1 /*
2 * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
29 /*
30 * Copyright (c) 1982, 1986, 1989, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. All advertising materials mentioning features or use of this software
42 * must display the following acknowledgement:
43 * This product includes software developed by the University of
44 * California, Berkeley and its contributors.
45 * 4. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)kern_xxx.c 8.2 (Berkeley) 11/14/93
62 */
63 /*
64 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
65 * support for mandatory and extensible security protections. This notice
66 * is included in support of clause 2.2 (b) of the Apple Public License,
67 * Version 2.0.
68 */
69
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/kernel.h>
73 #include <sys/proc_internal.h>
74 #include <sys/kauth.h>
75 #include <sys/reboot.h>
76 #include <sys/vm.h>
77 #include <sys/sysctl.h>
78 #include <sys/buf.h>
79
80 #include <security/audit/audit.h>
81
82 #include <sys/mount_internal.h>
83 #include <sys/sysproto.h>
84 #if CONFIG_MACF
85 #include <security/mac_framework.h>
86 #endif
87 #if CONFIG_ATM
88 #include <atm/atm_internal.h>
89 #endif
90
91 #include <kern/kalloc.h>
92 #include <kern/ext_paniclog.h>
93
94 #include <IOKit/IOBSD.h>
95
96 /* Max panic string length */
97 #define kPanicStringMaxLen 1024
98
99 extern int psem_cache_purge_all(void);
100 extern int pshm_cache_purge_all(void);
101 extern int pshm_cache_purge_uid(uid_t uid);
102 extern void reset_osvariant_status(void);
103 extern void reset_osreleasetype(void);
104
105 int
reboot(struct proc * p,struct reboot_args * uap,__unused int32_t * retval)106 reboot(struct proc *p, struct reboot_args *uap, __unused int32_t *retval)
107 {
108 char *message = NULL;
109 int error = 0;
110 size_t dummy = 0;
111 #if CONFIG_MACF
112 kauth_cred_t my_cred;
113 #endif
114
115 AUDIT_ARG(cmd, uap->opt);
116
117 if ((error = suser(kauth_cred_get(), &p->p_acflag))) {
118 #if (DEVELOPMENT || DEBUG)
119 if (uap->opt & RB_PANIC) {
120 /* clear 'error' to allow non-root users to call panic on dev/debug kernels */
121 error = 0;
122 } else {
123 return error;
124 }
125 #else
126 return error;
127 #endif
128 }
129
130 if (uap->opt & RB_PANIC && uap->msg != USER_ADDR_NULL) {
131 message = (char *)kalloc_data(kPanicStringMaxLen, Z_WAITOK | Z_ZERO);
132 if (!message) {
133 return ENOMEM;
134 }
135 int copy_error = copyinstr(uap->msg, (void *)message, kPanicStringMaxLen, (size_t *)&dummy);
136 if (copy_error != 0 && copy_error != ENAMETOOLONG) {
137 strncpy(message, "user space RB_PANIC message copyin failed", kPanicStringMaxLen - 1);
138 } else {
139 message[kPanicStringMaxLen - 1] = '\0';
140 }
141 }
142
143 #if CONFIG_MACF
144 #if (DEVELOPMENT || DEBUG)
145 if (uap->opt & RB_PANIC) {
146 /* on dev/debug kernels: allow anyone to call panic */
147 goto skip_cred_check;
148 }
149 #endif
150
151 my_cred = kauth_cred_proc_ref(p);
152 error = mac_system_check_reboot(my_cred, uap->opt);
153 kauth_cred_unref(&my_cred);
154 #if (DEVELOPMENT || DEBUG)
155 skip_cred_check:
156 #endif
157 #endif
158 if (!error) {
159 OSBitOrAtomic(P_REBOOT, &p->p_flag); /* No more signals for this proc */
160 error = reboot_kernel(uap->opt, message);
161 }
162
163 kfree_data(message, kPanicStringMaxLen);
164 return error;
165 }
166
167 int
sys_panic_with_data(struct proc * p,struct panic_with_data_args * uap,__unused int32_t * retval)168 sys_panic_with_data(struct proc *p,
169 struct panic_with_data_args *uap,
170 __unused int32_t *retval)
171 {
172 char *message = NULL;
173 void *data = NULL;
174 int copy_len = 0;
175 size_t dummy = 0;
176 uuid_t uuid = {0};
177
178 AUDIT_ARG(addr, uap->addr);
179 AUDIT_ARG(value32, uap->len);
180 AUDIT_ARG(addr, uap->uuid);
181
182 if (!IOCurrentTaskHasEntitlement(EXTPANICLOG_ENTITLEMENT)) {
183 return EPERM;
184 }
185
186 char *proc_name = proc_best_name(p);
187
188 if (uap->msg != USER_ADDR_NULL) {
189 message = (char *)kalloc_data(kPanicStringMaxLen, Z_WAITOK | Z_ZERO);
190 if (!message) {
191 goto finish;
192 }
193 int copy_error = copyinstr(uap->msg, (void *)message, kPanicStringMaxLen, (size_t *)&dummy);
194 if (copy_error != 0 && copy_error != ENAMETOOLONG) {
195 strlcpy(message, "user space panic_with_data message copyin failed", kPanicStringMaxLen - 1);
196 } else {
197 message[kPanicStringMaxLen - 1] = '\0';
198 }
199 }
200
201 if (uap->addr != USER_ADDR_NULL) {
202 copy_len = MIN(uap->len, PANIC_WITH_DATA_MAX_LEN);
203
204 data = kalloc_data(copy_len, Z_WAITOK | Z_ZERO);
205 if (!data) {
206 goto finish;
207 }
208
209 int copy_error = copyin(uap->addr, data, copy_len);
210 if (copy_error != 0) {
211 kfree_data(data, copy_len);
212 data = NULL;
213 }
214 }
215
216 if (uap->uuid != USER_ADDR_NULL) {
217 int copyerror = copyin(uap->uuid, &uuid[0], sizeof(uuid_t));
218 if (copyerror != 0) {
219 goto finish;
220 }
221 }
222
223 finish:
224 panic_with_data(uuid, data, copy_len,
225 "Panic called from Process: %s Message: %s", proc_name, message);
226 }
227
228 extern void OSKextResetAfterUserspaceReboot(void);
229 extern void zone_gc_drain(void);
230 extern uint64_t pmap_release_pages_fast(void);
231
232 static int
usrctl_full(void)233 usrctl_full(void)
234 {
235 reset_osvariant_status();
236 reset_osreleasetype();
237
238 #if CONFIG_ATM
239 atm_reset();
240 #endif
241
242 #if CONFIG_EXT_RESOLVER
243 /*
244 * We're doing a user space reboot. We are guaranteed that the
245 * external identity resolver is gone, so ensure that everything
246 * comes back up as with fresh-boot just in case it didn't go
247 * down cleanly.
248 */
249 kauth_resolver_identity_reset();
250 #endif /* CONFIG_EXT_RESOLVER */
251
252 OSKextResetAfterUserspaceReboot();
253 int shm_error = pshm_cache_purge_all();
254 int sem_error = psem_cache_purge_all();
255
256 zone_gc_drain();
257 pmap_release_pages_fast();
258
259 return shm_error != 0 ? shm_error : sem_error;
260 }
261
262 static int
usrctl_logout(uid_t uid)263 usrctl_logout(uid_t uid)
264 {
265 int shm_error = pshm_cache_purge_uid(uid);
266 /*
267 * Currently there is a requirement to purge some root-owned semaphores,
268 * and no use-case for preserving any. Just purge all of them.
269 */
270 int sem_error = psem_cache_purge_all();
271
272 /*
273 * Until rdar://78965143, kern.willuserspacereboot is set when logout begins
274 * so its effects need to be reset here, when logout completes.
275 */
276 OSKextResetAfterUserspaceReboot();
277
278 return shm_error != 0 ? shm_error : sem_error;
279 }
280
281 int
usrctl(struct proc * p,struct usrctl_args * uap,__unused int32_t * retval)282 usrctl(struct proc *p, struct usrctl_args *uap, __unused int32_t *retval)
283 {
284 if (p != initproc) {
285 return EPERM;
286 }
287
288 if (uap->flags == 0) {
289 return usrctl_full();
290 } else {
291 return usrctl_logout((uid_t)uap->flags);
292 }
293 }
294