1 /*
2 * Copyright (c) 2021-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <libkern/libkern.h>
30
31 #define VARIABLE_STORE_SIGNATURE 'NVV3'
32
33 // Variable Store Version
34 #define VARIABLE_STORE_VERSION 0x1
35
36 #define VARIABLE_DATA 0x55AA
37 #define INVALIDATED_VARIABLE_DATA 0x0000
38
39 // Variable State flags
40 #define VAR_IN_DELETED_TRANSITION 0xFE // Variable is in obsolete transistion
41 #define VAR_DELETED 0xFD // Variable is obsolete
42 #define VAR_INACTIVE 0xFB // Variable is inactive due to failing CRC
43 #define VAR_ADDED 0x7F // Variable has been completely added
44
45 // No changes needed on save
46 #define VAR_NEW_STATE_NONE 0x01
47 // Remove existing entry on save
48 #define VAR_NEW_STATE_REMOVE 0x02
49 // Add new value on save, mark previous as inactive
50 #define VAR_NEW_STATE_APPEND 0x03
51
52 #pragma pack(1)
53 struct v3_store_header {
54 uint32_t name;
55 uint32_t size;
56 uint32_t generation;
57 uint8_t state;
58 uint8_t flags;
59 uint8_t version;
60 uint8_t reserved1;
61 uint32_t system_size;
62 uint32_t common_size;
63 };
64
65 struct v3_var_header {
66 uint16_t startId;
67 uint8_t state;
68 uint8_t reserved;
69 uint32_t attributes;
70 uint32_t nameSize;
71 uint32_t dataSize;
72 uuid_t guid;
73 uint32_t crc;
74 uint8_t name_data_buf[];
75 };
76 #pragma pack()
77
78 struct nvram_v3_var_entry {
79 uint8_t new_state;
80 size_t existing_offset;
81 struct v3_var_header header;
82 };
83
84 static size_t
nvram_v3_var_container_size(const struct v3_var_header * header)85 nvram_v3_var_container_size(const struct v3_var_header *header)
86 {
87 return sizeof(struct nvram_v3_var_entry) + header->nameSize + header->dataSize;
88 }
89
90 static size_t
variable_length(const struct v3_var_header * header)91 variable_length(const struct v3_var_header *header)
92 {
93 return sizeof(struct v3_var_header) + header->nameSize + header->dataSize;
94 }
95
96 static bool
valid_store_header(const struct v3_store_header * header)97 valid_store_header(const struct v3_store_header *header)
98 {
99 return (header->name == VARIABLE_STORE_SIGNATURE) && (header->version == VARIABLE_STORE_VERSION);
100 }
101
102 static bool
valid_variable_header(const struct v3_var_header * header,size_t buf_len)103 valid_variable_header(const struct v3_var_header *header, size_t buf_len)
104 {
105 return (buf_len > sizeof(struct v3_var_header)) &&
106 (header->startId == VARIABLE_DATA) &&
107 (variable_length(header) <= buf_len);
108 }
109
110 static uint32_t
find_active_var_in_image(const struct v3_var_header * var,const uint8_t * image,uint32_t offset,uint32_t len)111 find_active_var_in_image(const struct v3_var_header *var, const uint8_t *image, uint32_t offset, uint32_t len)
112 {
113 const struct v3_var_header *store_var;
114 uint32_t var_offset = 0;
115
116 while ((offset + sizeof(struct v3_var_header) < len)) {
117 store_var = (const struct v3_var_header *)(image + offset);
118
119 if (valid_variable_header(store_var, len - offset)) {
120 if ((store_var->state == VAR_ADDED) &&
121 (uuid_compare(var->guid, store_var->guid) == 0) &&
122 (var->nameSize == store_var->nameSize) &&
123 (memcmp(var->name_data_buf, store_var->name_data_buf, var->nameSize) == 0)) {
124 var_offset = offset;
125 break;
126 }
127 } else {
128 break;
129 }
130
131 offset += variable_length(store_var);
132 }
133
134 return var_offset;
135 }
136
137 static IOReturn
find_current_offset_in_image(const uint8_t * image,uint32_t len,uint32_t * newOffset)138 find_current_offset_in_image(const uint8_t *image, uint32_t len, uint32_t *newOffset)
139 {
140 uint32_t offset = 0;
141 uint32_t inner_offset = 0;
142
143 if (valid_store_header((const struct v3_store_header *)(image + offset))) {
144 DEBUG_INFO("valid store header @ %#x\n", offset);
145 offset += sizeof(struct v3_store_header);
146 }
147
148 while (offset < len) {
149 const struct v3_var_header *store_var = (const struct v3_var_header *)(image + offset);
150 uuid_string_t uuidString;
151
152 if (valid_variable_header(store_var, len - offset)) {
153 uuid_unparse(store_var->guid, uuidString);
154 DEBUG_INFO("Valid var @ %#08x, state=%#02x, length=%#08zx, %s:%s\n", offset, store_var->state,
155 variable_length(store_var), uuidString, store_var->name_data_buf);
156 offset += variable_length(store_var);
157 } else {
158 break;
159 }
160 }
161
162 while (offset < len) {
163 if (image[offset] == 0xFF) {
164 DEBUG_INFO("scanning for clear memory @ %#x\n", offset);
165
166 inner_offset = offset;
167
168 while ((inner_offset < len) && (image[inner_offset] == 0xFF)) {
169 inner_offset++;
170 }
171
172 if (inner_offset == len) {
173 DEBUG_INFO("found start of clear mem @ %#x\n", offset);
174 break;
175 } else {
176 DEBUG_ERROR("ERROR!!!!! found non-clear byte @ %#x\n", offset);
177 return kIOReturnInvalid;
178 }
179 }
180 offset++;
181 }
182
183 *newOffset = offset;
184
185 return kIOReturnSuccess;
186 }
187
188 class IONVRAMV3Handler : public IODTNVRAMFormatHandler, IOTypedOperatorsMixin<IONVRAMV3Handler>
189 {
190 private:
191 IONVRAMController *_nvramController;
192 IODTNVRAM *_provider;
193
194 bool _newData;
195 bool _resetData;
196 bool _reload;
197
198 bool _rawController;
199
200 uint32_t _generation;
201
202 uint8_t *_nvramImage;
203
204 OSSharedPtr<OSDictionary> &_varDict;
205
206 uint32_t _commonSize;
207 uint32_t _systemSize;
208
209 uint32_t _commonUsed;
210 uint32_t _systemUsed;
211
212 uint32_t _currentOffset;
213
214 OSSharedPtr<OSArray> _varEntries;
215
216 IOReturn unserializeImage(const uint8_t *image, IOByteCount length);
217 IOReturn reclaim(void);
218 uint32_t findCurrentBank(void);
219 size_t getAppendSize(void);
220
221 static bool convertObjectToProp(uint8_t *buffer, uint32_t *length, const char *propSymbol, OSObject *propObject);
222 static bool convertPropToObject(const uint8_t *propName, uint32_t propNameLength, const uint8_t *propData, uint32_t propDataLength,
223 OSSharedPtr<const OSSymbol>& propSymbol, OSSharedPtr<OSObject>& propObject);
224
225 IOReturn reloadInternal(void);
226 IOReturn setVariableInternal(const uuid_t varGuid, const char *variableName, OSObject *object);
227
228 void setEntryForRemove(struct nvram_v3_var_entry *v3Entry, bool system);
229 void findExistingEntry(const uuid_t varGuid, const char *varName, struct nvram_v3_var_entry **existing, unsigned int *existingIndex);
230 IOReturn syncRaw(void);
231 IOReturn syncBlock(void);
232
233 public:
234 virtual
235 ~IONVRAMV3Handler() APPLE_KEXT_OVERRIDE;
236 IONVRAMV3Handler(OSSharedPtr<OSDictionary> &varDict);
237
238 static bool isValidImage(const uint8_t *image, IOByteCount length);
239
240 static IONVRAMV3Handler *init(IODTNVRAM *provider, const uint8_t *image, IOByteCount length,
241 OSSharedPtr<OSDictionary> &varDict);
242
243 virtual bool getNVRAMProperties(void) APPLE_KEXT_OVERRIDE;
244 virtual IOReturn unserializeVariables(void) APPLE_KEXT_OVERRIDE;
245 virtual IOReturn setVariable(const uuid_t varGuid, const char *variableName, OSObject *object) APPLE_KEXT_OVERRIDE;
246 virtual bool setController(IONVRAMController *controller) APPLE_KEXT_OVERRIDE;
247 virtual IOReturn sync(void) APPLE_KEXT_OVERRIDE;
248 virtual IOReturn flush(const uuid_t guid, IONVRAMOperation op) APPLE_KEXT_OVERRIDE;
249 virtual void reload(void) APPLE_KEXT_OVERRIDE;
250 virtual uint32_t getGeneration(void) const APPLE_KEXT_OVERRIDE;
251 virtual uint32_t getVersion(void) const APPLE_KEXT_OVERRIDE;
252 virtual uint32_t getSystemUsed(void) const APPLE_KEXT_OVERRIDE;
253 virtual uint32_t getCommonUsed(void) const APPLE_KEXT_OVERRIDE;
254 virtual bool getSystemPartitionActive(void) const APPLE_KEXT_OVERRIDE;
255 };
256
~IONVRAMV3Handler()257 IONVRAMV3Handler::~IONVRAMV3Handler()
258 {
259 }
260
IONVRAMV3Handler(OSSharedPtr<OSDictionary> & varDict)261 IONVRAMV3Handler::IONVRAMV3Handler(OSSharedPtr<OSDictionary> &varDict) :
262 _varDict(varDict)
263 {
264 }
265
266 bool
isValidImage(const uint8_t * image,IOByteCount length)267 IONVRAMV3Handler::isValidImage(const uint8_t *image, IOByteCount length)
268 {
269 const struct v3_store_header *header = (const struct v3_store_header *)image;
270
271 if ((header == nullptr) || (length < sizeof(*header))) {
272 return false;
273 }
274
275 return valid_store_header(header);
276 }
277
278 IONVRAMV3Handler*
init(IODTNVRAM * provider,const uint8_t * image,IOByteCount length,OSSharedPtr<OSDictionary> & varDict)279 IONVRAMV3Handler::init(IODTNVRAM *provider, const uint8_t *image, IOByteCount length,
280 OSSharedPtr<OSDictionary> &varDict)
281 {
282 OSSharedPtr<IORegistryEntry> entry;
283 OSSharedPtr<OSObject> prop;
284 bool propertiesOk;
285
286 IONVRAMV3Handler *handler = new IONVRAMV3Handler(varDict);
287
288 handler->_provider = provider;
289
290 propertiesOk = handler->getNVRAMProperties();
291 require_action(propertiesOk, exit, DEBUG_ERROR("Unable to get NVRAM properties\n"));
292
293 require_action(length == handler->_bankSize, exit, DEBUG_ERROR("length %#llx != _bankSize %#x\n", length, handler->_bankSize));
294
295 if ((image != nullptr) && (length != 0)) {
296 if (handler->unserializeImage(image, length) != kIOReturnSuccess) {
297 DEBUG_ERROR("Unable to unserialize image, len=%#x\n", (unsigned int)length);
298 }
299 }
300
301 return handler;
302
303 exit:
304 delete handler;
305
306 return nullptr;
307 }
308
309 bool
getNVRAMProperties()310 IONVRAMV3Handler::getNVRAMProperties()
311 {
312 bool ok = false;
313 const char *rawControllerKey = "nvram-raw";
314 OSSharedPtr<IORegistryEntry> entry;
315 OSSharedPtr<OSObject> prop;
316 OSData * data;
317
318 require_action(IODTNVRAMFormatHandler::getNVRAMProperties(), exit, DEBUG_ERROR("parent getNVRAMProperties failed\n"));
319
320 entry = IORegistryEntry::fromPath("/chosen", gIODTPlane);
321 require_action(entry, exit, DEBUG_ERROR("Unable to find chosen node\n"));
322
323 prop = entry->copyProperty(rawControllerKey);
324 require_action(prop != nullptr, exit, DEBUG_ERROR("No %s entry\n", rawControllerKey));
325
326 data = OSDynamicCast(OSData, prop.get());
327 require(data != nullptr, exit);
328
329 _rawController = *((uint32_t*)data->getBytesNoCopy());
330 DEBUG_INFO("_rawController = %d\n", _rawController);
331
332 ok = true;
333
334 exit:
335 return ok;
336 }
337
338 IOReturn
flush(const uuid_t guid,IONVRAMOperation op)339 IONVRAMV3Handler::flush(const uuid_t guid, IONVRAMOperation op)
340 {
341 IOReturn ret = kIOReturnSuccess;
342 bool flushSystem;
343 bool flushCommon;
344
345 flushSystem = getSystemPartitionActive() && (uuid_compare(guid, gAppleSystemVariableGuid) == 0);
346 flushCommon = uuid_compare(guid, gAppleNVRAMGuid) == 0;
347
348 DEBUG_INFO("flushSystem=%d, flushCommon=%d\n", flushSystem, flushCommon);
349
350 if (flushSystem || flushCommon) {
351 const OSSymbol *canonicalKey;
352 OSSharedPtr<OSDictionary> dictCopy;
353 OSSharedPtr<OSCollectionIterator> iter;
354 uuid_string_t uuidString;
355
356 dictCopy = OSDictionary::withDictionary(_varDict.get());
357 iter = OSCollectionIterator::withCollection(dictCopy.get());
358 require_action(dictCopy && iter, exit, ret = kIOReturnNoMemory);
359
360 while ((canonicalKey = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
361 const char *varName;
362 uuid_t varGuid;
363 bool clear;
364
365 parseVariableName(canonicalKey->getCStringNoCopy(), &varGuid, &varName);
366
367 uuid_unparse(varGuid, uuidString);
368
369 clear = ((flushSystem && (uuid_compare(varGuid, gAppleSystemVariableGuid) == 0)) ||
370 (flushCommon && (uuid_compare(varGuid, gAppleSystemVariableGuid) != 0))) &&
371 verifyPermission(op, varGuid, varName, getSystemPartitionActive());
372
373 if (clear) {
374 DEBUG_INFO("Clearing entry for %s:%s\n", uuidString, varName);
375 setVariableInternal(varGuid, varName, nullptr);
376 } else {
377 DEBUG_INFO("Keeping entry for %s:%s\n", uuidString, varName);
378 }
379 }
380
381 _newData = true;
382 }
383
384 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
385
386 exit:
387 return ret;
388 }
389
390 IOReturn
reloadInternal(void)391 IONVRAMV3Handler::reloadInternal(void)
392 {
393 IOReturn ret;
394 uint32_t controllerBank;
395 uint8_t *controllerImage;
396 struct nvram_v3_var_entry *v3Entry;
397 const struct v3_store_header *storeHeader;
398 const struct v3_var_header *storeVar;
399 OSData *entryContainer;
400
401 controllerBank = findCurrentBank();
402
403 if (_currentBank != controllerBank) {
404 DEBUG_ERROR("_currentBank %#x != controllerBank %#x", _currentBank, controllerBank);
405 }
406
407 _currentBank = controllerBank;
408
409 controllerImage = (uint8_t *)IOMallocData(_bankSize);
410
411 _nvramController->select(_currentBank);
412 _nvramController->read(0, controllerImage, _bankSize);
413
414 require_action(isValidImage(controllerImage, _bankSize), exit,
415 (ret = kIOReturnInvalid, DEBUG_ERROR("Invalid image at bank %d\n", _currentBank)));
416
417 DEBUG_INFO("valid image found\n");
418
419 storeHeader = (const struct v3_store_header *)controllerImage;
420
421 _generation = storeHeader->generation;
422
423 // We must sync any existing variables offset on the controller image with our internal representation
424 // If we find an existing entry and the data is still the same we record the existing offset and mark it
425 // as VAR_NEW_STATE_NONE meaning no action needed
426 // Otherwise if the data is different or it is not found on the controller image we mark it as VAR_NEW_STATE_APPEND
427 // which will have us invalidate the existing entry if there is one and append it on the next save
428 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
429 uint32_t offset = sizeof(struct v3_store_header);
430 uint32_t latestOffset;
431 uint32_t prevOffset = 0;
432
433 entryContainer = (OSDynamicCast(OSData, _varEntries->getObject(i)));
434 v3Entry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
435
436 DEBUG_INFO("Looking for %s\n", v3Entry->header.name_data_buf);
437 while ((latestOffset = find_active_var_in_image(&v3Entry->header, controllerImage, offset, _bankSize))) {
438 DEBUG_INFO("Found offset for %s @ %#08x\n", v3Entry->header.name_data_buf, latestOffset);
439 if (prevOffset) {
440 DEBUG_INFO("Marking prev offset for %s at %#08x invalid\n", v3Entry->header.name_data_buf, offset);
441 // Invalidate any previous duplicate entries in the store
442 struct v3_var_header *prevVarHeader = (struct v3_var_header *)(controllerImage + prevOffset);
443 uint8_t state = prevVarHeader->state & VAR_DELETED & VAR_IN_DELETED_TRANSITION;
444
445 ret = _nvramController->write(prevOffset + offsetof(struct v3_var_header, state), &state, sizeof(state));
446 require_noerr_action(ret, exit, DEBUG_ERROR("existing state w fail, ret=%#x\n", ret));
447 }
448
449 prevOffset = latestOffset;
450 offset += latestOffset;
451 }
452
453 v3Entry->existing_offset = latestOffset ? latestOffset : prevOffset;
454 DEBUG_INFO("Existing offset for %s at %#08zx\n", v3Entry->header.name_data_buf, v3Entry->existing_offset);
455
456 if (v3Entry->existing_offset == 0) {
457 DEBUG_ERROR("%s is not in the NOR image\n", v3Entry->header.name_data_buf);
458 if (v3Entry->new_state != VAR_NEW_STATE_REMOVE) {
459 DEBUG_INFO("%s marked for append\n", v3Entry->header.name_data_buf);
460 // Doesn't exist in the store, just append it on next sync
461 v3Entry->new_state = VAR_NEW_STATE_APPEND;
462 }
463 } else {
464 DEBUG_INFO("Found offset for %s @ %#zx\n", v3Entry->header.name_data_buf, v3Entry->existing_offset);
465 storeVar = (const struct v3_var_header *)&controllerImage[v3Entry->existing_offset];
466
467 if (v3Entry->new_state != VAR_NEW_STATE_REMOVE) {
468 // Verify that the existing data matches the store data
469 if ((variable_length(&v3Entry->header) == variable_length(storeVar)) &&
470 (memcmp(v3Entry->header.name_data_buf, storeVar->name_data_buf, storeVar->nameSize + storeVar->dataSize) == 0)) {
471 DEBUG_INFO("Store var data for %s matches, marking new state none\n", v3Entry->header.name_data_buf);
472 v3Entry->new_state = VAR_NEW_STATE_NONE;
473 } else {
474 DEBUG_INFO("Store var data for %s differs, marking new state append\n", v3Entry->header.name_data_buf);
475 v3Entry->new_state = VAR_NEW_STATE_APPEND;
476 }
477 } else {
478 // Store has entry but it has been removed from our collection, keep it marked for delete but with updated
479 // existing_offset for coherence
480 DEBUG_INFO("Removing entry at %#08zx with next sync\n", v3Entry->existing_offset);
481 }
482 }
483 }
484
485 ret = find_current_offset_in_image(controllerImage, _bankSize, &_currentOffset);
486 if (ret != kIOReturnSuccess) {
487 DEBUG_ERROR("Unidentified bytes in image, reclaiming\n");
488 ret = reclaim();
489 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim byte recovery failed, invalid controller state!!! ret=%#x\n", ret));
490 }
491 DEBUG_INFO("New _currentOffset=%#x\n", _currentOffset);
492
493 exit:
494 IOFreeData(controllerImage, _bankSize);
495 return ret;
496 }
497
498 void
reload(void)499 IONVRAMV3Handler::reload(void)
500 {
501 _reload = true;
502
503 DEBUG_INFO("reload marked\n");
504 }
505
506 void
setEntryForRemove(struct nvram_v3_var_entry * v3Entry,bool system)507 IONVRAMV3Handler::setEntryForRemove(struct nvram_v3_var_entry *v3Entry, bool system)
508 {
509 OSSharedPtr<const OSSymbol> canonicalKey;
510 const char *variableName;
511 uint32_t variableSize;
512
513 require_action(v3Entry != nullptr, exit, DEBUG_INFO("remove with no entry\n"));
514
515 variableName = (const char *)v3Entry->header.name_data_buf;
516 variableSize = (uint32_t)variable_length(&v3Entry->header);
517 canonicalKey = keyWithGuidAndCString(v3Entry->header.guid, variableName);
518
519 if (v3Entry->new_state == VAR_NEW_STATE_REMOVE) {
520 DEBUG_INFO("entry %s already marked for remove\n", variableName);
521 } else {
522 DEBUG_INFO("marking entry %s for remove\n", variableName);
523
524 v3Entry->new_state = VAR_NEW_STATE_REMOVE;
525
526 _provider->_varDict->removeObject(canonicalKey.get());
527
528 if (system) {
529 if (_systemUsed < variableSize) {
530 panic("Invalid _systemUsed size\n");
531 }
532 _systemUsed -= variableSize;
533 } else {
534 if (_commonUsed < variableSize) {
535 panic("Invalid _commonUsed size\n");
536 }
537 _commonUsed -= variableSize;
538 }
539
540 if (_provider->_diags) {
541 _provider->_diags->logVariable(getPartitionTypeForGUID(v3Entry->header.guid),
542 kIONVRAMOperationDelete,
543 variableName,
544 nullptr);
545 }
546 }
547
548 exit:
549 return;
550 }
551
552 void
findExistingEntry(const uuid_t varGuid,const char * varName,struct nvram_v3_var_entry ** existing,unsigned int * existingIndex)553 IONVRAMV3Handler::findExistingEntry(const uuid_t varGuid, const char *varName, struct nvram_v3_var_entry **existing, unsigned int *existingIndex)
554 {
555 struct nvram_v3_var_entry *v3Entry = nullptr;
556 OSData *entryContainer = nullptr;
557 unsigned int index = 0;
558 uint32_t nameLen = (uint32_t)strlen(varName) + 1;
559
560 for (index = 0; index < _varEntries->getCount(); index++) {
561 entryContainer = (OSDynamicCast(OSData, _varEntries->getObject(index)));
562 v3Entry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
563
564 if ((v3Entry->header.nameSize == nameLen) &&
565 (memcmp(v3Entry->header.name_data_buf, varName, nameLen) == 0)) {
566 if (varGuid) {
567 if (uuid_compare(varGuid, v3Entry->header.guid) == 0) {
568 uuid_string_t uuidString;
569 uuid_unparse(varGuid, uuidString);
570 DEBUG_INFO("found existing entry for %s:%s, e_off=%#lx, len=%#lx, new_state=%#x\n", uuidString, varName,
571 v3Entry->existing_offset, variable_length(&v3Entry->header), v3Entry->new_state);
572 break;
573 }
574 } else {
575 DEBUG_INFO("found existing entry for %s, e_off=%#lx, len=%#lx\n", varName, v3Entry->existing_offset, variable_length(&v3Entry->header));
576 break;
577 }
578 }
579
580 v3Entry = nullptr;
581 }
582
583 if (v3Entry != nullptr) {
584 if (existing) {
585 *existing = v3Entry;
586 }
587
588 if (existingIndex) {
589 *existingIndex = index;
590 }
591 }
592 }
593
594 IOReturn
unserializeImage(const uint8_t * image,IOByteCount length)595 IONVRAMV3Handler::unserializeImage(const uint8_t *image, IOByteCount length)
596 {
597 IOReturn ret = kIOReturnInvalid;
598 const struct v3_store_header *storeHeader;
599
600 require(isValidImage(image, length), exit);
601
602 storeHeader = (const struct v3_store_header *)image;
603 require_action(storeHeader->size == (uint32_t)length, exit,
604 DEBUG_ERROR("Image size %#x != header size %#x\n", (unsigned int)length, storeHeader->size));
605
606 _generation = storeHeader->generation;
607 _systemSize = storeHeader->system_size;
608 _commonSize = storeHeader->common_size - sizeof(struct v3_store_header);
609
610 _systemUsed = 0;
611 _commonUsed = 0;
612
613 if (_nvramImage) {
614 IOFreeData(_nvramImage, _bankSize);
615 }
616
617 _varEntries.reset();
618 _varEntries = OSArray::withCapacity(40);
619
620 _nvramImage = IONewData(uint8_t, length);
621 _bankSize = (uint32_t)length;
622 bcopy(image, _nvramImage, _bankSize);
623
624 ret = kIOReturnSuccess;
625
626 exit:
627 return ret;
628 }
629
630 IOReturn
unserializeVariables(void)631 IONVRAMV3Handler::unserializeVariables(void)
632 {
633 IOReturn ret = kIOReturnSuccess;
634 OSSharedPtr<const OSSymbol> propSymbol;
635 OSSharedPtr<OSObject> propObject;
636 OSSharedPtr<OSData> entryContainer;
637 struct nvram_v3_var_entry *v3Entry;
638 const struct v3_var_header *header;
639 size_t offset = sizeof(struct v3_store_header);
640 uint32_t crc;
641 unsigned int i;
642 bool system;
643 uuid_string_t uuidString;
644 size_t existingSize;
645
646 if (_systemSize || _commonSize) {
647 _varDict = OSDictionary::withCapacity(1);
648 }
649
650 while ((offset + sizeof(struct v3_var_header)) < _bankSize) {
651 struct nvram_v3_var_entry *existingEntry = nullptr;
652 unsigned int existingIndex = 0;
653
654 header = (const struct v3_var_header *)(_nvramImage + offset);
655
656 for (i = 0; i < sizeof(struct v3_var_header); i++) {
657 if ((_nvramImage[offset + i] != 0) && (_nvramImage[offset + i] != 0xFF)) {
658 break;
659 }
660 }
661
662 if (i == sizeof(struct v3_var_header)) {
663 DEBUG_INFO("No more variables after offset %#lx\n", offset);
664 break;
665 }
666
667 if (!valid_variable_header(header, _bankSize - offset)) {
668 DEBUG_ERROR("invalid header @ %#lx\n", offset);
669 offset += sizeof(struct v3_var_header);
670 continue;
671 }
672
673 uuid_unparse(header->guid, uuidString);
674 DEBUG_INFO("Valid var @ %#08zx, state=%#02x, length=%#08zx, %s:%s\n", offset, header->state,
675 variable_length(header), uuidString, header->name_data_buf);
676
677 if (header->state != VAR_ADDED) {
678 goto skip;
679 }
680
681 crc = crc32(0, header->name_data_buf + header->nameSize, header->dataSize);
682
683 if (crc != header->crc) {
684 DEBUG_ERROR("invalid crc @ %#lx, calculated=%#x, read=%#x\n", offset, crc, header->crc);
685 goto skip;
686 }
687
688 v3Entry = (struct nvram_v3_var_entry *)IOMallocZeroData(nvram_v3_var_container_size(header));
689 __nochk_memcpy(&v3Entry->header, _nvramImage + offset, variable_length(header));
690
691 // It is assumed that the initial image being unserialized here is going to be the proxy data from EDT and not the image
692 // read from the controller, which for various reasons due to the setting of states and saves from iBoot, can be
693 // different. We will have an initial existing_offset of 0 and once the controller is set we will read
694 // out the image there and update the existing offset with what is present on the NOR image
695 v3Entry->existing_offset = 0;
696 v3Entry->new_state = VAR_NEW_STATE_NONE;
697
698 // safe guard for any strange duplicate entries in the store
699 findExistingEntry(v3Entry->header.guid, (const char *)v3Entry->header.name_data_buf, &existingEntry, &existingIndex);
700
701 if (existingEntry != nullptr) {
702 existingSize = variable_length(&existingEntry->header);
703
704 entryContainer = OSData::withBytes(v3Entry, (uint32_t)nvram_v3_var_container_size(header));
705 _varEntries->replaceObject(existingIndex, entryContainer.get());
706
707 DEBUG_INFO("Found existing for %s, resetting when controller available\n", v3Entry->header.name_data_buf);
708 _resetData = true;
709 } else {
710 entryContainer = OSData::withBytes(v3Entry, (uint32_t)nvram_v3_var_container_size(header));
711 _varEntries->setObject(entryContainer.get());
712 existingSize = 0;
713 }
714
715 system = (_systemSize != 0) && (uuid_compare(v3Entry->header.guid, gAppleSystemVariableGuid) == 0);
716 if (system) {
717 _systemUsed = _systemUsed + (uint32_t)variable_length(header) - (uint32_t)existingSize;
718 } else {
719 _commonUsed = _commonUsed + (uint32_t)variable_length(header) - (uint32_t)existingSize;
720 }
721
722 if (convertPropToObject(v3Entry->header.name_data_buf, v3Entry->header.nameSize,
723 v3Entry->header.name_data_buf + v3Entry->header.nameSize, v3Entry->header.dataSize,
724 propSymbol, propObject)) {
725 OSSharedPtr<const OSSymbol> canonicalKey = keyWithGuidAndCString(v3Entry->header.guid, (const char *)v3Entry->header.name_data_buf);
726
727 DEBUG_INFO("adding %s, dataLength=%u, system=%d\n",
728 canonicalKey->getCStringNoCopy(), v3Entry->header.dataSize, system);
729
730 _varDict->setObject(canonicalKey.get(), propObject.get());
731
732 if (_provider->_diags) {
733 _provider->_diags->logVariable(getPartitionTypeForGUID(v3Entry->header.guid),
734 kIONVRAMOperationInit, propSymbol.get()->getCStringNoCopy(),
735 (void *)(uintptr_t)(header->name_data_buf + header->nameSize));
736 }
737 }
738 IOFreeData(v3Entry, nvram_v3_var_container_size(header));
739 skip:
740 offset += variable_length(header);
741 }
742
743 _currentOffset = (uint32_t)offset;
744
745 DEBUG_ALWAYS("_commonSize %#x, _systemSize %#x, _currentOffset %#x\n", _commonSize, _systemSize, _currentOffset);
746 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
747
748 _newData = true;
749
750 if (_provider->_diags) {
751 OSSharedPtr<OSNumber> val = OSNumber::withNumber(getSystemUsed(), 32);
752 _provider->_diags->setProperty(kNVRAMSystemUsedKey, val.get());
753 DEBUG_INFO("%s=%u\n", kNVRAMSystemUsedKey, getSystemUsed());
754
755 val = OSNumber::withNumber(getCommonUsed(), 32);
756 _provider->_diags->setProperty(kNVRAMCommonUsedKey, val.get());
757 DEBUG_INFO("%s=%u\n", kNVRAMCommonUsedKey, getCommonUsed());
758 }
759
760 return ret;
761 }
762
763 IOReturn
setVariableInternal(const uuid_t varGuid,const char * variableName,OSObject * object)764 IONVRAMV3Handler::setVariableInternal(const uuid_t varGuid, const char *variableName, OSObject *object)
765 {
766 struct nvram_v3_var_entry *v3Entry = nullptr;
767 struct nvram_v3_var_entry *newV3Entry;
768 OSSharedPtr<OSData> newContainer;
769 OSSharedPtr<const OSSymbol> canonicalKey;
770 bool unset = (object == nullptr);
771 bool system = false;
772 IOReturn ret = kIOReturnSuccess;
773 size_t entryNameLen = strlen(variableName) + 1;
774 unsigned int existingEntryIndex;
775 uint32_t dataSize = 0;
776 size_t existingVariableSize = 0;
777 size_t newVariableSize = 0;
778 size_t newEntrySize;
779 uuid_string_t uuidString;
780
781 system = (uuid_compare(varGuid, gAppleSystemVariableGuid) == 0);
782 canonicalKey = keyWithGuidAndCString(varGuid, variableName);
783
784 uuid_unparse(varGuid, uuidString);
785 DEBUG_INFO("setting %s:%s, system=%d, current var count=%u\n", uuidString, variableName, system, _varEntries->getCount());
786
787 findExistingEntry(varGuid, variableName, &v3Entry, &existingEntryIndex);
788
789 if (unset == true) {
790 setEntryForRemove(v3Entry, system);
791 } else {
792 if ((v3Entry != nullptr) && (v3Entry->new_state != VAR_NEW_STATE_REMOVE)) {
793 // Sizing was subtracted in setEntryForRemove
794 existingVariableSize = variable_length(&v3Entry->header);
795 }
796
797 convertObjectToProp(nullptr, &dataSize, variableName, object);
798
799 newVariableSize = sizeof(struct v3_var_header) + entryNameLen + dataSize;
800 newEntrySize = sizeof(struct nvram_v3_var_entry) + entryNameLen + dataSize;
801
802 if (system) {
803 if (_systemUsed - existingVariableSize + newVariableSize > _systemSize) {
804 DEBUG_ERROR("system region full\n");
805 ret = kIOReturnNoSpace;
806 goto exit;
807 }
808 } else if (_commonUsed - existingVariableSize + newVariableSize > _commonSize) {
809 DEBUG_ERROR("common region full\n");
810 ret = kIOReturnNoSpace;
811 goto exit;
812 }
813
814 DEBUG_INFO("creating new entry for %s, existingVariableSize=%#zx, newVariableSize=%#zx\n", variableName, existingVariableSize, newVariableSize);
815 newV3Entry = (struct nvram_v3_var_entry *)IOMallocZeroData(newEntrySize);
816
817 memcpy(newV3Entry->header.name_data_buf, variableName, entryNameLen);
818 convertObjectToProp(newV3Entry->header.name_data_buf + entryNameLen, &dataSize, variableName, object);
819
820 newV3Entry->header.startId = VARIABLE_DATA;
821 newV3Entry->header.nameSize = (uint32_t)entryNameLen;
822 newV3Entry->header.dataSize = dataSize;
823 newV3Entry->header.crc = crc32(0, newV3Entry->header.name_data_buf + entryNameLen, dataSize);
824 memcpy(newV3Entry->header.guid, varGuid, sizeof(gAppleNVRAMGuid));
825 newV3Entry->new_state = VAR_NEW_STATE_APPEND;
826
827 if (v3Entry) {
828 newV3Entry->existing_offset = v3Entry->existing_offset;
829 newV3Entry->header.state = v3Entry->header.state;
830 newV3Entry->header.attributes = v3Entry->header.attributes;
831
832 newContainer = OSData::withBytes(newV3Entry, (uint32_t)newEntrySize);
833 _varEntries->replaceObject(existingEntryIndex, newContainer.get());
834 } else {
835 newContainer = OSData::withBytes(newV3Entry, (uint32_t)newEntrySize);
836 _varEntries->setObject(newContainer.get());
837 }
838
839 if (system) {
840 _systemUsed = _systemUsed + (uint32_t)newVariableSize - (uint32_t)existingVariableSize;
841 } else {
842 _commonUsed = _commonUsed + (uint32_t)newVariableSize - (uint32_t)existingVariableSize;
843 }
844
845 _varDict->setObject(canonicalKey.get(), object);
846
847 if (_provider->_diags) {
848 _provider->_diags->logVariable(getPartitionTypeForGUID(varGuid),
849 kIONVRAMOperationWrite, variableName,
850 (void *)(uintptr_t)dataSize);
851 }
852
853 IOFreeData(newV3Entry, newEntrySize);
854 }
855
856 exit:
857 _newData = true;
858
859 if (_provider->_diags) {
860 OSSharedPtr<OSNumber> val = OSNumber::withNumber(getSystemUsed(), 32);
861 _provider->_diags->setProperty(kNVRAMSystemUsedKey, val.get());
862
863 val = OSNumber::withNumber(getCommonUsed(), 32);
864 _provider->_diags->setProperty(kNVRAMCommonUsedKey, val.get());
865 }
866
867 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
868
869 return ret;
870 }
871
872 IOReturn
setVariable(const uuid_t varGuid,const char * variableName,OSObject * object)873 IONVRAMV3Handler::setVariable(const uuid_t varGuid, const char *variableName, OSObject *object)
874 {
875 uuid_t destGuid;
876
877 if (strcmp(variableName, "reclaim-int") == 0) {
878 return reclaim();
879 }
880
881 if (getSystemPartitionActive()) {
882 // System region case, if they're using the GUID directly or it's on the system allow list
883 // force it to use the System GUID
884 if ((uuid_compare(varGuid, gAppleSystemVariableGuid) == 0) || variableInAllowList(variableName)) {
885 uuid_copy(destGuid, gAppleSystemVariableGuid);
886 } else {
887 uuid_copy(destGuid, varGuid);
888 }
889 } else {
890 // No system region, store System GUID as Common GUID
891 if ((uuid_compare(varGuid, gAppleSystemVariableGuid) == 0) || variableInAllowList(variableName)) {
892 uuid_copy(destGuid, gAppleNVRAMGuid);
893 } else {
894 uuid_copy(destGuid, varGuid);
895 }
896 }
897
898 return setVariableInternal(destGuid, variableName, object);
899 }
900
901 uint32_t
findCurrentBank(void)902 IONVRAMV3Handler::findCurrentBank(void)
903 {
904 struct v3_store_header storeHeader;
905 uint32_t maxGen = 0;
906 uint32_t currentBank = 0;
907
908 for (unsigned int i = 0; i < _bankCount; i++) {
909 _nvramController->select(i);
910 _nvramController->read(0, (uint8_t *)&storeHeader, sizeof(storeHeader));
911
912 if (valid_store_header(&storeHeader) && (storeHeader.generation >= maxGen)) {
913 currentBank = i;
914 maxGen = storeHeader.generation;
915 }
916 }
917
918 DEBUG_ALWAYS("currentBank=%#x, gen=%#x", currentBank, maxGen);
919
920 return currentBank;
921 }
922
923 bool
setController(IONVRAMController * controller)924 IONVRAMV3Handler::setController(IONVRAMController *controller)
925 {
926 IOReturn ret = kIOReturnSuccess;
927
928 if (_nvramController == NULL) {
929 _nvramController = controller;
930 }
931
932 DEBUG_INFO("Controller name: %s\n", _nvramController->getName());
933
934 require(_bankSize != 0, exit);
935
936 if (_resetData) {
937 _resetData = false;
938 DEBUG_ERROR("_resetData set, issuing reclaim recovery\n");
939 ret = reclaim();
940 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, invalid controller state!!! ret=%#x\n", ret));
941 goto exit;
942 }
943
944 ret = reloadInternal();
945 if (ret != kIOReturnSuccess) {
946 DEBUG_ERROR("Invalid image found, issuing reclaim recovery\n");
947 ret = reclaim();
948 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, invalid controller state!!! ret=%#x\n", ret));
949 }
950
951 exit:
952 return ret == kIOReturnSuccess;
953 }
954
955 IOReturn
reclaim(void)956 IONVRAMV3Handler::reclaim(void)
957 {
958 IOReturn ret;
959 struct v3_store_header newStoreHeader;
960 struct v3_var_header *varHeader;
961 struct nvram_v3_var_entry *varEntry;
962 OSData *entryContainer;
963 size_t new_bank_offset = sizeof(struct v3_store_header);
964 uint32_t next_bank = (_currentBank + 1) % _bankCount;
965 uint8_t *bankData;
966 OSSharedPtr<OSArray> remainingEntries;
967
968 DEBUG_INFO("called\n");
969
970 bankData = (uint8_t *)IOMallocData(_bankSize);
971 require_action(bankData != nullptr, exit, ret = kIOReturnNoMemory);
972
973 ret = _nvramController->select(next_bank);
974 verify_noerr_action(ret, DEBUG_INFO("select of bank %#08x failed\n", next_bank));
975
976 ret = _nvramController->eraseBank();
977 verify_noerr_action(ret, DEBUG_INFO("eraseBank failed, ret=%#08x\n", ret));
978
979 _currentBank = next_bank;
980
981 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
982
983 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
984 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
985 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
986 varHeader = &varEntry->header;
987
988 DEBUG_INFO("entry %u %s, new_state=%#x, e_offset=%#lx, state=%#x\n",
989 i, varEntry->header.name_data_buf, varEntry->new_state, varEntry->existing_offset, varHeader->state);
990
991 if ((varEntry->new_state == VAR_NEW_STATE_NONE) ||
992 (varEntry->new_state == VAR_NEW_STATE_APPEND)) {
993 varHeader->state = VAR_ADDED;
994
995 memcpy(bankData + new_bank_offset, (uint8_t *)varHeader, variable_length(varHeader));
996
997 varEntry->new_state = VAR_NEW_STATE_NONE;
998 varEntry->existing_offset = new_bank_offset;
999 new_bank_offset += variable_length(varHeader);
1000
1001 remainingEntries->setObject(entryContainer);
1002 } else {
1003 // entryContainer not added to remainingEntries, entry dropped
1004 }
1005 }
1006
1007 memcpy(&newStoreHeader, _nvramImage, sizeof(newStoreHeader));
1008
1009 _generation += 1;
1010
1011 newStoreHeader.generation = _generation;
1012
1013 memcpy(bankData, (uint8_t *)&newStoreHeader, sizeof(newStoreHeader));
1014
1015 ret = _nvramController->write(0, bankData, new_bank_offset);
1016 require_noerr_action(ret, exit, DEBUG_ERROR("reclaim bank write failed, ret=%08x\n", ret));
1017
1018 _currentOffset = (uint32_t)new_bank_offset;
1019
1020 DEBUG_INFO("Reclaim complete, _currentBank=%u _generation=%u, _currentOffset=%#x\n", _currentBank, _generation, _currentOffset);
1021
1022 _newData = false;
1023
1024 _varEntries.reset(remainingEntries.get(), OSRetain);
1025
1026 exit:
1027 IOFreeData(bankData, _bankSize);
1028
1029 return ret;
1030 }
1031
1032 size_t
getAppendSize(void)1033 IONVRAMV3Handler::getAppendSize(void)
1034 {
1035 struct nvram_v3_var_entry *varEntry;
1036 struct v3_var_header *varHeader;
1037 OSData *entryContainer;
1038 size_t appendSize = 0;
1039
1040 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1041 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1042 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1043 varHeader = &varEntry->header;
1044
1045 if (varEntry->new_state == VAR_NEW_STATE_APPEND) {
1046 appendSize += variable_length(varHeader);
1047 }
1048 }
1049
1050 return appendSize;
1051 }
1052
1053 IOReturn
syncRaw(void)1054 IONVRAMV3Handler::syncRaw(void)
1055 {
1056 IOReturn ret = kIOReturnSuccess;
1057 struct nvram_v3_var_entry *varEntry;
1058 struct v3_var_header *varHeader;
1059 OSData *entryContainer;
1060 OSSharedPtr<OSArray> remainingEntries;
1061 uint8_t *appendBuffer = nullptr;
1062 size_t appendBufferOffset = 0;
1063 size_t *invalidateOffsets = nullptr;
1064 size_t invalidateOffsetsCount = 0;
1065 size_t invalidateOffsetIndex = 0;
1066 size_t invalidatedSize = 0;
1067
1068 require_action(_nvramController != nullptr, exit, DEBUG_INFO("No _nvramController\n"));
1069 require_action(_newData == true, exit, DEBUG_INFO("No _newData to sync\n"));
1070 require_action(_bankSize != 0, exit, DEBUG_INFO("No nvram size info\n"));
1071
1072 DEBUG_INFO("_varEntries->getCount()=%#x\n", _varEntries->getCount());
1073
1074 if (getAppendSize() + _currentOffset < _bankSize) {
1075 // No reclaim, build append and invalidate list
1076
1077 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
1078
1079 appendBuffer = (uint8_t *)IOMallocData(_bankSize);
1080 require_action(appendBuffer, exit, ret = kIOReturnNoMemory);
1081
1082 invalidateOffsetsCount = _varEntries->getCount();
1083 invalidateOffsets = (size_t *)IOMallocData(invalidateOffsetsCount * sizeof(size_t));
1084 require_action(invalidateOffsets, exit, ret = kIOReturnNoMemory);
1085
1086 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1087 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1088 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1089 varHeader = &varEntry->header;
1090
1091 DEBUG_INFO("entry %s, new_state=%#02x state=%#02x, existing_offset=%#zx\n",
1092 varEntry->header.name_data_buf, varEntry->new_state, varEntry->header.state, varEntry->existing_offset);
1093
1094 if (varEntry->new_state == VAR_NEW_STATE_APPEND) {
1095 size_t varSize = variable_length(varHeader);
1096 size_t prevOffset = varEntry->existing_offset;
1097
1098 varHeader->state = VAR_ADDED;
1099 varEntry->existing_offset = _currentOffset + appendBufferOffset;
1100 varEntry->new_state = VAR_NEW_STATE_NONE;
1101
1102 DEBUG_INFO("Appending %s in append buffer offset %#zx, actual offset %#zx, prevOffset %#zx, varsize=%#zx\n",
1103 varEntry->header.name_data_buf, appendBufferOffset, varEntry->existing_offset, prevOffset, varSize);
1104
1105 // Write to append buffer
1106 memcpy(appendBuffer + appendBufferOffset, (uint8_t *)varHeader, varSize);
1107 appendBufferOffset += varSize;
1108
1109 if (prevOffset) {
1110 invalidateOffsets[invalidateOffsetIndex++] = prevOffset;
1111 invalidatedSize += variable_length((struct v3_var_header *)prevOffset);
1112 }
1113
1114 remainingEntries->setObject(entryContainer);
1115 } else if (varEntry->new_state == VAR_NEW_STATE_REMOVE) {
1116 if (varEntry->existing_offset) {
1117 DEBUG_INFO("marking entry at offset %#lx deleted\n", varEntry->existing_offset);
1118
1119 invalidateOffsets[invalidateOffsetIndex++] = varEntry->existing_offset;
1120 invalidatedSize += variable_length((struct v3_var_header *)varEntry->existing_offset);
1121 } else {
1122 DEBUG_INFO("No existing_offset , removing\n");
1123 }
1124
1125 // not re-added to remainingEntries
1126 } else {
1127 DEBUG_INFO("skipping\n");
1128 remainingEntries->setObject(entryContainer);
1129 }
1130 }
1131
1132 if (appendBufferOffset > 0) {
1133 // Write appendBuffer
1134 DEBUG_INFO("Appending append buffer size=%#zx at offset=%#x\n", appendBufferOffset, _currentOffset);
1135 ret = _nvramController->write(_currentOffset, appendBuffer, appendBufferOffset);
1136 require_noerr_action(ret, exit, DEBUG_ERROR("could not re-append, ret=%#x\n", ret));
1137
1138 _currentOffset += appendBufferOffset;
1139 } else {
1140 DEBUG_INFO("No entries to append\n");
1141 }
1142
1143 if (invalidateOffsetIndex > 0) {
1144 // Invalidate Entries
1145 for (unsigned int i = 0; i < invalidateOffsetIndex; i++) {
1146 uint8_t state = VAR_ADDED & VAR_DELETED & VAR_IN_DELETED_TRANSITION;
1147
1148 ret = _nvramController->write(invalidateOffsets[i] + offsetof(struct v3_var_header, state), &state, sizeof(state));
1149 require_noerr_action(ret, exit, DEBUG_ERROR("unable to invalidate at offset %#zx, ret=%#x\n", invalidateOffsets[i], ret));
1150 DEBUG_INFO("Invalidated entry at offset=%#zx\n", invalidateOffsets[i]);
1151 }
1152 } else {
1153 DEBUG_INFO("No entries to invalidate\n");
1154 }
1155
1156 _newData = false;
1157
1158 _varEntries.reset(remainingEntries.get(), OSRetain);
1159 } else {
1160 // Will need to reclaim, rebuild store and write everything at once
1161 ret = reclaim();
1162 }
1163
1164 exit:
1165 IOFreeData(appendBuffer, _bankSize);
1166 IOFreeData(invalidateOffsets, invalidateOffsetsCount * sizeof(size_t));
1167
1168 return ret;
1169 }
1170
1171 IOReturn
syncBlock(void)1172 IONVRAMV3Handler::syncBlock(void)
1173 {
1174 IOReturn ret = kIOReturnSuccess;
1175 struct v3_store_header newStoreHeader;
1176 struct v3_var_header *varHeader;
1177 struct nvram_v3_var_entry *varEntry;
1178 OSData *entryContainer;
1179 size_t new_bank_offset = sizeof(struct v3_store_header);
1180 uint8_t *block;
1181 OSSharedPtr<OSArray> remainingEntries;
1182 uint32_t next_bank = (_currentBank + 1) % _bankCount;
1183
1184 DEBUG_INFO("called\n");
1185
1186 require_action(_nvramController != nullptr, exit, DEBUG_INFO("No _nvramController\n"));
1187 require_action(_newData == true, exit, DEBUG_INFO("No _newData to sync\n"));
1188 require_action(_bankSize != 0, exit, DEBUG_INFO("No nvram size info\n"));
1189
1190 block = (uint8_t *)IOMallocData(_bankSize);
1191
1192 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
1193
1194 ret = _nvramController->select(next_bank);
1195 verify_noerr_action(ret, DEBUG_INFO("select of bank %#x failed\n", next_bank));
1196
1197 ret = _nvramController->eraseBank();
1198 verify_noerr_action(ret, DEBUG_INFO("eraseBank failed, ret=%#08x\n", ret));
1199
1200 _currentBank = next_bank;
1201
1202 memcpy(&newStoreHeader, _nvramImage, sizeof(newStoreHeader));
1203
1204 _generation += 1;
1205
1206 newStoreHeader.generation = _generation;
1207
1208 memcpy(block, (uint8_t *)&newStoreHeader, sizeof(newStoreHeader));
1209
1210 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1211 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1212 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1213 varHeader = &varEntry->header;
1214
1215 DEBUG_INFO("entry %u %s, new_state=%#x, e_offset=%#lx, state=%#x\n",
1216 i, varEntry->header.name_data_buf, varEntry->new_state, varEntry->existing_offset, varHeader->state);
1217
1218 if (varEntry->new_state != VAR_NEW_STATE_REMOVE) {
1219 varHeader->state = VAR_ADDED;
1220
1221 memcpy(block + new_bank_offset, (uint8_t *)varHeader, variable_length(varHeader));
1222
1223 varEntry->existing_offset = new_bank_offset;
1224 new_bank_offset += variable_length(varHeader);
1225 varEntry->new_state = VAR_NEW_STATE_NONE;
1226
1227 remainingEntries->setObject(entryContainer);
1228 } else {
1229 DEBUG_INFO("Dropping %s\n", varEntry->header.name_data_buf);
1230 }
1231 }
1232
1233 ret = _nvramController->write(0, block, _bankSize);
1234 verify_noerr_action(ret, DEBUG_ERROR("w fail, ret=%#x\n", ret));
1235
1236 _nvramController->sync();
1237
1238 _varEntries.reset(remainingEntries.get(), OSRetain);
1239
1240 _newData = false;
1241
1242 DEBUG_INFO("Save complete, _generation=%u\n", _generation);
1243
1244 IOFreeData(block, _bankSize);
1245
1246 exit:
1247 return ret;
1248 }
1249
1250 IOReturn
sync(void)1251 IONVRAMV3Handler::sync(void)
1252 {
1253 IOReturn ret;
1254
1255 if (_reload) {
1256 ret = reloadInternal();
1257 require_noerr_action(ret, exit, DEBUG_ERROR("Reload failed, ret=%#x", ret));
1258
1259 _reload = false;
1260 }
1261
1262 if (_rawController == true) {
1263 ret = syncRaw();
1264
1265 if (ret != kIOReturnSuccess) {
1266 ret = reclaim();
1267 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, ret=%#x", ret));
1268 }
1269 } else {
1270 ret = syncBlock();
1271 }
1272
1273 exit:
1274 return ret;
1275 }
1276
1277 uint32_t
getGeneration(void) const1278 IONVRAMV3Handler::getGeneration(void) const
1279 {
1280 return _generation;
1281 }
1282
1283 uint32_t
getVersion(void) const1284 IONVRAMV3Handler::getVersion(void) const
1285 {
1286 return kNVRAMVersion3;
1287 }
1288
1289 uint32_t
getSystemUsed(void) const1290 IONVRAMV3Handler::getSystemUsed(void) const
1291 {
1292 return _systemUsed;
1293 }
1294
1295 uint32_t
getCommonUsed(void) const1296 IONVRAMV3Handler::getCommonUsed(void) const
1297 {
1298 return _commonUsed;
1299 }
1300
1301 bool
getSystemPartitionActive(void) const1302 IONVRAMV3Handler::getSystemPartitionActive(void) const
1303 {
1304 return _systemSize != 0;
1305 }
1306
1307 bool
convertObjectToProp(uint8_t * buffer,uint32_t * length,const char * propName,OSObject * propObject)1308 IONVRAMV3Handler::convertObjectToProp(uint8_t *buffer, uint32_t *length,
1309 const char *propName, OSObject *propObject)
1310 {
1311 uint32_t offset;
1312 IONVRAMVariableType propType;
1313 OSBoolean *tmpBoolean = nullptr;
1314 OSNumber *tmpNumber = nullptr;
1315 OSString *tmpString = nullptr;
1316 OSData *tmpData = nullptr;
1317
1318 propType = getVariableType(propName);
1319
1320 // Get the size of the data.
1321 offset = 0;
1322 switch (propType) {
1323 case kOFVariableTypeBoolean:
1324 tmpBoolean = OSDynamicCast(OSBoolean, propObject);
1325 if (tmpBoolean != nullptr) {
1326 const char *bool_buf;
1327 if (tmpBoolean->getValue()) {
1328 bool_buf = "true";
1329 } else {
1330 bool_buf = "false";
1331 }
1332
1333 offset = (uint32_t)strlen(bool_buf);
1334
1335 if (buffer) {
1336 if (*length < offset) {
1337 return false;
1338 } else {
1339 memcpy(buffer, bool_buf, offset);
1340 }
1341 }
1342 }
1343 break;
1344
1345 case kOFVariableTypeNumber:
1346 tmpNumber = OSDynamicCast(OSNumber, propObject);
1347 if (tmpNumber != nullptr) {
1348 char num_buf[12];
1349 char *end_buf = num_buf;
1350 uint32_t tmpValue = tmpNumber->unsigned32BitValue();
1351 if (tmpValue == 0xFFFFFFFF) {
1352 end_buf += snprintf(end_buf, sizeof(num_buf), "-1");
1353 } else if (tmpValue < 1000) {
1354 end_buf += snprintf(end_buf, sizeof(num_buf), "%d", (uint32_t)tmpValue);
1355 } else {
1356 end_buf += snprintf(end_buf, sizeof(num_buf), "%#x", (uint32_t)tmpValue);
1357 }
1358
1359 offset = (uint32_t)(end_buf - num_buf);
1360 if (buffer) {
1361 if (*length < offset) {
1362 return false;
1363 } else {
1364 memcpy(buffer, num_buf, offset);
1365 }
1366 }
1367 }
1368 break;
1369
1370 case kOFVariableTypeString:
1371 tmpString = OSDynamicCast(OSString, propObject);
1372 if (tmpString != nullptr) {
1373 offset = tmpString->getLength();
1374
1375 if (buffer) {
1376 if (*length < offset) {
1377 return false;
1378 } else {
1379 bcopy(tmpString->getCStringNoCopy(), buffer, offset);
1380 }
1381 }
1382 }
1383 break;
1384
1385 case kOFVariableTypeData:
1386 tmpData = OSDynamicCast(OSData, propObject);
1387 if (tmpData != nullptr) {
1388 offset = tmpData->getLength();
1389
1390 if (buffer) {
1391 if (*length < offset) {
1392 return false;
1393 } else {
1394 bcopy(tmpData->getBytesNoCopy(), buffer, offset);
1395 }
1396 }
1397 }
1398 break;
1399
1400 default:
1401 return false;
1402 }
1403
1404 *length = offset;
1405
1406 return offset != 0;
1407 }
1408
1409
1410 bool
convertPropToObject(const uint8_t * propName,uint32_t propNameLength,const uint8_t * propData,uint32_t propDataLength,OSSharedPtr<const OSSymbol> & propSymbol,OSSharedPtr<OSObject> & propObject)1411 IONVRAMV3Handler::convertPropToObject(const uint8_t *propName, uint32_t propNameLength,
1412 const uint8_t *propData, uint32_t propDataLength,
1413 OSSharedPtr<const OSSymbol>& propSymbol,
1414 OSSharedPtr<OSObject>& propObject)
1415 {
1416 OSSharedPtr<const OSSymbol> tmpSymbol;
1417 OSSharedPtr<OSNumber> tmpNumber;
1418 OSSharedPtr<OSString> tmpString;
1419 OSSharedPtr<OSObject> tmpObject = nullptr;
1420
1421 tmpSymbol = OSSymbol::withCString((const char *)propName);
1422
1423 if (tmpSymbol == nullptr) {
1424 return false;
1425 }
1426
1427 switch (getVariableType(tmpSymbol.get())) {
1428 case kOFVariableTypeBoolean:
1429 if (!strncmp("true", (const char *)propData, propDataLength)) {
1430 tmpObject.reset(kOSBooleanTrue, OSRetain);
1431 } else if (!strncmp("false", (const char *)propData, propDataLength)) {
1432 tmpObject.reset(kOSBooleanFalse, OSRetain);
1433 }
1434 break;
1435
1436 case kOFVariableTypeNumber:
1437 tmpNumber = OSNumber::withNumber(strtol((const char *)propData, nullptr, 0), 32);
1438 if (tmpNumber != nullptr) {
1439 tmpObject = tmpNumber;
1440 }
1441 break;
1442
1443 case kOFVariableTypeString:
1444 tmpString = OSString::withCString((const char *)propData, propDataLength);
1445 if (tmpString != nullptr) {
1446 tmpObject = tmpString;
1447 }
1448 break;
1449
1450 case kOFVariableTypeData:
1451 tmpObject = OSData::withBytes(propData, propDataLength);
1452 break;
1453
1454 default:
1455 break;
1456 }
1457
1458 if (tmpObject == nullptr) {
1459 tmpSymbol.reset();
1460 return false;
1461 }
1462
1463 propSymbol = tmpSymbol;
1464 propObject = tmpObject;
1465
1466 return true;
1467 }
1468