1 /*
2 * Copyright (c) 2021-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <libkern/libkern.h>
30
31 #define VARIABLE_STORE_SIGNATURE 'NVV3'
32
33 // Variable Store Version
34 #define VARIABLE_STORE_VERSION 0x1
35
36 #define VARIABLE_DATA 0x55AA
37 #define INVALIDATED_VARIABLE_DATA 0x0000
38
39 // Variable State flags
40 #define VAR_IN_DELETED_TRANSITION 0xFE // Variable is in obsolete transistion
41 #define VAR_DELETED 0xFD // Variable is obsolete
42 #define VAR_INACTIVE 0xFB // Variable is inactive due to failing CRC
43 #define VAR_ADDED 0x7F // Variable has been completely added
44
45 // No changes needed on save
46 #define VAR_NEW_STATE_NONE 0x01
47 // Remove existing entry on save
48 #define VAR_NEW_STATE_REMOVE 0x02
49 // Add new value on save, mark previous as inactive
50 #define VAR_NEW_STATE_APPEND 0x03
51
52 #pragma pack(1)
53 struct v3_store_header {
54 uint32_t name;
55 uint32_t size;
56 uint32_t generation;
57 uint8_t state;
58 uint8_t flags;
59 uint8_t version;
60 uint8_t reserved1;
61 uint32_t system_size;
62 uint32_t common_size;
63 };
64
65 struct v3_var_header {
66 uint16_t startId;
67 uint8_t state;
68 uint8_t reserved;
69 uint32_t attributes;
70 uint32_t nameSize;
71 uint32_t dataSize;
72 uuid_t guid;
73 uint32_t crc;
74 uint8_t name_data_buf[];
75 };
76 #pragma pack()
77
78 struct nvram_v3_var_entry {
79 uint8_t new_state;
80 size_t existing_offset;
81 struct v3_var_header header;
82 };
83
84 static size_t
nvram_v3_var_container_size(const struct v3_var_header * header)85 nvram_v3_var_container_size(const struct v3_var_header *header)
86 {
87 return sizeof(struct nvram_v3_var_entry) + header->nameSize + header->dataSize;
88 }
89
90 static size_t
variable_length(const struct v3_var_header * header)91 variable_length(const struct v3_var_header *header)
92 {
93 return sizeof(struct v3_var_header) + header->nameSize + header->dataSize;
94 }
95
96 static bool
valid_store_header(const struct v3_store_header * header)97 valid_store_header(const struct v3_store_header *header)
98 {
99 return (header->name == VARIABLE_STORE_SIGNATURE) && (header->version == VARIABLE_STORE_VERSION);
100 }
101
102 static bool
valid_variable_header(const struct v3_var_header * header,size_t buf_len)103 valid_variable_header(const struct v3_var_header *header, size_t buf_len)
104 {
105 return (buf_len > sizeof(struct v3_var_header)) &&
106 (header->startId == VARIABLE_DATA) &&
107 (variable_length(header) <= buf_len);
108 }
109
110 static uint32_t
find_active_var_in_image(const struct v3_var_header * var,const uint8_t * image,uint32_t offset,uint32_t len)111 find_active_var_in_image(const struct v3_var_header *var, const uint8_t *image, uint32_t offset, uint32_t len)
112 {
113 const struct v3_var_header *store_var;
114 uint32_t var_offset = 0;
115
116 while ((offset + sizeof(struct v3_var_header) < len)) {
117 store_var = (const struct v3_var_header *)(image + offset);
118
119 if (valid_variable_header(store_var, len - offset)) {
120 if ((store_var->state == VAR_ADDED) &&
121 (uuid_compare(var->guid, store_var->guid) == 0) &&
122 (var->nameSize == store_var->nameSize) &&
123 (memcmp(var->name_data_buf, store_var->name_data_buf, var->nameSize) == 0)) {
124 var_offset = offset;
125 break;
126 }
127 } else {
128 break;
129 }
130
131 offset += variable_length(store_var);
132 }
133
134 return var_offset;
135 }
136
137 static IOReturn
find_current_offset_in_image(const uint8_t * image,uint32_t len,uint32_t * newOffset)138 find_current_offset_in_image(const uint8_t *image, uint32_t len, uint32_t *newOffset)
139 {
140 uint32_t offset = 0;
141 uint32_t inner_offset = 0;
142
143 if (valid_store_header((const struct v3_store_header *)(image + offset))) {
144 DEBUG_INFO("valid store header @ %#x\n", offset);
145 offset += sizeof(struct v3_store_header);
146 }
147
148 while (offset < len) {
149 const struct v3_var_header *store_var = (const struct v3_var_header *)(image + offset);
150 uuid_string_t uuidString;
151
152 if (valid_variable_header(store_var, len - offset)) {
153 uuid_unparse(store_var->guid, uuidString);
154 DEBUG_INFO("Valid var @ %#08x, state=%#02x, length=%#08zx, %s:%s\n", offset, store_var->state,
155 variable_length(store_var), uuidString, store_var->name_data_buf);
156 offset += variable_length(store_var);
157 } else {
158 break;
159 }
160 }
161
162 while (offset < len) {
163 if (image[offset] == 0xFF) {
164 DEBUG_INFO("scanning for clear memory @ %#x\n", offset);
165
166 inner_offset = offset;
167
168 while ((inner_offset < len) && (image[inner_offset] == 0xFF)) {
169 inner_offset++;
170 }
171
172 if (inner_offset == len) {
173 DEBUG_INFO("found start of clear mem @ %#x\n", offset);
174 break;
175 } else {
176 DEBUG_ERROR("ERROR!!!!! found non-clear byte @ %#x\n", offset);
177 return kIOReturnInvalid;
178 }
179 }
180 offset++;
181 }
182
183 *newOffset = offset;
184
185 return kIOReturnSuccess;
186 }
187
188 class IONVRAMV3Handler : public IODTNVRAMFormatHandler, IOTypedOperatorsMixin<IONVRAMV3Handler>
189 {
190 private:
191 IONVRAMController *_nvramController;
192 IODTNVRAM *_provider;
193
194 bool _newData;
195 bool _resetData;
196 bool _reload;
197
198 bool _rawController;
199
200 uint32_t _generation;
201
202 uint8_t *_nvramImage;
203
204 OSSharedPtr<OSDictionary> _varDict;
205
206 uint32_t _commonSize;
207 uint32_t _systemSize;
208
209 uint32_t _commonUsed;
210 uint32_t _systemUsed;
211
212 uint32_t _currentOffset;
213
214 OSSharedPtr<OSArray> _varEntries;
215
216 IORWLock *_variableLock;
217 IOLock *_controllerLock;
218
219 IOReturn unserializeImage(const uint8_t *image, IOByteCount length);
220 IOReturn reclaim(void);
221 uint32_t findCurrentBank(void);
222 size_t getAppendSize(void);
223
224 static bool convertObjectToProp(uint8_t *buffer, uint32_t *length, const char *propSymbol, OSObject *propObject);
225 static bool convertPropToObject(const uint8_t *propName, uint32_t propNameLength, const uint8_t *propData, uint32_t propDataLength,
226 OSSharedPtr<const OSSymbol>& propSymbol, OSSharedPtr<OSObject>& propObject);
227
228 IOReturn reloadInternal(void);
229 IOReturn setVariableInternal(const uuid_t varGuid, const char *variableName, OSObject *object);
230
231 void setEntryForRemove(struct nvram_v3_var_entry *v3Entry, bool system);
232 void findExistingEntry(const uuid_t varGuid, const char *varName, struct nvram_v3_var_entry **existing, unsigned int *existingIndex);
233 IOReturn syncRaw(void);
234 IOReturn syncBlock(void);
235 public:
236 virtual
237 ~IONVRAMV3Handler() APPLE_KEXT_OVERRIDE;
238 IONVRAMV3Handler();
239 static bool isValidImage(const uint8_t *image, IOByteCount length);
240 static IONVRAMV3Handler *init(IODTNVRAM *provider, const uint8_t *image, IOByteCount length);
241
242 virtual bool getNVRAMProperties(void) APPLE_KEXT_OVERRIDE;
243 virtual IOReturn unserializeVariables(void) APPLE_KEXT_OVERRIDE;
244 virtual IOReturn setVariable(const uuid_t varGuid, const char *variableName, OSObject *object) APPLE_KEXT_OVERRIDE;
245 virtual bool setController(IONVRAMController *controller) APPLE_KEXT_OVERRIDE;
246 virtual IOReturn sync(void) APPLE_KEXT_OVERRIDE;
247 virtual IOReturn flush(const uuid_t guid, IONVRAMOperation op) APPLE_KEXT_OVERRIDE;
248 virtual void reload(void) APPLE_KEXT_OVERRIDE;
249 virtual uint32_t getGeneration(void) const APPLE_KEXT_OVERRIDE;
250 virtual uint32_t getVersion(void) const APPLE_KEXT_OVERRIDE;
251 virtual uint32_t getSystemUsed(void) const APPLE_KEXT_OVERRIDE;
252 virtual uint32_t getCommonUsed(void) const APPLE_KEXT_OVERRIDE;
253 virtual bool getSystemPartitionActive(void) const APPLE_KEXT_OVERRIDE;
254 virtual IOReturn getVarDict(OSSharedPtr<OSDictionary> &varDictCopy) APPLE_KEXT_OVERRIDE;
255 };
256
~IONVRAMV3Handler()257 IONVRAMV3Handler::~IONVRAMV3Handler()
258 {
259 }
260
IONVRAMV3Handler()261 IONVRAMV3Handler::IONVRAMV3Handler()
262 {
263 }
264
265 bool
isValidImage(const uint8_t * image,IOByteCount length)266 IONVRAMV3Handler::isValidImage(const uint8_t *image, IOByteCount length)
267 {
268 const struct v3_store_header *header = (const struct v3_store_header *)image;
269
270 if ((header == nullptr) || (length < sizeof(*header))) {
271 return false;
272 }
273
274 return valid_store_header(header);
275 }
276
277 IONVRAMV3Handler*
init(IODTNVRAM * provider,const uint8_t * image,IOByteCount length)278 IONVRAMV3Handler::init(IODTNVRAM *provider, const uint8_t *image, IOByteCount length)
279 {
280 OSSharedPtr<IORegistryEntry> entry;
281 OSSharedPtr<OSObject> prop;
282 bool propertiesOk;
283
284 IONVRAMV3Handler *handler = new IONVRAMV3Handler();
285
286 handler->_provider = provider;
287
288 handler->_variableLock = IORWLockAlloc();
289 require(handler->_variableLock != nullptr, exit);
290
291 handler->_controllerLock = IOLockAlloc();
292 require(handler->_controllerLock != nullptr, exit);
293
294 propertiesOk = handler->getNVRAMProperties();
295 require_action(propertiesOk, exit, DEBUG_ERROR("Unable to get NVRAM properties\n"));
296
297 require_action(length == handler->_bankSize, exit, DEBUG_ERROR("length %#llx != _bankSize %#x\n", length, handler->_bankSize));
298
299 if ((image != nullptr) && (length != 0)) {
300 if (handler->unserializeImage(image, length) != kIOReturnSuccess) {
301 DEBUG_ERROR("Unable to unserialize image, len=%#x\n", (unsigned int)length);
302 }
303 }
304
305 return handler;
306
307 exit:
308 delete handler;
309
310 return nullptr;
311 }
312
313 bool
getNVRAMProperties()314 IONVRAMV3Handler::getNVRAMProperties()
315 {
316 bool ok = false;
317 const char *rawControllerKey = "nvram-raw";
318 OSSharedPtr<IORegistryEntry> entry;
319 OSSharedPtr<OSObject> prop;
320 OSData * data;
321
322 require_action(IODTNVRAMFormatHandler::getNVRAMProperties(), exit, DEBUG_ERROR("parent getNVRAMProperties failed\n"));
323
324 entry = IORegistryEntry::fromPath("/chosen", gIODTPlane);
325 require_action(entry, exit, DEBUG_ERROR("Unable to find chosen node\n"));
326
327 prop = entry->copyProperty(rawControllerKey);
328 require_action(prop != nullptr, exit, DEBUG_ERROR("No %s entry\n", rawControllerKey));
329
330 data = OSDynamicCast(OSData, prop.get());
331 require(data != nullptr, exit);
332
333 _rawController = *((uint32_t*)data->getBytesNoCopy());
334 DEBUG_INFO("_rawController = %d\n", _rawController);
335
336 ok = true;
337
338 exit:
339 return ok;
340 }
341
342 IOReturn
flush(const uuid_t guid,IONVRAMOperation op)343 IONVRAMV3Handler::flush(const uuid_t guid, IONVRAMOperation op)
344 {
345 IOReturn ret = kIOReturnSuccess;
346 bool flushSystem;
347 bool flushCommon;
348
349 flushSystem = getSystemPartitionActive() && (uuid_compare(guid, gAppleSystemVariableGuid) == 0);
350 flushCommon = uuid_compare(guid, gAppleNVRAMGuid) == 0;
351
352 DEBUG_INFO("flushSystem=%d, flushCommon=%d\n", flushSystem, flushCommon);
353
354 NVRAMWRITELOCK(_variableLock);
355 if (flushSystem || flushCommon) {
356 const OSSymbol *canonicalKey;
357 OSSharedPtr<OSDictionary> dictCopy;
358 OSSharedPtr<OSCollectionIterator> iter;
359 uuid_string_t uuidString;
360
361 dictCopy = OSDictionary::withDictionary(_varDict.get());
362 iter = OSCollectionIterator::withCollection(dictCopy.get());
363 require_action(dictCopy && iter, exit, ret = kIOReturnNoMemory);
364
365 while ((canonicalKey = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
366 const char *varName;
367 uuid_t varGuid;
368 bool clear;
369
370 parseVariableName(canonicalKey->getCStringNoCopy(), &varGuid, &varName);
371
372 uuid_unparse(varGuid, uuidString);
373
374 clear = ((flushSystem && (uuid_compare(varGuid, gAppleSystemVariableGuid) == 0)) ||
375 (flushCommon && (uuid_compare(varGuid, gAppleSystemVariableGuid) != 0))) &&
376 verifyPermission(op, varGuid, varName, getSystemPartitionActive(), true);
377
378 if (clear) {
379 DEBUG_INFO("Clearing entry for %s:%s\n", uuidString, varName);
380 setVariableInternal(varGuid, varName, nullptr);
381 } else {
382 DEBUG_INFO("Keeping entry for %s:%s\n", uuidString, varName);
383 }
384 }
385
386 _newData = true;
387 }
388
389 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
390
391 exit:
392 NVRAMRWUNLOCK(_variableLock);
393 return ret;
394 }
395
396 IOReturn
reloadInternal(void)397 IONVRAMV3Handler::reloadInternal(void)
398 {
399 IOReturn ret;
400 uint32_t controllerBank;
401 uint8_t *controllerImage;
402 struct nvram_v3_var_entry *v3Entry;
403 const struct v3_store_header *storeHeader;
404 const struct v3_var_header *storeVar;
405 OSData *entryContainer;
406
407 NVRAMLOCKASSERTHELD(_controllerLock);
408
409 controllerBank = findCurrentBank();
410
411 if (_currentBank != controllerBank) {
412 DEBUG_ERROR("_currentBank %#x != controllerBank %#x\n", _currentBank, controllerBank);
413 }
414
415 _currentBank = controllerBank;
416
417 controllerImage = (uint8_t *)IOMallocData(_bankSize);
418
419 _nvramController->select(_currentBank);
420 _nvramController->read(0, controllerImage, _bankSize);
421
422 require_action(isValidImage(controllerImage, _bankSize), exit,
423 (ret = kIOReturnInvalid, DEBUG_ERROR("Invalid image at bank %d\n", _currentBank)));
424
425 DEBUG_INFO("valid image found\n");
426
427 storeHeader = (const struct v3_store_header *)controllerImage;
428
429 _generation = storeHeader->generation;
430
431 // We must sync any existing variables offset on the controller image with our internal representation
432 // If we find an existing entry and the data is still the same we record the existing offset and mark it
433 // as VAR_NEW_STATE_NONE meaning no action needed
434 // Otherwise if the data is different or it is not found on the controller image we mark it as VAR_NEW_STATE_APPEND
435 // which will have us invalidate the existing entry if there is one and append it on the next save
436 NVRAMREADLOCK(_variableLock);
437 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
438 uint32_t offset = sizeof(struct v3_store_header);
439 uint32_t latestOffset;
440 uint32_t prevOffset = 0;
441
442 entryContainer = (OSDynamicCast(OSData, _varEntries->getObject(i)));
443 v3Entry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
444
445 DEBUG_INFO("Looking for %s\n", v3Entry->header.name_data_buf);
446 while ((latestOffset = find_active_var_in_image(&v3Entry->header, controllerImage, offset, _bankSize))) {
447 DEBUG_INFO("Found offset for %s @ %#08x\n", v3Entry->header.name_data_buf, latestOffset);
448 if (prevOffset) {
449 DEBUG_INFO("Marking prev offset for %s at %#08x invalid\n", v3Entry->header.name_data_buf, offset);
450 // Invalidate any previous duplicate entries in the store
451 struct v3_var_header *prevVarHeader = (struct v3_var_header *)(controllerImage + prevOffset);
452 uint8_t state = prevVarHeader->state & VAR_DELETED & VAR_IN_DELETED_TRANSITION;
453
454 ret = _nvramController->write(prevOffset + offsetof(struct v3_var_header, state), &state, sizeof(state));
455 require_noerr_action(ret, unlock, DEBUG_ERROR("existing state w fail, ret=%#x\n", ret));
456 }
457
458 prevOffset = latestOffset;
459 offset += latestOffset;
460 }
461
462 v3Entry->existing_offset = latestOffset ? latestOffset : prevOffset;
463 DEBUG_INFO("Existing offset for %s at %#08zx\n", v3Entry->header.name_data_buf, v3Entry->existing_offset);
464
465 if (v3Entry->existing_offset == 0) {
466 DEBUG_ERROR("%s is not in the NOR image\n", v3Entry->header.name_data_buf);
467 if (v3Entry->new_state != VAR_NEW_STATE_REMOVE) {
468 DEBUG_INFO("%s marked for append\n", v3Entry->header.name_data_buf);
469 // Doesn't exist in the store, just append it on next sync
470 v3Entry->new_state = VAR_NEW_STATE_APPEND;
471 }
472 } else {
473 DEBUG_INFO("Found offset for %s @ %#zx\n", v3Entry->header.name_data_buf, v3Entry->existing_offset);
474 storeVar = (const struct v3_var_header *)&controllerImage[v3Entry->existing_offset];
475
476 if (v3Entry->new_state != VAR_NEW_STATE_REMOVE) {
477 // Verify that the existing data matches the store data
478 if ((variable_length(&v3Entry->header) == variable_length(storeVar)) &&
479 (memcmp(v3Entry->header.name_data_buf, storeVar->name_data_buf, storeVar->nameSize + storeVar->dataSize) == 0)) {
480 DEBUG_INFO("Store var data for %s matches, marking new state none\n", v3Entry->header.name_data_buf);
481 v3Entry->new_state = VAR_NEW_STATE_NONE;
482 } else {
483 DEBUG_INFO("Store var data for %s differs, marking new state append\n", v3Entry->header.name_data_buf);
484 v3Entry->new_state = VAR_NEW_STATE_APPEND;
485 }
486 } else {
487 // Store has entry but it has been removed from our collection, keep it marked for delete but with updated
488 // existing_offset for coherence
489 DEBUG_INFO("Removing entry at %#08zx with next sync\n", v3Entry->existing_offset);
490 }
491 }
492 }
493 ret = find_current_offset_in_image(controllerImage, _bankSize, &_currentOffset);
494 require_noerr_action(ret, unlock, DEBUG_ERROR("Unidentified bytes in image\n"));
495 DEBUG_INFO("New _currentOffset=%#x\n", _currentOffset);
496
497 unlock:
498 NVRAMRWUNLOCK(_variableLock);
499 exit:
500 IOFreeData(controllerImage, _bankSize);
501 return ret;
502 }
503
504 void
reload(void)505 IONVRAMV3Handler::reload(void)
506 {
507 _reload = true;
508
509 DEBUG_INFO("reload marked\n");
510 }
511
512 void
setEntryForRemove(struct nvram_v3_var_entry * v3Entry,bool system)513 IONVRAMV3Handler::setEntryForRemove(struct nvram_v3_var_entry *v3Entry, bool system)
514 {
515 OSSharedPtr<const OSSymbol> canonicalKey;
516 const char *variableName;
517 uint32_t variableSize;
518
519 // Anyone calling setEntryForRemove should've already held the lock for write.
520 NVRAMRWLOCKASSERTEXCLUSIVE(_variableLock);
521
522 require_action(v3Entry != nullptr, exit, DEBUG_INFO("remove with no entry\n"));
523
524 variableName = (const char *)v3Entry->header.name_data_buf;
525 variableSize = (uint32_t)variable_length(&v3Entry->header);
526 canonicalKey = keyWithGuidAndCString(v3Entry->header.guid, variableName);
527
528 if (v3Entry->new_state == VAR_NEW_STATE_REMOVE) {
529 DEBUG_INFO("entry %s already marked for remove\n", variableName);
530 } else {
531 DEBUG_INFO("marking entry %s for remove\n", variableName);
532
533 v3Entry->new_state = VAR_NEW_STATE_REMOVE;
534
535 _varDict->removeObject(canonicalKey.get());
536
537 if (system) {
538 if (_systemUsed < variableSize) {
539 panic("Invalid _systemUsed size\n");
540 }
541 _systemUsed -= variableSize;
542 } else {
543 if (_commonUsed < variableSize) {
544 panic("Invalid _commonUsed size\n");
545 }
546 _commonUsed -= variableSize;
547 }
548
549 if (_provider->_diags) {
550 _provider->_diags->logVariable(getPartitionTypeForGUID(v3Entry->header.guid),
551 kIONVRAMOperationDelete,
552 variableName,
553 nullptr);
554 }
555 }
556
557 exit:
558 return;
559 }
560
561 void
findExistingEntry(const uuid_t varGuid,const char * varName,struct nvram_v3_var_entry ** existing,unsigned int * existingIndex)562 IONVRAMV3Handler::findExistingEntry(const uuid_t varGuid, const char *varName, struct nvram_v3_var_entry **existing, unsigned int *existingIndex)
563 {
564 struct nvram_v3_var_entry *v3Entry = nullptr;
565 OSData *entryContainer = nullptr;
566 unsigned int index = 0;
567 uint32_t nameLen = (uint32_t)strlen(varName) + 1;
568
569 for (index = 0; index < _varEntries->getCount(); index++) {
570 entryContainer = (OSDynamicCast(OSData, _varEntries->getObject(index)));
571 v3Entry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
572
573 if ((v3Entry->header.nameSize == nameLen) &&
574 (memcmp(v3Entry->header.name_data_buf, varName, nameLen) == 0)) {
575 if (varGuid) {
576 if (uuid_compare(varGuid, v3Entry->header.guid) == 0) {
577 uuid_string_t uuidString;
578 uuid_unparse(varGuid, uuidString);
579 DEBUG_INFO("found existing entry for %s:%s, e_off=%#lx, len=%#lx, new_state=%#x\n", uuidString, varName,
580 v3Entry->existing_offset, variable_length(&v3Entry->header), v3Entry->new_state);
581 break;
582 }
583 } else {
584 DEBUG_INFO("found existing entry for %s, e_off=%#lx, len=%#lx\n", varName, v3Entry->existing_offset, variable_length(&v3Entry->header));
585 break;
586 }
587 }
588
589 v3Entry = nullptr;
590 }
591
592 if (v3Entry != nullptr) {
593 if (existing) {
594 *existing = v3Entry;
595 }
596
597 if (existingIndex) {
598 *existingIndex = index;
599 }
600 }
601 }
602
603 IOReturn
unserializeImage(const uint8_t * image,IOByteCount length)604 IONVRAMV3Handler::unserializeImage(const uint8_t *image, IOByteCount length)
605 {
606 IOReturn ret = kIOReturnInvalid;
607 const struct v3_store_header *storeHeader;
608
609 require(isValidImage(image, length), exit);
610
611 storeHeader = (const struct v3_store_header *)image;
612 require_action(storeHeader->size == (uint32_t)length, exit,
613 DEBUG_ERROR("Image size %#x != header size %#x\n", (unsigned int)length, storeHeader->size));
614
615 _generation = storeHeader->generation;
616 _systemSize = storeHeader->system_size;
617 _commonSize = storeHeader->common_size - sizeof(struct v3_store_header);
618
619 _systemUsed = 0;
620 _commonUsed = 0;
621
622 if (_nvramImage) {
623 IOFreeData(_nvramImage, _bankSize);
624 }
625
626 _varEntries.reset();
627 _varEntries = OSArray::withCapacity(40);
628
629 _nvramImage = IONewData(uint8_t, length);
630 _bankSize = (uint32_t)length;
631 bcopy(image, _nvramImage, _bankSize);
632
633 ret = kIOReturnSuccess;
634
635 exit:
636 return ret;
637 }
638
639 IOReturn
unserializeVariables(void)640 IONVRAMV3Handler::unserializeVariables(void)
641 {
642 IOReturn ret = kIOReturnSuccess;
643 OSSharedPtr<const OSSymbol> propSymbol;
644 OSSharedPtr<OSObject> propObject;
645 OSSharedPtr<OSData> entryContainer;
646 struct nvram_v3_var_entry *v3Entry;
647 const struct v3_var_header *header;
648 size_t offset = sizeof(struct v3_store_header);
649 uint32_t crc;
650 unsigned int i;
651 bool system;
652 uuid_string_t uuidString;
653 size_t existingSize;
654
655 if (_systemSize || _commonSize) {
656 _varDict = OSDictionary::withCapacity(1);
657 }
658
659 while ((offset + sizeof(struct v3_var_header)) < _bankSize) {
660 struct nvram_v3_var_entry *existingEntry = nullptr;
661 unsigned int existingIndex = 0;
662
663 header = (const struct v3_var_header *)(_nvramImage + offset);
664
665 for (i = 0; i < sizeof(struct v3_var_header); i++) {
666 if ((_nvramImage[offset + i] != 0) && (_nvramImage[offset + i] != 0xFF)) {
667 break;
668 }
669 }
670
671 if (i == sizeof(struct v3_var_header)) {
672 DEBUG_INFO("No more variables after offset %#lx\n", offset);
673 break;
674 }
675
676 if (!valid_variable_header(header, _bankSize - offset)) {
677 DEBUG_ERROR("invalid header @ %#lx\n", offset);
678 offset += sizeof(struct v3_var_header);
679 continue;
680 }
681
682 uuid_unparse(header->guid, uuidString);
683 DEBUG_INFO("Valid var @ %#08zx, state=%#02x, length=%#08zx, %s:%s\n", offset, header->state,
684 variable_length(header), uuidString, header->name_data_buf);
685
686 if (header->state != VAR_ADDED) {
687 goto skip;
688 }
689
690 crc = crc32(0, header->name_data_buf + header->nameSize, header->dataSize);
691
692 if (crc != header->crc) {
693 DEBUG_ERROR("invalid crc @ %#lx, calculated=%#x, read=%#x\n", offset, crc, header->crc);
694 goto skip;
695 }
696
697 v3Entry = (struct nvram_v3_var_entry *)IOMallocZeroData(nvram_v3_var_container_size(header));
698 __nochk_memcpy(&v3Entry->header, _nvramImage + offset, variable_length(header));
699
700 // It is assumed that the initial image being unserialized here is going to be the proxy data from EDT and not the image
701 // read from the controller, which for various reasons due to the setting of states and saves from iBoot, can be
702 // different. We will have an initial existing_offset of 0 and once the controller is set we will read
703 // out the image there and update the existing offset with what is present on the NOR image
704 v3Entry->existing_offset = 0;
705 v3Entry->new_state = VAR_NEW_STATE_NONE;
706
707 // safe guard for any strange duplicate entries in the store
708 findExistingEntry(v3Entry->header.guid, (const char *)v3Entry->header.name_data_buf, &existingEntry, &existingIndex);
709
710 if (existingEntry != nullptr) {
711 existingSize = variable_length(&existingEntry->header);
712
713 entryContainer = OSData::withBytes(v3Entry, (uint32_t)nvram_v3_var_container_size(header));
714 _varEntries->replaceObject(existingIndex, entryContainer.get());
715
716 DEBUG_INFO("Found existing for %s, resetting when controller available\n", v3Entry->header.name_data_buf);
717 _resetData = true;
718 } else {
719 entryContainer = OSData::withBytes(v3Entry, (uint32_t)nvram_v3_var_container_size(header));
720 _varEntries->setObject(entryContainer.get());
721 existingSize = 0;
722 }
723
724 system = (_systemSize != 0) && (uuid_compare(v3Entry->header.guid, gAppleSystemVariableGuid) == 0);
725 if (system) {
726 _systemUsed = _systemUsed + (uint32_t)variable_length(header) - (uint32_t)existingSize;
727 } else {
728 _commonUsed = _commonUsed + (uint32_t)variable_length(header) - (uint32_t)existingSize;
729 }
730
731 if (convertPropToObject(v3Entry->header.name_data_buf, v3Entry->header.nameSize,
732 v3Entry->header.name_data_buf + v3Entry->header.nameSize, v3Entry->header.dataSize,
733 propSymbol, propObject)) {
734 OSSharedPtr<const OSSymbol> canonicalKey = keyWithGuidAndCString(v3Entry->header.guid, (const char *)v3Entry->header.name_data_buf);
735
736 DEBUG_INFO("adding %s, dataLength=%u, system=%d\n",
737 canonicalKey->getCStringNoCopy(), v3Entry->header.dataSize, system);
738
739 _varDict->setObject(canonicalKey.get(), propObject.get());
740
741 if (_provider->_diags) {
742 _provider->_diags->logVariable(getPartitionTypeForGUID(v3Entry->header.guid),
743 kIONVRAMOperationInit, propSymbol.get()->getCStringNoCopy(),
744 (void *)(uintptr_t)(header->name_data_buf + header->nameSize));
745 }
746 }
747 IOFreeData(v3Entry, nvram_v3_var_container_size(header));
748 skip:
749 offset += variable_length(header);
750 }
751
752 _currentOffset = (uint32_t)offset;
753
754 DEBUG_ALWAYS("_commonSize %#x, _systemSize %#x, _currentOffset %#x\n", _commonSize, _systemSize, _currentOffset);
755
756 ret = handleEphDM();
757 verify_noerr_action(ret, panic("handleEphDM failed with ret=%08x", ret));
758
759 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
760
761 _newData = true;
762
763 if (_provider->_diags) {
764 OSSharedPtr<OSNumber> val = OSNumber::withNumber(getSystemUsed(), 32);
765 _provider->_diags->setProperty(kNVRAMSystemUsedKey, val.get());
766 DEBUG_INFO("%s=%u\n", kNVRAMSystemUsedKey, getSystemUsed());
767
768 val = OSNumber::withNumber(getCommonUsed(), 32);
769 _provider->_diags->setProperty(kNVRAMCommonUsedKey, val.get());
770 DEBUG_INFO("%s=%u\n", kNVRAMCommonUsedKey, getCommonUsed());
771 }
772
773 return ret;
774 }
775
776 IOReturn
setVariableInternal(const uuid_t varGuid,const char * variableName,OSObject * object)777 IONVRAMV3Handler::setVariableInternal(const uuid_t varGuid, const char *variableName, OSObject *object)
778 {
779 struct nvram_v3_var_entry *v3Entry = nullptr;
780 struct nvram_v3_var_entry *newV3Entry;
781 OSSharedPtr<OSData> newContainer;
782 OSSharedPtr<const OSSymbol> canonicalKey;
783 bool unset = (object == nullptr);
784 bool system = false;
785 IOReturn ret = kIOReturnSuccess;
786 size_t entryNameLen = strlen(variableName) + 1;
787 unsigned int existingEntryIndex;
788 uint32_t dataSize = 0;
789 size_t existingVariableSize = 0;
790 size_t newVariableSize = 0;
791 size_t newEntrySize;
792 uuid_string_t uuidString;
793
794 // Anyone calling setVariableInternal should've already held the lock for write.
795 NVRAMRWLOCKASSERTEXCLUSIVE(_variableLock);
796
797 system = (uuid_compare(varGuid, gAppleSystemVariableGuid) == 0);
798 canonicalKey = keyWithGuidAndCString(varGuid, variableName);
799
800 uuid_unparse(varGuid, uuidString);
801 DEBUG_INFO("setting %s:%s, system=%d, current var count=%u\n", uuidString, variableName, system, _varEntries->getCount());
802
803 findExistingEntry(varGuid, variableName, &v3Entry, &existingEntryIndex);
804
805 if (unset == true) {
806 setEntryForRemove(v3Entry, system);
807 } else {
808 if ((v3Entry != nullptr) && (v3Entry->new_state != VAR_NEW_STATE_REMOVE)) {
809 // Sizing was subtracted in setEntryForRemove
810 existingVariableSize = variable_length(&v3Entry->header);
811 }
812
813 convertObjectToProp(nullptr, &dataSize, variableName, object);
814
815 newVariableSize = sizeof(struct v3_var_header) + entryNameLen + dataSize;
816 newEntrySize = sizeof(struct nvram_v3_var_entry) + entryNameLen + dataSize;
817
818 if (system) {
819 if (_systemUsed - existingVariableSize + newVariableSize > _systemSize) {
820 DEBUG_ERROR("system region full\n");
821 ret = kIOReturnNoSpace;
822 goto exit;
823 }
824 } else if (_commonUsed - existingVariableSize + newVariableSize > _commonSize) {
825 DEBUG_ERROR("common region full\n");
826 ret = kIOReturnNoSpace;
827 goto exit;
828 }
829
830 DEBUG_INFO("creating new entry for %s, existingVariableSize=%#zx, newVariableSize=%#zx\n", variableName, existingVariableSize, newVariableSize);
831 newV3Entry = (struct nvram_v3_var_entry *)IOMallocZeroData(newEntrySize);
832
833 memcpy(newV3Entry->header.name_data_buf, variableName, entryNameLen);
834 convertObjectToProp(newV3Entry->header.name_data_buf + entryNameLen, &dataSize, variableName, object);
835
836 newV3Entry->header.startId = VARIABLE_DATA;
837 newV3Entry->header.nameSize = (uint32_t)entryNameLen;
838 newV3Entry->header.dataSize = dataSize;
839 newV3Entry->header.crc = crc32(0, newV3Entry->header.name_data_buf + entryNameLen, dataSize);
840 memcpy(newV3Entry->header.guid, varGuid, sizeof(gAppleNVRAMGuid));
841 newV3Entry->new_state = VAR_NEW_STATE_APPEND;
842
843 if (v3Entry) {
844 newV3Entry->existing_offset = v3Entry->existing_offset;
845 newV3Entry->header.state = v3Entry->header.state;
846 newV3Entry->header.attributes = v3Entry->header.attributes;
847
848 newContainer = OSData::withBytes(newV3Entry, (uint32_t)newEntrySize);
849 _varEntries->replaceObject(existingEntryIndex, newContainer.get());
850 } else {
851 newContainer = OSData::withBytes(newV3Entry, (uint32_t)newEntrySize);
852 _varEntries->setObject(newContainer.get());
853 }
854
855 if (system) {
856 _systemUsed = _systemUsed + (uint32_t)newVariableSize - (uint32_t)existingVariableSize;
857 } else {
858 _commonUsed = _commonUsed + (uint32_t)newVariableSize - (uint32_t)existingVariableSize;
859 }
860
861 _varDict->setObject(canonicalKey.get(), object);
862
863 if (_provider->_diags) {
864 _provider->_diags->logVariable(getPartitionTypeForGUID(varGuid),
865 kIONVRAMOperationWrite, variableName,
866 (void *)(uintptr_t)dataSize);
867 }
868
869 IOFreeData(newV3Entry, newEntrySize);
870 }
871
872 exit:
873 _newData = true;
874
875 if (_provider->_diags) {
876 OSSharedPtr<OSNumber> val = OSNumber::withNumber(getSystemUsed(), 32);
877 _provider->_diags->setProperty(kNVRAMSystemUsedKey, val.get());
878
879 val = OSNumber::withNumber(getCommonUsed(), 32);
880 _provider->_diags->setProperty(kNVRAMCommonUsedKey, val.get());
881 }
882
883 DEBUG_INFO("_commonUsed %#x, _systemUsed %#x\n", _commonUsed, _systemUsed);
884
885 return ret;
886 }
887
888 IOReturn
setVariable(const uuid_t varGuid,const char * variableName,OSObject * object)889 IONVRAMV3Handler::setVariable(const uuid_t varGuid, const char *variableName, OSObject *object)
890 {
891 uuid_t destGuid;
892 IOReturn ret = kIOReturnError;
893
894 if (strcmp(variableName, "reclaim-int") == 0) {
895 NVRAMLOCK(_controllerLock);
896 ret = reclaim();
897 NVRAMUNLOCK(_controllerLock);
898 return ret;
899 }
900
901 if (getSystemPartitionActive()) {
902 // System region case, if they're using the GUID directly or it's on the system allow list
903 // force it to use the System GUID
904 if ((uuid_compare(varGuid, gAppleSystemVariableGuid) == 0) || variableInAllowList(variableName)) {
905 uuid_copy(destGuid, gAppleSystemVariableGuid);
906 } else {
907 uuid_copy(destGuid, varGuid);
908 }
909 } else {
910 // No system region, store System GUID as Common GUID
911 if ((uuid_compare(varGuid, gAppleSystemVariableGuid) == 0) || variableInAllowList(variableName)) {
912 uuid_copy(destGuid, gAppleNVRAMGuid);
913 } else {
914 uuid_copy(destGuid, varGuid);
915 }
916 }
917
918 NVRAMWRITELOCK(_variableLock);
919 ret = setVariableInternal(destGuid, variableName, object);
920 NVRAMRWUNLOCK(_variableLock);
921
922 return ret;
923 }
924
925 uint32_t
findCurrentBank(void)926 IONVRAMV3Handler::findCurrentBank(void)
927 {
928 struct v3_store_header storeHeader;
929 uint32_t maxGen = 0;
930 uint32_t currentBank = 0;
931
932 NVRAMLOCKASSERTHELD(_controllerLock);
933
934 for (unsigned int i = 0; i < _bankCount; i++) {
935 _nvramController->select(i);
936 _nvramController->read(0, (uint8_t *)&storeHeader, sizeof(storeHeader));
937
938 if (valid_store_header(&storeHeader) && (storeHeader.generation >= maxGen)) {
939 currentBank = i;
940 maxGen = storeHeader.generation;
941 }
942 }
943
944 DEBUG_ALWAYS("currentBank=%#x, gen=%#x\n", currentBank, maxGen);
945
946 return currentBank;
947 }
948
949 bool
setController(IONVRAMController * controller)950 IONVRAMV3Handler::setController(IONVRAMController *controller)
951 {
952 IOReturn ret = kIOReturnSuccess;
953
954 NVRAMLOCK(_controllerLock);
955
956 if (_nvramController == NULL) {
957 _nvramController = controller;
958 }
959
960 DEBUG_INFO("Controller name: %s\n", _nvramController->getName());
961
962 require(_bankSize != 0, exit);
963
964 if (_resetData) {
965 _resetData = false;
966 DEBUG_ERROR("_resetData set, issuing reclaim recovery\n");
967 goto reclaim;
968 }
969
970 if (reloadInternal() == kIOReturnSuccess) {
971 goto exit;
972 }
973
974 reclaim:
975 ret = reclaim();
976 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, invalid controller state!!! ret=%#x\n", ret));
977 exit:
978 NVRAMUNLOCK(_controllerLock);
979 return ret == kIOReturnSuccess;
980 }
981
982 IOReturn
reclaim(void)983 IONVRAMV3Handler::reclaim(void)
984 {
985 IOReturn ret;
986 struct v3_store_header newStoreHeader;
987 struct v3_var_header *varHeader;
988 struct nvram_v3_var_entry *varEntry;
989 OSData *entryContainer;
990 size_t new_bank_offset = sizeof(struct v3_store_header);
991 uint32_t next_bank = (_currentBank + 1) % _bankCount;
992 uint8_t *bankData;
993 OSSharedPtr<OSArray> remainingEntries;
994
995 DEBUG_INFO("called\n");
996 NVRAMLOCKASSERTHELD(_controllerLock);
997
998 bankData = (uint8_t *)IOMallocData(_bankSize);
999 require_action(bankData != nullptr, exit, ret = kIOReturnNoMemory);
1000
1001 ret = _nvramController->select(next_bank);
1002 verify_noerr_action(ret, DEBUG_INFO("select of bank %#08x failed\n", next_bank));
1003
1004 ret = _nvramController->eraseBank();
1005 verify_noerr_action(ret, DEBUG_INFO("eraseBank failed, ret=%#08x\n", ret));
1006
1007 _currentBank = next_bank;
1008
1009 NVRAMREADLOCK(_variableLock);
1010
1011 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
1012
1013 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1014 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1015 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1016 varHeader = &varEntry->header;
1017
1018 DEBUG_INFO("entry %u %s, new_state=%#x, e_offset=%#lx, state=%#x\n",
1019 i, varEntry->header.name_data_buf, varEntry->new_state, varEntry->existing_offset, varHeader->state);
1020
1021 if ((varEntry->new_state == VAR_NEW_STATE_NONE) ||
1022 (varEntry->new_state == VAR_NEW_STATE_APPEND)) {
1023 varHeader->state = VAR_ADDED;
1024
1025 memcpy(bankData + new_bank_offset, (uint8_t *)varHeader, variable_length(varHeader));
1026
1027 varEntry->new_state = VAR_NEW_STATE_NONE;
1028 varEntry->existing_offset = new_bank_offset;
1029 new_bank_offset += variable_length(varHeader);
1030
1031 remainingEntries->setObject(entryContainer);
1032 } else {
1033 // entryContainer not added to remainingEntries, entry dropped
1034 }
1035 }
1036
1037 memcpy(&newStoreHeader, _nvramImage, sizeof(newStoreHeader));
1038
1039 _generation += 1;
1040
1041 newStoreHeader.generation = _generation;
1042
1043 memcpy(bankData, (uint8_t *)&newStoreHeader, sizeof(newStoreHeader));
1044
1045 ret = _nvramController->write(0, bankData, new_bank_offset);
1046 require_noerr_action(ret, unlock, DEBUG_ERROR("reclaim bank write failed, ret=%08x\n", ret));
1047
1048 _currentOffset = (uint32_t)new_bank_offset;
1049
1050 DEBUG_INFO("Reclaim complete, _currentBank=%u _generation=%u, _currentOffset=%#x\n", _currentBank, _generation, _currentOffset);
1051
1052 _newData = false;
1053 _varEntries.reset(remainingEntries.get(), OSRetain);
1054
1055 unlock:
1056 NVRAMRWUNLOCK(_variableLock);
1057 exit:
1058 IOFreeData(bankData, _bankSize);
1059
1060 return ret;
1061 }
1062
1063 size_t
getAppendSize(void)1064 IONVRAMV3Handler::getAppendSize(void)
1065 {
1066 struct nvram_v3_var_entry *varEntry;
1067 struct v3_var_header *varHeader;
1068 OSData *entryContainer;
1069 size_t appendSize = 0;
1070
1071 NVRAMRWLOCKASSERTHELD(_variableLock);
1072
1073 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1074 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1075 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1076 varHeader = &varEntry->header;
1077
1078 if (varEntry->new_state == VAR_NEW_STATE_APPEND) {
1079 appendSize += variable_length(varHeader);
1080 }
1081 }
1082
1083 return appendSize;
1084 }
1085
1086 IOReturn
syncRaw(void)1087 IONVRAMV3Handler::syncRaw(void)
1088 {
1089 IOReturn ret = kIOReturnSuccess;
1090 struct nvram_v3_var_entry *varEntry;
1091 struct v3_var_header *varHeader;
1092 OSData *entryContainer;
1093 OSSharedPtr<OSArray> remainingEntries;
1094 uint8_t *appendBuffer = nullptr;
1095 size_t appendBufferOffset = 0;
1096 size_t *invalidateOffsets = nullptr;
1097 size_t invalidateOffsetsCount = 0;
1098 size_t invalidateOffsetIndex = 0;
1099 size_t invalidatedSize = 0;
1100
1101 require_action(_nvramController != nullptr, exit, DEBUG_INFO("No _nvramController\n"));
1102 require_action(_newData == true, exit, DEBUG_INFO("No _newData to sync\n"));
1103 require_action(_bankSize != 0, exit, DEBUG_INFO("No nvram size info\n"));
1104
1105 NVRAMREADLOCK(_variableLock);
1106 DEBUG_INFO("_varEntries->getCount()=%#x\n", _varEntries->getCount());
1107
1108 if (getAppendSize() + _currentOffset < _bankSize) {
1109 // No reclaim, build append and invalidate list
1110 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
1111
1112 appendBuffer = (uint8_t *)IOMallocData(_bankSize);
1113 require_action(appendBuffer, unlock, ret = kIOReturnNoMemory);
1114
1115 invalidateOffsetsCount = _varEntries->getCount();
1116 invalidateOffsets = (size_t *)IOMallocData(invalidateOffsetsCount * sizeof(size_t));
1117 require_action(invalidateOffsets, unlock, ret = kIOReturnNoMemory);
1118
1119 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1120 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1121 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1122 varHeader = &varEntry->header;
1123
1124 DEBUG_INFO("entry %s, new_state=%#02x state=%#02x, existing_offset=%#zx\n",
1125 varEntry->header.name_data_buf, varEntry->new_state, varEntry->header.state, varEntry->existing_offset);
1126
1127 if (varEntry->new_state == VAR_NEW_STATE_APPEND) {
1128 size_t varSize = variable_length(varHeader);
1129 size_t prevOffset = varEntry->existing_offset;
1130
1131 varHeader->state = VAR_ADDED;
1132 varEntry->existing_offset = _currentOffset + appendBufferOffset;
1133 varEntry->new_state = VAR_NEW_STATE_NONE;
1134
1135 DEBUG_INFO("Appending %s in append buffer offset %#zx, actual offset %#zx, prevOffset %#zx, varsize=%#zx\n",
1136 varEntry->header.name_data_buf, appendBufferOffset, varEntry->existing_offset, prevOffset, varSize);
1137
1138 // Write to append buffer
1139 memcpy(appendBuffer + appendBufferOffset, (uint8_t *)varHeader, varSize);
1140 appendBufferOffset += varSize;
1141
1142 if (prevOffset) {
1143 invalidateOffsets[invalidateOffsetIndex++] = prevOffset;
1144 invalidatedSize += variable_length((struct v3_var_header *)prevOffset);
1145 }
1146
1147 remainingEntries->setObject(entryContainer);
1148 } else if (varEntry->new_state == VAR_NEW_STATE_REMOVE) {
1149 if (varEntry->existing_offset) {
1150 DEBUG_INFO("marking entry at offset %#lx deleted\n", varEntry->existing_offset);
1151
1152 invalidateOffsets[invalidateOffsetIndex++] = varEntry->existing_offset;
1153 invalidatedSize += variable_length((struct v3_var_header *)varEntry->existing_offset);
1154 } else {
1155 DEBUG_INFO("No existing_offset , removing\n");
1156 }
1157
1158 // not re-added to remainingEntries
1159 } else {
1160 DEBUG_INFO("skipping\n");
1161 remainingEntries->setObject(entryContainer);
1162 }
1163 }
1164
1165 if (appendBufferOffset > 0) {
1166 // Write appendBuffer
1167 DEBUG_INFO("Appending append buffer size=%#zx at offset=%#x\n", appendBufferOffset, _currentOffset);
1168 ret = _nvramController->write(_currentOffset, appendBuffer, appendBufferOffset);
1169 require_noerr_action(ret, unlock, DEBUG_ERROR("could not re-append, ret=%#x\n", ret));
1170
1171 _currentOffset += appendBufferOffset;
1172 } else {
1173 DEBUG_INFO("No entries to append\n");
1174 }
1175
1176 if (invalidateOffsetIndex > 0) {
1177 // Invalidate Entries
1178 for (unsigned int i = 0; i < invalidateOffsetIndex; i++) {
1179 uint8_t state = VAR_ADDED & VAR_DELETED & VAR_IN_DELETED_TRANSITION;
1180
1181 ret = _nvramController->write(invalidateOffsets[i] + offsetof(struct v3_var_header, state), &state, sizeof(state));
1182 require_noerr_action(ret, unlock, DEBUG_ERROR("unable to invalidate at offset %#zx, ret=%#x\n", invalidateOffsets[i], ret));
1183 DEBUG_INFO("Invalidated entry at offset=%#zx\n", invalidateOffsets[i]);
1184 }
1185 } else {
1186 DEBUG_INFO("No entries to invalidate\n");
1187 }
1188
1189 _newData = false;
1190 _varEntries.reset(remainingEntries.get(), OSRetain);
1191 unlock:
1192 NVRAMRWUNLOCK(_variableLock);
1193 } else {
1194 // Will need to reclaim, rebuild store and write everything at once
1195 NVRAMRWUNLOCK(_variableLock);
1196 ret = reclaim();
1197 }
1198
1199 exit:
1200 IOFreeData(appendBuffer, _bankSize);
1201 IOFreeData(invalidateOffsets, invalidateOffsetsCount * sizeof(size_t));
1202
1203 return ret;
1204 }
1205
1206 IOReturn
syncBlock(void)1207 IONVRAMV3Handler::syncBlock(void)
1208 {
1209 IOReturn ret = kIOReturnSuccess;
1210 struct v3_store_header newStoreHeader;
1211 struct v3_var_header *varHeader;
1212 struct nvram_v3_var_entry *varEntry;
1213 OSData *entryContainer;
1214 size_t new_bank_offset = sizeof(struct v3_store_header);
1215 uint8_t *block;
1216 OSSharedPtr<OSArray> remainingEntries;
1217 uint32_t next_bank = (_currentBank + 1) % _bankCount;
1218
1219 DEBUG_INFO("called\n");
1220
1221 require_action(_nvramController != nullptr, exit, DEBUG_INFO("No _nvramController\n"));
1222 require_action(_newData == true, exit, DEBUG_INFO("No _newData to sync\n"));
1223 require_action(_bankSize != 0, exit, DEBUG_INFO("No nvram size info\n"));
1224
1225 block = (uint8_t *)IOMallocData(_bankSize);
1226
1227 NVRAMREADLOCK(_variableLock);
1228 remainingEntries = OSArray::withCapacity(_varEntries->getCapacity());
1229
1230 ret = _nvramController->select(next_bank);
1231 verify_noerr_action(ret, DEBUG_INFO("select of bank %#x failed\n", next_bank));
1232
1233 ret = _nvramController->eraseBank();
1234 verify_noerr_action(ret, DEBUG_INFO("eraseBank failed, ret=%#08x\n", ret));
1235
1236 _currentBank = next_bank;
1237
1238 memcpy(&newStoreHeader, _nvramImage, sizeof(newStoreHeader));
1239
1240 _generation += 1;
1241
1242 newStoreHeader.generation = _generation;
1243
1244 memcpy(block, (uint8_t *)&newStoreHeader, sizeof(newStoreHeader));
1245
1246 for (unsigned int i = 0; i < _varEntries->getCount(); i++) {
1247 entryContainer = OSDynamicCast(OSData, _varEntries->getObject(i));
1248 varEntry = (struct nvram_v3_var_entry *)entryContainer->getBytesNoCopy();
1249 varHeader = &varEntry->header;
1250
1251 DEBUG_INFO("entry %u %s, new_state=%#x, e_offset=%#lx, state=%#x\n",
1252 i, varEntry->header.name_data_buf, varEntry->new_state, varEntry->existing_offset, varHeader->state);
1253
1254 if (varEntry->new_state != VAR_NEW_STATE_REMOVE) {
1255 varHeader->state = VAR_ADDED;
1256
1257 memcpy(block + new_bank_offset, (uint8_t *)varHeader, variable_length(varHeader));
1258
1259 varEntry->existing_offset = new_bank_offset;
1260 new_bank_offset += variable_length(varHeader);
1261 varEntry->new_state = VAR_NEW_STATE_NONE;
1262
1263 remainingEntries->setObject(entryContainer);
1264 } else {
1265 DEBUG_INFO("Dropping %s\n", varEntry->header.name_data_buf);
1266 }
1267 }
1268
1269 ret = _nvramController->write(0, block, _bankSize);
1270 verify_noerr_action(ret, DEBUG_ERROR("w fail, ret=%#x\n", ret));
1271
1272 _nvramController->sync();
1273
1274 _varEntries.reset(remainingEntries.get(), OSRetain);
1275 NVRAMRWUNLOCK(_variableLock);
1276
1277 _newData = false;
1278
1279 DEBUG_INFO("Save complete, _generation=%u\n", _generation);
1280
1281 IOFreeData(block, _bankSize);
1282
1283 exit:
1284 return ret;
1285 }
1286
1287 IOReturn
sync(void)1288 IONVRAMV3Handler::sync(void)
1289 {
1290 IOReturn ret;
1291
1292 NVRAMLOCK(_controllerLock);
1293
1294 if (_reload) {
1295 ret = reloadInternal();
1296 if (ret != kIOReturnSuccess) {
1297 DEBUG_ERROR("Reload failed, ret=%#x, reclaiming\n", ret);
1298 ret = reclaim();
1299 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, ret=%#x\n", ret));
1300 }
1301 _reload = false;
1302 }
1303
1304 if (_rawController == true) {
1305 ret = syncRaw();
1306
1307 if (ret != kIOReturnSuccess) {
1308 ret = reclaim();
1309 require_noerr_action(ret, exit, DEBUG_ERROR("Reclaim recovery failed, ret=%#x\n", ret));
1310 }
1311 } else {
1312 ret = syncBlock();
1313 }
1314
1315 exit:
1316 NVRAMUNLOCK(_controllerLock);
1317 return ret;
1318 }
1319
1320 uint32_t
getGeneration(void) const1321 IONVRAMV3Handler::getGeneration(void) const
1322 {
1323 return _generation;
1324 }
1325
1326 uint32_t
getVersion(void) const1327 IONVRAMV3Handler::getVersion(void) const
1328 {
1329 return kNVRAMVersion3;
1330 }
1331
1332 uint32_t
getSystemUsed(void) const1333 IONVRAMV3Handler::getSystemUsed(void) const
1334 {
1335 return _systemUsed;
1336 }
1337
1338 uint32_t
getCommonUsed(void) const1339 IONVRAMV3Handler::getCommonUsed(void) const
1340 {
1341 return _commonUsed;
1342 }
1343
1344 bool
getSystemPartitionActive(void) const1345 IONVRAMV3Handler::getSystemPartitionActive(void) const
1346 {
1347 return _systemSize != 0;
1348 }
1349
1350 bool
convertObjectToProp(uint8_t * buffer,uint32_t * length,const char * propName,OSObject * propObject)1351 IONVRAMV3Handler::convertObjectToProp(uint8_t *buffer, uint32_t *length,
1352 const char *propName, OSObject *propObject)
1353 {
1354 uint32_t offset;
1355 IONVRAMVariableType propType;
1356 OSBoolean *tmpBoolean = nullptr;
1357 OSNumber *tmpNumber = nullptr;
1358 OSString *tmpString = nullptr;
1359 OSData *tmpData = nullptr;
1360
1361 propType = getVariableType(propName);
1362
1363 // Get the size of the data.
1364 offset = 0;
1365 switch (propType) {
1366 case kOFVariableTypeBoolean:
1367 tmpBoolean = OSDynamicCast(OSBoolean, propObject);
1368 if (tmpBoolean != nullptr) {
1369 const char *bool_buf;
1370 if (tmpBoolean->getValue()) {
1371 bool_buf = "true";
1372 } else {
1373 bool_buf = "false";
1374 }
1375
1376 offset = (uint32_t)strlen(bool_buf);
1377
1378 if (buffer) {
1379 if (*length < offset) {
1380 return false;
1381 } else {
1382 memcpy(buffer, bool_buf, offset);
1383 }
1384 }
1385 }
1386 break;
1387
1388 case kOFVariableTypeNumber:
1389 tmpNumber = OSDynamicCast(OSNumber, propObject);
1390 if (tmpNumber != nullptr) {
1391 char num_buf[12];
1392 char *end_buf = num_buf;
1393 uint32_t tmpValue = tmpNumber->unsigned32BitValue();
1394 if (tmpValue == 0xFFFFFFFF) {
1395 end_buf += snprintf(end_buf, sizeof(num_buf), "-1");
1396 } else if (tmpValue < 1000) {
1397 end_buf += snprintf(end_buf, sizeof(num_buf), "%d", (uint32_t)tmpValue);
1398 } else {
1399 end_buf += snprintf(end_buf, sizeof(num_buf), "%#x", (uint32_t)tmpValue);
1400 }
1401
1402 offset = (uint32_t)(end_buf - num_buf);
1403 if (buffer) {
1404 if (*length < offset) {
1405 return false;
1406 } else {
1407 memcpy(buffer, num_buf, offset);
1408 }
1409 }
1410 }
1411 break;
1412
1413 case kOFVariableTypeString:
1414 tmpString = OSDynamicCast(OSString, propObject);
1415 if (tmpString != nullptr) {
1416 offset = tmpString->getLength();
1417
1418 if (buffer) {
1419 if (*length < offset) {
1420 return false;
1421 } else {
1422 bcopy(tmpString->getCStringNoCopy(), buffer, offset);
1423 }
1424 }
1425 }
1426 break;
1427
1428 case kOFVariableTypeData:
1429 tmpData = OSDynamicCast(OSData, propObject);
1430 if (tmpData != nullptr) {
1431 offset = tmpData->getLength();
1432
1433 if (buffer) {
1434 if (*length < offset) {
1435 return false;
1436 } else {
1437 bcopy(tmpData->getBytesNoCopy(), buffer, offset);
1438 }
1439 }
1440 }
1441 break;
1442
1443 default:
1444 return false;
1445 }
1446
1447 *length = offset;
1448
1449 return offset != 0;
1450 }
1451
1452
1453 bool
convertPropToObject(const uint8_t * propName,uint32_t propNameLength,const uint8_t * propData,uint32_t propDataLength,OSSharedPtr<const OSSymbol> & propSymbol,OSSharedPtr<OSObject> & propObject)1454 IONVRAMV3Handler::convertPropToObject(const uint8_t *propName, uint32_t propNameLength,
1455 const uint8_t *propData, uint32_t propDataLength,
1456 OSSharedPtr<const OSSymbol>& propSymbol,
1457 OSSharedPtr<OSObject>& propObject)
1458 {
1459 OSSharedPtr<const OSSymbol> tmpSymbol;
1460 OSSharedPtr<OSNumber> tmpNumber;
1461 OSSharedPtr<OSString> tmpString;
1462 OSSharedPtr<OSObject> tmpObject = nullptr;
1463
1464 tmpSymbol = OSSymbol::withCString((const char *)propName);
1465
1466 if (tmpSymbol == nullptr) {
1467 return false;
1468 }
1469
1470 switch (getVariableType(tmpSymbol.get())) {
1471 case kOFVariableTypeBoolean:
1472 if (!strncmp("true", (const char *)propData, propDataLength)) {
1473 tmpObject.reset(kOSBooleanTrue, OSRetain);
1474 } else if (!strncmp("false", (const char *)propData, propDataLength)) {
1475 tmpObject.reset(kOSBooleanFalse, OSRetain);
1476 }
1477 break;
1478
1479 case kOFVariableTypeNumber:
1480 tmpNumber = OSNumber::withNumber(strtol((const char *)propData, nullptr, 0), 32);
1481 if (tmpNumber != nullptr) {
1482 tmpObject = tmpNumber;
1483 }
1484 break;
1485
1486 case kOFVariableTypeString:
1487 tmpString = OSString::withCString((const char *)propData, propDataLength);
1488 if (tmpString != nullptr) {
1489 tmpObject = tmpString;
1490 }
1491 break;
1492
1493 case kOFVariableTypeData:
1494 tmpObject = OSData::withBytes(propData, propDataLength);
1495 break;
1496
1497 default:
1498 break;
1499 }
1500
1501 if (tmpObject == nullptr) {
1502 tmpSymbol.reset();
1503 return false;
1504 }
1505
1506 propSymbol = tmpSymbol;
1507 propObject = tmpObject;
1508
1509 return true;
1510 }
1511
1512 IOReturn
getVarDict(OSSharedPtr<OSDictionary> & varDictCopy)1513 IONVRAMV3Handler::getVarDict(OSSharedPtr<OSDictionary> &varDictCopy)
1514 {
1515 IOReturn ret = kIOReturnNotFound;
1516
1517 NVRAMREADLOCK(_variableLock);
1518 if (_varDict) {
1519 varDictCopy = OSDictionary::withDictionary(_varDict.get());
1520 if (varDictCopy) {
1521 if (OSDictionary::withCapacity(varDictCopy->getCount()) != nullptr) {
1522 ret = kIOReturnSuccess;
1523 }
1524 }
1525 }
1526 NVRAMRWUNLOCK(_variableLock);
1527
1528 return ret;
1529 }
1530