1534 if (i > 0) {
1535 error = copyout((const void*)p, (req->oldptr + req->oldidx), i);
1536 }
1537 }
1538 req->oldidx += l;
1539 if (error) {
1540 return error;
1541 }
1542 if (req->oldptr && i < l) {
1543 return ENOMEM;
1544 }
1545 return 0;
1546 }
1547
1548 STATIC int
sysctl_new_user(struct sysctl_req * req,void * p,size_t l)1549 sysctl_new_user(struct sysctl_req *req, void *p, size_t l)
1550 {
1551 int error;
1552
1553 if (!req->newptr) {
1554 return 0;
1555 }
1556 if (req->newlen - req->newidx < l) {
1557 return EINVAL;
1558 }
1559 error = copyin((req->newptr + req->newidx), p, l);
1560 req->newidx += l;
1561 return error;
1562 }
1563
1564 #define WRITE_EXPERIMENT_FACTORS_ENTITLEMENT "com.apple.private.write-kr-experiment-factors"
1565 /*
1566 * Is the current task allowed to write to experiment factors?
1567 * tasks with the WRITE_EXPERIMENT_FACTORS_ENTITLEMENT are always allowed to write these.
1568 * In the development / debug kernel we also allow root to write them.
1569 */
1570 STATIC bool
can_write_experiment_factors(__unused struct sysctl_req * req)1571 can_write_experiment_factors(__unused struct sysctl_req *req)
1572 {
1573 if (IOCurrentTaskHasEntitlement(WRITE_EXPERIMENT_FACTORS_ENTITLEMENT)) {
1574 return true;
1575 }
1576 #if DEBUG || DEVELOPMENT
1577 return !proc_suser(req->p);
1578 #else
1579 return false;
1580 #endif /* DEBUG || DEVELOPMENT */
1581 }
1582
1583 /*
1584 * Traverse our tree, and find the right node, execute whatever it points
1585 * at, and return the resulting error code.
1586 */
1587
1588 int
sysctl_root(boolean_t from_kernel,boolean_t string_is_canonical,char * namestring,size_t namestringlen,int * name,size_t namelen,struct sysctl_req * req)1589 sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical,
1590 char *namestring, size_t namestringlen,
1591 int *name, size_t namelen, struct sysctl_req *req)
1592 {
1593 u_int indx;
1594 int i;
1595 struct sysctl_oid_iterator it;
1596 struct sysctl_oid *oid;
1597 sysctl_handler_t oid_handler = NULL;
1598 int error;
1599 boolean_t unlocked_node_found = FALSE;
1600 boolean_t namestring_started = FALSE;
1601
1602 /* Get the read lock on the geometry */
1603 lck_rw_lock_shared(&sysctl_geometry_lock);
1604
1605 if (string_is_canonical) {
1606 /* namestring is actually canonical, name/namelen needs to be populated */
1607 error = name2oid(namestring, name, &namelen);
1608 if (error) {
1609 goto err;
1610 }
1611 }
1612
1613 it = sysctl_oid_iterator_begin(&sysctl__children);
1614 oid = sysctl_oid_iterator_next_system_order(&it);
1615
1616 indx = 0;
1617 while (oid && indx < CTL_MAXNAME) {
1618 if (oid->oid_number == name[indx]) {
1619 if (!from_kernel && !string_is_canonical) {
1620 if (namestring_started) {
1621 if (strlcat(namestring, ".", namestringlen) >= namestringlen) {
1622 error = ENAMETOOLONG;
1623 goto err;
1624 }
1625 }
1626
1627 if (strlcat(namestring, oid->oid_name, namestringlen) >= namestringlen) {
1628 error = ENAMETOOLONG;
1629 goto err;
1630 }
1631 namestring_started = TRUE;
1632 }
1633
1634 indx++;
1635 if (!(oid->oid_kind & CTLFLAG_LOCKED)) {
1636 unlocked_node_found = TRUE;
1637 }
1638 if (oid->oid_kind & CTLFLAG_NOLOCK) {
1639 req->lock = 0;
1640 }
1641 /*
1642 * For SYSCTL_PROC() functions which are for sysctl's
1643 * which have parameters at the end of their OID
1644 * space, you need to OR CTLTYPE_NODE into their
1645 * access value.
1646 *
1647 * NOTE: For binary backward compatibility ONLY! Do
1648 * NOT add new sysctl's that do this! Existing
1649 * sysctl's which do this will eventually have
1650 * compatibility code in user space, and this method
1651 * will become unsupported.
1652 */
1653 if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
1654 if (oid->oid_handler) {
1655 goto found;
1656 }
1657 if (indx == namelen) {
1658 error = ENOENT;
1659 goto err;
1660 }
1661
1662 it = sysctl_oid_iterator_begin(oid->oid_arg1);
1663 oid = sysctl_oid_iterator_next_system_order(&it);
1664 } else {
1665 if (indx != namelen) {
1666 error = EISDIR;
1667 goto err;
1668 }
1669 goto found;
1670 }
1671 } else {
1672 oid = sysctl_oid_iterator_next_system_order(&it);
1673 }
1674 }
1675 error = ENOENT;
1676 goto err;
1677 found:
1678
1679 /*
1680 * indx is the index of the first remaining OID name,
1681 * for sysctls that take them as arguments
1682 */
1683 if (!from_kernel && !string_is_canonical && (indx < namelen)) {
1684 char tempbuf[10];
1685 u_int indx2;
1686
1687 for (indx2 = indx; indx2 < namelen; indx2++) {
1688 snprintf(tempbuf, sizeof(tempbuf), "%d", name[indx2]);
1689
1690 if (namestring_started) {
1691 if (strlcat(namestring, ".", namestringlen) >= namestringlen) {
1692 error = ENAMETOOLONG;
1693 goto err;
1694 }
1695 }
1696
1697 if (strlcat(namestring, tempbuf, namestringlen) >= namestringlen) {
1698 error = ENAMETOOLONG;
1699 goto err;
1700 }
1701 namestring_started = TRUE;
1702 }
1703 }
1704
1705 /* If writing isn't allowed */
1706 if (req->newptr && (!(oid->oid_kind & CTLFLAG_WR) ||
1707 ((oid->oid_kind & CTLFLAG_SECURE) && securelevel > 0))) {
1708 error = (EPERM);
1709 goto err;
1710 }
1711
1712 /*
1713 * If we're inside the kernel, the OID must be marked as kernel-valid.
1714 */
1715 if (from_kernel && !(oid->oid_kind & CTLFLAG_KERN)) {
1716 error = (EPERM);
1717 goto err;
1718 }
1719
1720 if (req->newptr && req->p) {
1721 if (oid->oid_kind & CTLFLAG_EXPERIMENT) {
1722 /*
1723 * Experiment factors have different permissions since they need to be
1724 * writable by procs with WRITE_EXPERIMENT_FACTORS_ENTITLEMENT.
1725 */
1726 if (!can_write_experiment_factors(req)) {
1727 error = (EPERM);
1728 goto err;
1729 }
1730 } else {
1731 /*
1732 * This is where legacy enforcement of permissions occurs. If the
1733 * flag does not say CTLFLAG_ANYBODY, then we prohibit anyone but
1734 * root from writing new values down. If local enforcement happens
1735 * at the leaf node, then it needs to be set as CTLFLAG_ANYBODY. In
1736 * addition, if the leaf node is set this way, then in order to do
1737 * specific enforcement, it has to be of type SYSCTL_PROC.
1738 */
1739 if (!(oid->oid_kind & CTLFLAG_ANYBODY) &&
1740 (error = proc_suser(req->p))) {
1741 goto err;
1742 }
1743 }
1744 }
1745
1746 /*
1747 * sysctl_unregister_oid() may change the handler value, so grab it
1748 * under the lock.
1749 */
1750 oid_handler = oid->oid_handler;
1751 if (!oid_handler) {
1752 error = EINVAL;
1753 goto err;
1754 }
1755
1756 /*
1757 * Reference the OID and drop the geometry lock; this prevents the
1758 * OID from being deleted out from under the handler call, but does
1759 * not prevent other calls into handlers or calls to manage the
1760 * geometry elsewhere from blocking...
1761 */
1762 if ((oid->oid_kind & CTLFLAG_PERMANENT) == 0) {
1763 OSAddAtomic(1, &oid->oid_refcnt);
1764 }
1765
1766 lck_rw_done(&sysctl_geometry_lock);
1767
1768 #if CONFIG_MACF
1769 if (!from_kernel) {
1770 error = mac_system_check_sysctlbyname(kauth_cred_get(),
1771 namestring,
1772 name,
1773 namelen,
1774 req->oldptr,
1775 req->oldlen,
1776 req->newptr,
1777 req->newlen);
1778 if (error) {
1779 goto dropref;
1780 }
1781 }
1782 #endif
1783
1784 /*
1785 * ...however, we still have to grab the mutex for those calls which
1786 * may be into code whose reentrancy is protected by it.
1787 */
1788 if (unlocked_node_found) {
1789 lck_mtx_lock(&sysctl_unlocked_node_lock);
1790 }
1791
1792 #if defined(HAS_APPLE_PAC)
1793 /*
1794 * oid_handler is signed address-discriminated by sysctl_register_oid().
1795 */
1796 oid_handler = ptrauth_auth_and_resign(oid_handler,
1797 ptrauth_key_function_pointer,
1798 ptrauth_blend_discriminator(&oid->oid_handler,
1799 os_hash_kernel_pointer(oid->oid_arg1)),
1800 ptrauth_key_function_pointer,
1801 ptrauth_function_pointer_type_discriminator(typeof(oid_handler)));
1802 #endif /* defined(HAS_APPLE_PAC) */
1803
1804 if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) {
1805 i = oid_handler(oid, name + indx, (int)(namelen - indx), req);
1806 } else {
1807 i = oid_handler(oid, oid->oid_arg1, oid->oid_arg2, req);
1808 }
1809 error = i;
1810
1811 if (unlocked_node_found) {
1812 lck_mtx_unlock(&sysctl_unlocked_node_lock);
1813 }
1814
1815 #if CONFIG_MACF
1816 /* only used from another CONFIG_MACF block */
1817 dropref:
1818 #endif
1819
1820 /*
1821 * This is tricky... we re-grab the geometry lock in order to drop
1822 * the reference and wake on the address; since the geometry
1823 * lock is a reader/writer lock rather than a mutex, we have to
1824 * wake on all apparent 1->0 transitions. This abuses the drop
1825 * after the reference decrement in order to wake any lck_rw_sleep()
1826 * in progress in sysctl_unregister_oid() that slept because of a
1827 * non-zero reference count.
1828 *
1829 * Note: OSAddAtomic() is defined to return the previous value;
1830 * we use this and the fact that the lock itself is a
1831 * barrier to avoid waking every time through on "hot"
1832 * OIDs.
1833 */
1834 lck_rw_lock_shared(&sysctl_geometry_lock);
1835
1836 if ((oid->oid_kind & CTLFLAG_PERMANENT) == 0) {
1837 if (OSAddAtomic(-1, &oid->oid_refcnt) == 1) {
1838 wakeup(&oid->oid_refcnt);
1839 }
1840 }
1841
1842 err:
1843 lck_rw_done(&sysctl_geometry_lock);
1844 return error;
1845 }
1846
1847 void
sysctl_create_user_req(struct sysctl_req * req,struct proc * p,user_addr_t oldp,size_t oldlen,user_addr_t newp,size_t newlen)1848 sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp,
1849 size_t oldlen, user_addr_t newp, size_t newlen)
1850 {
1851 bzero(req, sizeof(*req));
1852
1853 req->p = p;
1854
1855 req->oldlen = oldlen;
1856 req->oldptr = oldp;
1857
1858 if (newlen) {
1859 req->newlen = newlen;
1860 req->newptr = newp;
1861 }
1862
1863 req->oldfunc = sysctl_old_user;
1864 req->newfunc = sysctl_new_user;
1865 req->lock = 1;
1866
1867 return;
1868 }
1869
1870 int
sysctl(proc_t p,struct sysctl_args * uap,__unused int32_t * retval)1871 sysctl(proc_t p, struct sysctl_args *uap, __unused int32_t *retval)
1872 {
1873 int error, new_error;
1874 size_t oldlen = 0, newlen;
1875 int name[CTL_MAXNAME];
1876 struct sysctl_req req;
1877 char *namestring;
1878 size_t namestringlen = MAXPATHLEN;
1879
1880 /*
1881 * all top-level sysctl names are non-terminal
1882 */
1883 if (uap->namelen > CTL_MAXNAME || uap->namelen < 2) {
1884 return EINVAL;
1885 }
1886 error = copyin(uap->name, &name[0], uap->namelen * sizeof(int));
1887 if (error) {
1888 return error;
1889 }
1890
1891 AUDIT_ARG(ctlname, name, uap->namelen);
1892
1893 if (uap->newlen > SIZE_T_MAX) {
1894 return EINVAL;
1895 }
1896 newlen = (size_t)uap->newlen;
1897
1898 if (uap->oldlenp != USER_ADDR_NULL) {
1899 uint64_t oldlen64 = fuulong(uap->oldlenp);
1900
1901 /*
1902 * If more than 4G, clamp to 4G
1903 */
1904 if (oldlen64 > SIZE_T_MAX) {
1905 oldlen = SIZE_T_MAX;
1906 } else {
1907 oldlen = (size_t)oldlen64;
1908 }
1909 }
1910
1911 sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen);
1912
1913 /* Guess that longest length for the passed-in MIB, if we can be more aggressive than MAXPATHLEN */
1914 if (uap->namelen == 2) {
1915 if (name[0] == CTL_KERN && name[1] < KERN_MAXID) {
1916 namestringlen = 32; /* "kern.speculative_reads_disabled" */
1917 } else if (name[0] == CTL_HW && name[1] < HW_MAXID) {
1918 namestringlen = 32; /* "hw.cachelinesize_compat" */
1919 }
1920 }
1921
1922 namestring = (char *)kalloc_data(namestringlen, Z_WAITOK);
1923 if (!namestring) {
1924 oldlen = 0;
1925 goto err;
1926 }
1927
1928 error = userland_sysctl(FALSE, namestring, namestringlen, name, uap->namelen, &req, &oldlen);
1929
1930 kfree_data(namestring, namestringlen);
1931
1932 if ((error) && (error != ENOMEM)) {
1933 return error;
1934 }
1935
1936 err:
1937 if (uap->oldlenp != USER_ADDR_NULL) {
1938 /*
1939 * Only overwrite the old error value on a new error
1940 */
1941 new_error = suulong(uap->oldlenp, oldlen);
1942
1943 if (new_error) {
1944 error = new_error;
1945 }
1946 }
1947
1948 return error;
1949 }
1950
1951 // sysctlbyname is also exported as KPI to kexts
1952 // and the syscall name cannot conflict with it
1953 int
sys_sysctlbyname(proc_t p,struct sysctlbyname_args * uap,__unused int32_t * retval)1954 sys_sysctlbyname(proc_t p, struct sysctlbyname_args *uap, __unused int32_t *retval)
1955 {
1956 int error, new_error;
1957 size_t oldlen = 0, newlen;
1958 char *name;
1959 size_t namelen = 0;
1960 struct sysctl_req req;
1961 int oid[CTL_MAXNAME];
1962
1963 if (uap->namelen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */
1964 return ENAMETOOLONG;
1965 }
1966 namelen = (size_t)uap->namelen;
1967
1968 name = (char *)kalloc_data(namelen + 1, Z_WAITOK);
1969 if (!name) {
1970 return ENOMEM;
1971 }
1972
1973 error = copyin(uap->name, name, namelen);
1974 if (error) {
1975 kfree_data(name, namelen + 1);
1976 return error;
1977 }
1978 name[namelen] = '\0';
1979
1980 /* XXX
1981 * AUDIT_ARG(ctlname, name, uap->namelen);
1982 */
1983
1984 if (uap->newlen > SIZE_T_MAX) {
1985 kfree_data(name, namelen + 1);
1986 return EINVAL;
1987 }
1988 newlen = (size_t)uap->newlen;
1989
1990 if (uap->oldlenp != USER_ADDR_NULL) {
1991 uint64_t oldlen64 = fuulong(uap->oldlenp);
1992
1993 /*
1994 * If more than 4G, clamp to 4G
1995 */
1996 if (oldlen64 > SIZE_T_MAX) {
1997 oldlen = SIZE_T_MAX;
1998 } else {
1999 oldlen = (size_t)oldlen64;
2000 }
2001 }
2002
2003 sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen);
2004
2005 error = userland_sysctl(TRUE, name, namelen + 1, oid, CTL_MAXNAME, &req, &oldlen);
2006
2007 kfree_data(name, namelen + 1);
2008
2009 if ((error) && (error != ENOMEM)) {
2010 return error;
2011 }
2012
2013 if (uap->oldlenp != USER_ADDR_NULL) {
2014 /*
2015 * Only overwrite the old error value on a new error
2016 */
2017 new_error = suulong(uap->oldlenp, oldlen);
2018
2019 if (new_error) {
2020 error = new_error;
2021 }
2022 }
2023
2024 return error;
2025 }
2026
2027 /*
2028 * This is used from various compatibility syscalls too. That's why name
2029 * must be in kernel space.
2030 */
2031 int
userland_sysctl(boolean_t string_is_canonical,char * namestring,size_t namestringlen,int * name,u_int namelen,struct sysctl_req * req,size_t * retval)2032 userland_sysctl(boolean_t string_is_canonical,
2033 char *namestring, size_t namestringlen,
2034 int *name, u_int namelen, struct sysctl_req *req,
2035 size_t *retval)
2036 {
2037 int error = 0;
2038 struct sysctl_req req2;
2039
2040 do {
2041 /* if EAGAIN, reset output cursor */
2042 req2 = *req;
2043 if (!string_is_canonical) {
2044 namestring[0] = '\0';
2045 }
2046
2047 error = sysctl_root(FALSE, string_is_canonical, namestring, namestringlen, name, namelen, &req2);
2048 } while (error == EAGAIN);
2049
2050 if (error && error != ENOMEM) {
2051 return error;
2052 }
2053
2054 if (retval) {
2055 if (req2.oldptr && req2.oldidx > req2.oldlen) {
2056 *retval = req2.oldlen;
2057 } else {
2058 *retval = req2.oldidx;
2059 }
2060 }
2061 return error;
2062 }
2063
2064 /*
2065 * Kernel versions of the userland sysctl helper functions.
2066 *
2067 * These allow sysctl to be used in the same fashion in both
2068 * userland and the kernel.
2069 *
2070 * Note that some sysctl handlers use copyin/copyout, which
2071 * may not work correctly.
2072 *
2073 * The "sysctlbyname" KPI for use by kexts is aliased to this function.
2074 */
2075
2076 int
kernel_sysctlbyname(const char * name,void * oldp,size_t * oldlenp,void * newp,size_t newlen)2077 kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen)
2078 {
2079 int oid[CTL_MAXNAME];
2080 int name2mib_oid[2];
2081 int error;
2082 size_t oidlen;
2083
2084 /* look up the OID with magic service node */
2085 name2mib_oid[0] = 0;
2086 name2mib_oid[1] = 3;
2087
2088 oidlen = sizeof(oid);
2089 error = kernel_sysctl(current_proc(), name2mib_oid, 2, oid, &oidlen, __DECONST(void *, name), strlen(name));
2090 oidlen /= sizeof(int);
2091 if (oidlen > UINT_MAX) {
2092 error = EDOM;
2093 }
2094
2095 /* now use the OID */
2096 if (error == 0) {
2097 error = kernel_sysctl(current_proc(), oid, (u_int)oidlen, oldp, oldlenp, newp, newlen);
2098 }
2099 return error;
2100 }
2101
2102 int
2103 scalable_counter_sysctl_handler SYSCTL_HANDLER_ARGS
2104 {
2105 #pragma unused(arg2, oidp)
2106 scalable_counter_t counter = *(scalable_counter_t*) arg1;
2107 uint64_t value = counter_load(&counter);
2108 return SYSCTL_OUT(req, &value, sizeof(value));
2109 }
2110
2111 #define X(name, T) \
2112 int \
2113 experiment_factor_##name##_handler SYSCTL_HANDLER_ARGS \
2114 { \
2115 int error, changed = 0; \
2116 T *ptr; \
2117 T new_value, current_value; \
2118 struct experiment_spec *spec = (struct experiment_spec *) arg1; \
2119 if (!arg1) { \
2120 return EINVAL; \
2121 } \
2122 ptr = (T *)(spec->ptr); \
2123 current_value = *ptr; \
2124 error = sysctl_io_number(req, current_value, sizeof(T), &new_value, &changed); \
2125 if (error != 0) { \
2126 return error; \
2127 } \
2128 if (changed) { \
2129 if (new_value < (T) spec->min_value || new_value > (T) spec->max_value) { \
2130 return EINVAL; \
2131 } \
2132 if (os_atomic_cmpxchg(&spec->modified, false, true, acq_rel)) { \
2133 spec->original_value = current_value; \
2134 } \
2135 os_atomic_store_wide(ptr, new_value, relaxed); \
2136 } \
2137 return 0; \
2138 }
2139
2140 experiment_factor_numeric_types
2141 #undef X
2142
2143 #if DEBUG || DEVELOPMENT
2144 static int
2145 sysctl_test_handler SYSCTL_HANDLER_ARGS
2146 {
2147 int error;
2148 int64_t value, out = 0;
2149
2150 /* require setting this sysctl to prevent sysctl -a from running this */
2151 if (!req->newptr) {
2152 return EINVAL;
2153 }
2154
2155 if (req->newlen != sizeof(value)) {
2156 return ERANGE;
2157 }
2158
2159 error = SYSCTL_IN(req, &value, sizeof(value));
2160 if (error == 0) {
2161 /* call the test that was specified in SYSCTL_TEST_REGISTER */
2162 error = ((int (*)(int64_t, int64_t *))(uintptr_t)arg1)(value, &out);
2163 }
2164 if (error == 0) {
2165 error = SYSCTL_OUT(req, &out, sizeof(out));
2166 }
2167 return error;
2168 }
2169
2170 void
sysctl_register_test_startup(struct sysctl_test_setup_spec * spec)2171 sysctl_register_test_startup(struct sysctl_test_setup_spec *spec)
2172 {
2173 struct sysctl_oid *oid = zalloc_permanent_type(struct sysctl_oid);
2174
2175 *oid = (struct sysctl_oid){
2176 .oid_parent = &sysctl__debug_test_children,
2177 .oid_number = OID_AUTO,
2178 .oid_kind = CTLTYPE_QUAD | CTLFLAG_OID2 | CTLFLAG_WR |
2179 CTLFLAG_PERMANENT | CTLFLAG_LOCKED,
2180 .oid_arg1 = (void *)(uintptr_t)spec->st_func,
2181 .oid_name = spec->st_name,
2182 .oid_handler = sysctl_test_handler,
2183 .oid_fmt = "Q",
2184 .oid_version = SYSCTL_OID_VERSION,
2185 .oid_descr = "",
2186 };
2187 sysctl_register_oid_early(oid);
2188 }
2189
2190
2191 extern void vm_analytics_tick(void *arg0, void *arg1);
2192
2193 /* Manual trigger of vm_analytics_tick for testing on dev/debug kernel. */
2194 static int
2195 sysctl_vm_analytics_tick SYSCTL_HANDLER_ARGS
2196 {
2197 #pragma unused(arg1, arg2)
2198 int error, val = 0;
2199 error = sysctl_handle_int(oidp, &val, 0, req);
2200 if (error || !req->newptr) {
2201 return error;
2202 }
2203 vm_analytics_tick(NULL, NULL);
2204 return 0;
2205 }
2206
2207 SYSCTL_PROC(_vm, OID_AUTO, analytics_report, CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_LOCKED | CTLFLAG_MASKED, 0, 0, &sysctl_vm_analytics_tick, "I", "");
2208
2209 #endif /* DEBUG || DEVELOPMENT */
2210
2211
2212 CA_EVENT(ca_test_event,
2213 CA_INT, TestKey,
2214 CA_BOOL, TestBool,
2215 CA_STATIC_STRING(CA_UUID_LEN), TestString);
2216
2217 /*
2218 * Manual testing of sending a CoreAnalytics event
2219 */
2220 static int
2221 sysctl_test_ca_event SYSCTL_HANDLER_ARGS
2222 {
2223 #pragma unused(arg1, arg2)
2224 int error, val = 0;
2225 /*
2226 * Only send on write
2227 */
2228 error = sysctl_handle_int(oidp, &val, 0, req);
2229 if (error || !req->newptr) {
2230 return error;
2231 }
2232
2233 ca_event_t event = CA_EVENT_ALLOCATE(ca_test_event);
2234 CA_EVENT_TYPE(ca_test_event) * event_data = event->data;
2235 event_data->TestKey = val;
2236 event_data->TestBool = true;
2237 uuid_string_t test_str = "sysctl_test_ca_event";
2238 strlcpy(event_data->TestString, test_str, CA_UUID_LEN);
2239 CA_EVENT_SEND(event);
2240 return 0;
2241 }
2242
2243 SYSCTL_PROC(_kern, OID_AUTO, test_ca_event, CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_LOCKED | CTLFLAG_MASKED, 0, 0, &sysctl_test_ca_event, "I", "");
2244