1 /*
2 * Copyright (c) 1998-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #include <IOKit/IOBSD.h>
29 #include <IOKit/IOLib.h>
30 #include <IOKit/IOService.h>
31 #include <IOKit/IOCatalogue.h>
32 #include <IOKit/IODeviceTreeSupport.h>
33 #include <IOKit/IOKitKeys.h>
34 #include <IOKit/IONVRAM.h>
35 #include <IOKit/IOPlatformExpert.h>
36 #include <IOKit/IOUserClient.h>
37 #include <libkern/c++/OSAllocation.h>
38
39 extern "C" {
40 #include <libkern/amfi/amfi.h>
41 #include <sys/codesign.h>
42 #include <vm/pmap.h>
43 #include <vm/vm_map.h>
44 #include <pexpert/pexpert.h>
45 #include <kern/clock.h>
46 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
47 #include <kern/debug.h>
48 #endif
49 #include <mach/machine.h>
50 #include <uuid/uuid.h>
51 #include <sys/vnode_internal.h>
52 #include <sys/mount.h>
53
54 // how long to wait for matching root device, secs
55 #if DEBUG
56 #define ROOTDEVICETIMEOUT 120
57 #else
58 #define ROOTDEVICETIMEOUT 60
59 #endif
60
61 extern dev_t mdevadd(int devid, uint64_t base, unsigned int size, int phys);
62 extern dev_t mdevlookup(int devid);
63 extern void mdevremoveall(void);
64 extern int mdevgetrange(int devid, uint64_t *base, uint64_t *size);
65 extern void di_root_ramfile(IORegistryEntry * entry);
66 extern int IODTGetDefault(const char *key, void *infoAddr, unsigned int infoSize);
67 extern boolean_t cpuid_vmm_present(void);
68
69 #define ROUNDUP(a, b) (((a) + ((b) - 1)) & (~((b) - 1)))
70
71 #define IOPOLLED_COREFILE (CONFIG_KDP_INTERACTIVE_DEBUGGING)
72
73 #if defined(XNU_TARGET_OS_BRIDGE)
74 #define kIOCoreDumpPath "/private/var/internal/kernelcore"
75 #elif defined(XNU_TARGET_OS_OSX)
76 #define kIOCoreDumpPath "/System/Volumes/VM/kernelcore"
77 #else
78 #define kIOCoreDumpPath "/private/var/vm/kernelcore"
79 #endif
80
81 #define SYSTEM_NVRAM_PREFIX "40A0DDD2-77F8-4392-B4A3-1E7304206516:"
82
83 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
84 /*
85 * Touched by IOFindBSDRoot() if a RAMDisk is used for the root device.
86 */
87 extern uint64_t kdp_core_ramdisk_addr;
88 extern uint64_t kdp_core_ramdisk_size;
89
90 /*
91 * A callback to indicate that the polled-mode corefile is now available.
92 */
93 extern kern_return_t kdp_core_polled_io_polled_file_available(IOCoreFileAccessCallback access_data, void *access_context, void *recipient_context);
94
95 /*
96 * A callback to indicate that the polled-mode corefile is no longer available.
97 */
98 extern kern_return_t kdp_core_polled_io_polled_file_unavailable(void);
99 #endif
100
101 #if IOPOLLED_COREFILE
102 static void IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename);
103
104 thread_call_t corefile_open_call = NULL;
105 #endif
106
107 kern_return_t
IOKitBSDInit(void)108 IOKitBSDInit( void )
109 {
110 IOService::publishResource("IOBSD");
111
112 #if IOPOLLED_COREFILE
113 corefile_open_call = thread_call_allocate_with_options(IOOpenPolledCoreFile, NULL, THREAD_CALL_PRIORITY_KERNEL, THREAD_CALL_OPTIONS_ONCE);
114 #endif
115
116 return kIOReturnSuccess;
117 }
118
119 void
IOServicePublishResource(const char * property,boolean_t value)120 IOServicePublishResource( const char * property, boolean_t value )
121 {
122 if (value) {
123 IOService::publishResource( property, kOSBooleanTrue );
124 } else {
125 IOService::getResourceService()->removeProperty( property );
126 }
127 }
128
129 boolean_t
IOServiceWaitForMatchingResource(const char * property,uint64_t timeout)130 IOServiceWaitForMatchingResource( const char * property, uint64_t timeout )
131 {
132 OSDictionary * dict = NULL;
133 IOService * match = NULL;
134 boolean_t found = false;
135
136 do {
137 dict = IOService::resourceMatching( property );
138 if (!dict) {
139 continue;
140 }
141 match = IOService::waitForMatchingService( dict, timeout );
142 if (match) {
143 found = true;
144 }
145 } while (false);
146
147 if (dict) {
148 dict->release();
149 }
150 if (match) {
151 match->release();
152 }
153
154 return found;
155 }
156
157 boolean_t
IOCatalogueMatchingDriversPresent(const char * property)158 IOCatalogueMatchingDriversPresent( const char * property )
159 {
160 OSDictionary * dict = NULL;
161 OSOrderedSet * set = NULL;
162 SInt32 generationCount = 0;
163 boolean_t found = false;
164
165 do {
166 dict = OSDictionary::withCapacity(1);
167 if (!dict) {
168 continue;
169 }
170 dict->setObject( property, kOSBooleanTrue );
171 set = gIOCatalogue->findDrivers( dict, &generationCount );
172 if (set && (set->getCount() > 0)) {
173 found = true;
174 }
175 } while (false);
176
177 if (dict) {
178 dict->release();
179 }
180 if (set) {
181 set->release();
182 }
183
184 return found;
185 }
186
187 OSDictionary *
IOBSDNameMatching(const char * name)188 IOBSDNameMatching( const char * name )
189 {
190 OSDictionary * dict;
191 const OSSymbol * str = NULL;
192
193 do {
194 dict = IOService::serviceMatching( gIOServiceKey );
195 if (!dict) {
196 continue;
197 }
198 str = OSSymbol::withCString( name );
199 if (!str) {
200 continue;
201 }
202 dict->setObject( kIOBSDNameKey, (OSObject *) str );
203 str->release();
204
205 return dict;
206 } while (false);
207
208 if (dict) {
209 dict->release();
210 }
211 if (str) {
212 str->release();
213 }
214
215 return NULL;
216 }
217
218 OSDictionary *
IOUUIDMatching(void)219 IOUUIDMatching( void )
220 {
221 return IOService::resourceMatching( "boot-uuid-media" );
222 }
223
224 OSDictionary *
IONetworkNamePrefixMatching(const char * prefix)225 IONetworkNamePrefixMatching( const char * prefix )
226 {
227 OSDictionary * matching;
228 OSDictionary * propDict = NULL;
229 const OSSymbol * str = NULL;
230 char networkType[128];
231
232 do {
233 matching = IOService::serviceMatching( "IONetworkInterface" );
234 if (matching == NULL) {
235 continue;
236 }
237
238 propDict = OSDictionary::withCapacity(1);
239 if (propDict == NULL) {
240 continue;
241 }
242
243 str = OSSymbol::withCString( prefix );
244 if (str == NULL) {
245 continue;
246 }
247
248 propDict->setObject( "IOInterfaceNamePrefix", (OSObject *) str );
249 str->release();
250 str = NULL;
251
252 // see if we're contrained to netroot off of specific network type
253 if (PE_parse_boot_argn( "network-type", networkType, 128 )) {
254 str = OSSymbol::withCString( networkType );
255 if (str) {
256 propDict->setObject( "IONetworkRootType", str);
257 str->release();
258 str = NULL;
259 }
260 }
261
262 if (matching->setObject( gIOPropertyMatchKey,
263 (OSObject *) propDict ) != true) {
264 continue;
265 }
266
267 propDict->release();
268 propDict = NULL;
269
270 return matching;
271 } while (false);
272
273 if (matching) {
274 matching->release();
275 }
276 if (propDict) {
277 propDict->release();
278 }
279 if (str) {
280 str->release();
281 }
282
283 return NULL;
284 }
285
286 static bool
IORegisterNetworkInterface(IOService * netif)287 IORegisterNetworkInterface( IOService * netif )
288 {
289 // A network interface is typically named and registered
290 // with BSD after receiving a request from a user space
291 // "namer". However, for cases when the system needs to
292 // root from the network, this registration task must be
293 // done inside the kernel and completed before the root
294 // device is handed to BSD.
295
296 IOService * stack;
297 OSNumber * zero = NULL;
298 OSString * path = NULL;
299 OSDictionary * dict = NULL;
300 OSDataAllocation<char> pathBuf;
301 int len;
302 enum { kMaxPathLen = 512 };
303
304 do {
305 stack = IOService::waitForService(
306 IOService::serviceMatching("IONetworkStack"));
307 if (stack == NULL) {
308 break;
309 }
310
311 dict = OSDictionary::withCapacity(3);
312 if (dict == NULL) {
313 break;
314 }
315
316 zero = OSNumber::withNumber((UInt64) 0, 32);
317 if (zero == NULL) {
318 break;
319 }
320
321 pathBuf = OSDataAllocation<char>( kMaxPathLen, OSAllocateMemory );
322 if (!pathBuf) {
323 break;
324 }
325
326 len = kMaxPathLen;
327 if (netif->getPath( pathBuf.data(), &len, gIOServicePlane )
328 == false) {
329 break;
330 }
331
332 path = OSString::withCStringNoCopy(pathBuf.data());
333 if (path == NULL) {
334 break;
335 }
336
337 dict->setObject( "IOInterfaceUnit", zero );
338 dict->setObject( kIOPathMatchKey, path );
339
340 stack->setProperties( dict );
341 }while (false);
342
343 if (zero) {
344 zero->release();
345 }
346 if (path) {
347 path->release();
348 }
349 if (dict) {
350 dict->release();
351 }
352
353 return netif->getProperty( kIOBSDNameKey ) != NULL;
354 }
355
356 OSDictionary *
IOOFPathMatching(const char * path,char * buf,int maxLen)357 IOOFPathMatching( const char * path, char * buf, int maxLen )
358 {
359 OSDictionary * matching = NULL;
360 OSString * str;
361 char * comp;
362 int len;
363
364 do {
365 len = ((int) strlen( kIODeviceTreePlane ":" ));
366 maxLen -= len;
367 if (maxLen <= 0) {
368 continue;
369 }
370
371 strlcpy( buf, kIODeviceTreePlane ":", len + 1 );
372 comp = buf + len;
373
374 len = ((int) strnlen( path, INT_MAX ));
375 maxLen -= len;
376 if (maxLen <= 0) {
377 continue;
378 }
379 strlcpy( comp, path, len + 1 );
380
381 matching = OSDictionary::withCapacity( 1 );
382 if (!matching) {
383 continue;
384 }
385
386 str = OSString::withCString( buf );
387 if (!str) {
388 continue;
389 }
390 matching->setObject( kIOPathMatchKey, str );
391 str->release();
392
393 return matching;
394 } while (false);
395
396 if (matching) {
397 matching->release();
398 }
399
400 return NULL;
401 }
402
403 static int didRam = 0;
404 enum { kMaxPathBuf = 512, kMaxBootVar = 128 };
405
406 bool
IOGetBootUUID(char * uuid)407 IOGetBootUUID(char *uuid)
408 {
409 IORegistryEntry *entry;
410 OSData *uuid_data = NULL;
411 bool result = false;
412
413 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
414 uuid_data = (OSData *)entry->getProperty("boot-uuid");
415 if (uuid_data) {
416 unsigned int length = uuid_data->getLength();
417 if (length <= sizeof(uuid_string_t)) {
418 /* ensure caller's buffer is fully initialized: */
419 bzero(uuid, sizeof(uuid_string_t));
420 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
421 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
422 /* guarantee nul-termination: */
423 uuid[sizeof(uuid_string_t) - 1] = '\0';
424 result = true;
425 } else {
426 uuid = NULL;
427 }
428 }
429 OSSafeReleaseNULL(entry);
430 }
431 return result;
432 }
433
434 bool
IOGetApfsPrebootUUID(char * uuid)435 IOGetApfsPrebootUUID(char *uuid)
436 {
437 IORegistryEntry *entry;
438 OSData *uuid_data = NULL;
439 bool result = false;
440
441 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
442 uuid_data = (OSData *)entry->getProperty("apfs-preboot-uuid");
443
444 if (uuid_data) {
445 unsigned int length = uuid_data->getLength();
446 if (length <= sizeof(uuid_string_t)) {
447 /* ensure caller's buffer is fully initialized: */
448 bzero(uuid, sizeof(uuid_string_t));
449 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
450 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
451 /* guarantee nul-termination: */
452 uuid[sizeof(uuid_string_t) - 1] = '\0';
453 result = true;
454 } else {
455 uuid = NULL;
456 }
457 }
458 OSSafeReleaseNULL(entry);
459 }
460 return result;
461 }
462
463 bool
IOGetAssociatedApfsVolgroupUUID(char * uuid)464 IOGetAssociatedApfsVolgroupUUID(char *uuid)
465 {
466 IORegistryEntry *entry;
467 OSData *uuid_data = NULL;
468 bool result = false;
469
470 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
471 uuid_data = (OSData *)entry->getProperty("associated-volume-group");
472
473 if (uuid_data) {
474 unsigned int length = uuid_data->getLength();
475
476 if (length <= sizeof(uuid_string_t)) {
477 /* ensure caller's buffer is fully initialized: */
478 bzero(uuid, sizeof(uuid_string_t));
479 /* copy the content of uuid_data->getBytesNoCopy() into uuid */
480 memcpy(uuid, uuid_data->getBytesNoCopy(), length);
481 /* guarantee nul-termination: */
482 uuid[sizeof(uuid_string_t) - 1] = '\0';
483 result = true;
484 } else {
485 uuid = NULL;
486 }
487 }
488 OSSafeReleaseNULL(entry);
489 }
490 return result;
491 }
492
493 bool
IOGetBootObjectsPath(char * path_prefix)494 IOGetBootObjectsPath(char *path_prefix)
495 {
496 IORegistryEntry *entry;
497 OSData *path_prefix_data = NULL;
498 bool result = false;
499
500 if ((entry = IORegistryEntry::fromPath("/chosen", gIODTPlane))) {
501 path_prefix_data = (OSData *)entry->getProperty("boot-objects-path");
502
503 if (path_prefix_data) {
504 unsigned int length = path_prefix_data->getLength();
505
506 if (length <= MAXPATHLEN) {
507 /* ensure caller's buffer is fully initialized: */
508 bzero(path_prefix, MAXPATHLEN);
509 /* copy the content of path_prefix_data->getBytesNoCopy() into path_prefix */
510 memcpy(path_prefix, path_prefix_data->getBytesNoCopy(), length);
511 /* guarantee nul-termination: */
512 path_prefix[MAXPATHLEN - 1] = '\0';
513 result = true;
514 } else {
515 path_prefix = NULL;
516 }
517 }
518 OSSafeReleaseNULL(entry);
519 }
520 return result;
521 }
522
523 /*
524 * Set NVRAM to boot into the right flavor of Recovery,
525 * optionally passing a UUID of a volume that failed to boot.
526 * If `reboot` is true, reboot immediately.
527 *
528 * Returns true if `mode` was understood, false otherwise.
529 * (Does not return if `reboot` is true.)
530 */
531 boolean_t
IOSetRecoveryBoot(bsd_bootfail_mode_t mode,uuid_t volume_uuid,boolean_t reboot)532 IOSetRecoveryBoot(bsd_bootfail_mode_t mode, uuid_t volume_uuid, boolean_t reboot)
533 {
534 IODTNVRAM *nvram = NULL;
535 const OSSymbol *boot_command_sym = NULL;
536 OSString *boot_command_recover = NULL;
537
538 if (mode == BSD_BOOTFAIL_SEAL_BROKEN) {
539 const char *boot_mode = "ssv-seal-broken";
540 uuid_string_t volume_uuid_str;
541
542 // Set `recovery-broken-seal-uuid = <volume_uuid>`.
543 if (volume_uuid) {
544 uuid_unparse_upper(volume_uuid, volume_uuid_str);
545
546 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-broken-seal-uuid",
547 volume_uuid_str, sizeof(uuid_string_t))) {
548 IOLog("Failed to write recovery-broken-seal-uuid to NVRAM.\n");
549 }
550 }
551
552 // Set `recovery-boot-mode = ssv-seal-broken`.
553 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "recovery-boot-mode", boot_mode,
554 (const unsigned int) strlen(boot_mode))) {
555 IOLog("Failed to write recovery-boot-mode to NVRAM.\n");
556 }
557 } else if (mode == BSD_BOOTFAIL_MEDIA_MISSING) {
558 const char *boot_picker_reason = "missing-boot-media";
559
560 // Set `boot-picker-bringup-reason = missing-boot-media`.
561 if (!PEWriteNVRAMProperty(SYSTEM_NVRAM_PREFIX "boot-picker-bringup-reason",
562 boot_picker_reason, (const unsigned int) strlen(boot_picker_reason))) {
563 IOLog("Failed to write boot-picker-bringup-reason to NVRAM.\n");
564 }
565
566 // Set `boot-command = recover-system`.
567
568 // Construct an OSSymbol and an OSString to be the (key, value) pair
569 // we write to NVRAM. Unfortunately, since our value must be an OSString
570 // instead of an OSData, we cannot use PEWriteNVRAMProperty() here.
571 boot_command_sym = OSSymbol::withCStringNoCopy(SYSTEM_NVRAM_PREFIX "boot-command");
572 boot_command_recover = OSString::withCStringNoCopy("recover-system");
573 if (boot_command_sym == NULL || boot_command_recover == NULL) {
574 IOLog("Failed to create boot-command strings.\n");
575 goto do_reboot;
576 }
577
578 // Wait for NVRAM to be readable...
579 nvram = OSDynamicCast(IODTNVRAM, IOService::waitForService(
580 IOService::serviceMatching("IODTNVRAM")));
581 if (nvram == NULL) {
582 IOLog("Failed to acquire IODTNVRAM object.\n");
583 goto do_reboot;
584 }
585
586 // Wait for NVRAM to be writable...
587 if (!IOServiceWaitForMatchingResource("IONVRAM", UINT64_MAX)) {
588 IOLog("Failed to wait for IONVRAM service.\n");
589 // attempt the work anyway...
590 }
591
592 // Write the new boot-command to NVRAM, and sync if successful.
593 if (!nvram->setProperty(boot_command_sym, boot_command_recover)) {
594 IOLog("Failed to save new boot-command to NVRAM.\n");
595 } else {
596 nvram->sync();
597 }
598 } else {
599 IOLog("Unknown mode: %d\n", mode);
600 return false;
601 }
602
603 // Clean up and reboot!
604 do_reboot:
605 if (boot_command_recover != NULL) {
606 boot_command_recover->release();
607 }
608
609 if (boot_command_sym != NULL) {
610 boot_command_sym->release();
611 }
612
613 if (reboot) {
614 IOLog("\nAbout to reboot into Recovery!\n");
615 (void)PEHaltRestart(kPERestartCPU);
616 }
617
618 return true;
619 }
620
621 int
IOGetVMMPresent(void)622 IOGetVMMPresent(void)
623 {
624 int hv_vmm_present = 0;
625
626 #if defined(__arm64__)
627 if (IODTGetDefault("vmm-present", &hv_vmm_present, sizeof(hv_vmm_present)) < 0) {
628 return 0;
629 }
630
631 if (hv_vmm_present != 0) {
632 hv_vmm_present = 1;
633 }
634 #elif defined(__x86_64__)
635 hv_vmm_present = cpuid_vmm_present();
636 #endif
637
638 return hv_vmm_present;
639 }
640
641 kern_return_t
IOFindBSDRoot(char * rootName,unsigned int rootNameSize,dev_t * root,u_int32_t * oflags)642 IOFindBSDRoot( char * rootName, unsigned int rootNameSize,
643 dev_t * root, u_int32_t * oflags )
644 {
645 mach_timespec_t t;
646 IOService * service;
647 IORegistryEntry * regEntry;
648 OSDictionary * matching = NULL;
649 OSString * iostr;
650 OSNumber * off;
651 OSData * data = NULL;
652
653 UInt32 flags = 0;
654 int mnr, mjr;
655 const char * mediaProperty = NULL;
656 char * rdBootVar;
657 OSDataAllocation<char> str;
658 const char * look = NULL;
659 int len;
660 bool debugInfoPrintedOnce = false;
661 bool needNetworkKexts = false;
662 const char * uuidStr = NULL;
663
664 static int mountAttempts = 0;
665
666 int xchar, dchar;
667
668 // stall here for anyone matching on the IOBSD resource to finish (filesystems)
669 matching = IOService::serviceMatching(gIOResourcesKey);
670 assert(matching);
671 matching->setObject(gIOResourceMatchedKey, gIOBSDKey);
672
673 if ((service = IOService::waitForMatchingService(matching, 30ULL * kSecondScale))) {
674 OSSafeReleaseNULL(service);
675 } else {
676 IOLog("!BSD\n");
677 }
678 matching->release();
679 matching = NULL;
680
681 if (mountAttempts++) {
682 IOLog("mount(%d) failed\n", mountAttempts);
683 IOSleep( 5 * 1000 );
684 }
685
686 str = OSDataAllocation<char>( kMaxPathBuf + kMaxBootVar, OSAllocateMemory );
687 if (!str) {
688 return kIOReturnNoMemory;
689 }
690 rdBootVar = str.data() + kMaxPathBuf;
691
692 if (!PE_parse_boot_argn("rd", rdBootVar, kMaxBootVar )
693 && !PE_parse_boot_argn("rootdev", rdBootVar, kMaxBootVar )) {
694 rdBootVar[0] = 0;
695 }
696
697 if ((regEntry = IORegistryEntry::fromPath( "/chosen", gIODTPlane ))) {
698 do {
699 di_root_ramfile(regEntry);
700 OSObject* unserializedContainer = NULL;
701 data = OSDynamicCast(OSData, regEntry->getProperty( "root-matching" ));
702 if (data) {
703 unserializedContainer = OSUnserializeXML((char *)data->getBytesNoCopy());
704 matching = OSDynamicCast(OSDictionary, unserializedContainer);
705 if (matching) {
706 continue;
707 }
708 }
709 OSSafeReleaseNULL(unserializedContainer);
710
711 data = (OSData *) regEntry->getProperty( "boot-uuid" );
712 if (data) {
713 uuidStr = (const char*)data->getBytesNoCopy();
714 OSString *uuidString = OSString::withCString( uuidStr );
715
716 // match the boot-args boot-uuid processing below
717 if (uuidString) {
718 IOLog("rooting via boot-uuid from /chosen: %s\n", uuidStr);
719 IOService::publishResource( "boot-uuid", uuidString );
720 uuidString->release();
721 matching = IOUUIDMatching();
722 mediaProperty = "boot-uuid-media";
723 continue;
724 } else {
725 uuidStr = NULL;
726 }
727 }
728 } while (false);
729 OSSafeReleaseNULL(regEntry);
730 }
731
732 //
733 // See if we have a RAMDisk property in /chosen/memory-map. If so, make it into a device.
734 // It will become /dev/mdx, where x is 0-f.
735 //
736
737 if (!didRam) { /* Have we already build this ram disk? */
738 didRam = 1; /* Remember we did this */
739 if ((regEntry = IORegistryEntry::fromPath( "/chosen/memory-map", gIODTPlane ))) { /* Find the map node */
740 data = (OSData *)regEntry->getProperty("RAMDisk"); /* Find the ram disk, if there */
741 if (data) { /* We found one */
742 uintptr_t *ramdParms;
743 ramdParms = (uintptr_t *)data->getBytesNoCopy(); /* Point to the ram disk base and size */
744 #if __LP64__
745 #define MAX_PHYS_RAM (((uint64_t)UINT_MAX) << 12)
746 if (ramdParms[1] > MAX_PHYS_RAM) {
747 panic("ramdisk params");
748 }
749 #endif /* __LP64__ */
750 (void)mdevadd(-1, ml_static_ptovirt(ramdParms[0]) >> 12, (unsigned int) (ramdParms[1] >> 12), 0); /* Initialize it and pass back the device number */
751 }
752 regEntry->release(); /* Toss the entry */
753 }
754 }
755
756 //
757 // Now check if we are trying to root on a memory device
758 //
759
760 if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) {
761 dchar = xchar = rdBootVar[2]; /* Get the actual device */
762 if ((xchar >= '0') && (xchar <= '9')) {
763 xchar = xchar - '0'; /* If digit, convert */
764 } else {
765 xchar = xchar & ~' '; /* Fold to upper case */
766 if ((xchar >= 'A') && (xchar <= 'F')) { /* Is this a valid digit? */
767 xchar = (xchar & 0xF) + 9; /* Convert the hex digit */
768 dchar = dchar | ' '; /* Fold to lower case */
769 } else {
770 xchar = -1; /* Show bogus */
771 }
772 }
773 if (xchar >= 0) { /* Do we have a valid memory device name? */
774 OSSafeReleaseNULL(matching);
775 *root = mdevlookup(xchar); /* Find the device number */
776 if (*root >= 0) { /* Did we find one? */
777 rootName[0] = 'm'; /* Build root name */
778 rootName[1] = 'd'; /* Build root name */
779 rootName[2] = (char) dchar; /* Build root name */
780 rootName[3] = 0; /* Build root name */
781 IOLog("BSD root: %s, major %d, minor %d\n", rootName, major(*root), minor(*root));
782 *oflags = 0; /* Show that this is not network */
783
784 #if CONFIG_KDP_INTERACTIVE_DEBUGGING
785 /* retrieve final ramdisk range and initialize KDP variables */
786 if (mdevgetrange(xchar, &kdp_core_ramdisk_addr, &kdp_core_ramdisk_size) != 0) {
787 IOLog("Unable to retrieve range for root memory device %d\n", xchar);
788 kdp_core_ramdisk_addr = 0;
789 kdp_core_ramdisk_size = 0;
790 }
791 #endif
792
793 goto iofrootx; /* Join common exit... */
794 }
795 panic("IOFindBSDRoot: specified root memory device, %s, has not been configured", rdBootVar); /* Not there */
796 }
797 }
798
799 if ((!matching) && rdBootVar[0]) {
800 // by BSD name
801 look = rdBootVar;
802 if (look[0] == '*') {
803 look++;
804 }
805
806 if (strncmp( look, "en", strlen( "en" )) == 0) {
807 matching = IONetworkNamePrefixMatching( "en" );
808 needNetworkKexts = true;
809 } else if (strncmp( look, "uuid", strlen( "uuid" )) == 0) {
810 OSDataAllocation<char> uuid( kMaxBootVar, OSAllocateMemory );
811
812 if (uuid) {
813 OSString *uuidString;
814
815 if (!PE_parse_boot_argn( "boot-uuid", uuid.data(), kMaxBootVar )) {
816 panic( "rd=uuid but no boot-uuid=<value> specified" );
817 }
818 uuidString = OSString::withCString(uuid.data());
819 if (uuidString) {
820 IOService::publishResource( "boot-uuid", uuidString );
821 uuidString->release();
822 IOLog("\nWaiting for boot volume with UUID %s\n", uuid.data());
823 matching = IOUUIDMatching();
824 mediaProperty = "boot-uuid-media";
825 }
826 }
827 } else {
828 matching = IOBSDNameMatching( look );
829 }
830 }
831
832 if (!matching) {
833 OSString * astring;
834 // Match any HFS media
835
836 matching = IOService::serviceMatching( "IOMedia" );
837 astring = OSString::withCStringNoCopy("Apple_HFS");
838 if (astring) {
839 matching->setObject("Content", astring);
840 astring->release();
841 }
842 }
843
844 if (gIOKitDebug & kIOWaitQuietBeforeRoot) {
845 IOLog( "Waiting for matching to complete\n" );
846 IOService::getPlatform()->waitQuiet();
847 }
848
849 if (matching) {
850 OSSerialize * s = OSSerialize::withCapacity( 5 );
851
852 if (matching->serialize( s )) {
853 IOLog( "Waiting on %s\n", s->text());
854 }
855 s->release();
856 }
857
858 char namep[8];
859 if (needNetworkKexts
860 || PE_parse_boot_argn("-s", namep, sizeof(namep))) {
861 IOService::startDeferredMatches();
862 }
863
864 do {
865 t.tv_sec = ROOTDEVICETIMEOUT;
866 t.tv_nsec = 0;
867 matching->retain();
868 service = IOService::waitForService( matching, &t );
869 if ((!service) || (mountAttempts == 10)) {
870 #if !XNU_TARGET_OS_OSX || !defined(__arm64__)
871 PE_display_icon( 0, "noroot");
872 IOLog( "Still waiting for root device\n" );
873 #endif
874
875 if (!debugInfoPrintedOnce) {
876 debugInfoPrintedOnce = true;
877 if (gIOKitDebug & kIOLogDTree) {
878 IOLog("\nDT plane:\n");
879 IOPrintPlane( gIODTPlane );
880 }
881 if (gIOKitDebug & kIOLogServiceTree) {
882 IOLog("\nService plane:\n");
883 IOPrintPlane( gIOServicePlane );
884 }
885 if (gIOKitDebug & kIOLogMemory) {
886 IOPrintMemory();
887 }
888 }
889
890 #if XNU_TARGET_OS_OSX && defined(__arm64__)
891 // The disk isn't found - have the user pick from System Recovery.
892 (void)IOSetRecoveryBoot(BSD_BOOTFAIL_MEDIA_MISSING, NULL, true);
893 #endif
894 }
895 } while (!service);
896
897 OSSafeReleaseNULL(matching);
898
899 if (service && mediaProperty) {
900 service = (IOService *)service->getProperty(mediaProperty);
901 }
902
903 mjr = 0;
904 mnr = 0;
905
906 // If the IOService we matched to is a subclass of IONetworkInterface,
907 // then make sure it has been registered with BSD and has a BSD name
908 // assigned.
909
910 if (service
911 && service->metaCast( "IONetworkInterface" )
912 && !IORegisterNetworkInterface( service )) {
913 service = NULL;
914 }
915
916 if (service) {
917 len = kMaxPathBuf;
918 service->getPath( str.data(), &len, gIOServicePlane );
919 IOLog("Got boot device = %s\n", str.data());
920
921 iostr = (OSString *) service->getProperty( kIOBSDNameKey );
922 if (iostr) {
923 strlcpy( rootName, iostr->getCStringNoCopy(), rootNameSize );
924 }
925 off = (OSNumber *) service->getProperty( kIOBSDMajorKey );
926 if (off) {
927 mjr = off->unsigned32BitValue();
928 }
929 off = (OSNumber *) service->getProperty( kIOBSDMinorKey );
930 if (off) {
931 mnr = off->unsigned32BitValue();
932 }
933
934 if (service->metaCast( "IONetworkInterface" )) {
935 flags |= 1;
936 }
937 } else {
938 IOLog( "Wait for root failed\n" );
939 strlcpy( rootName, "en0", rootNameSize );
940 flags |= 1;
941 }
942
943 IOLog( "BSD root: %s", rootName );
944 if (mjr) {
945 IOLog(", major %d, minor %d\n", mjr, mnr );
946 } else {
947 IOLog("\n");
948 }
949
950 *root = makedev( mjr, mnr );
951 *oflags = flags;
952
953 iofrootx:
954
955 IOService::setRootMedia(service);
956
957 if ((gIOKitDebug & (kIOLogDTree | kIOLogServiceTree | kIOLogMemory)) && !debugInfoPrintedOnce) {
958 IOService::getPlatform()->waitQuiet();
959 if (gIOKitDebug & kIOLogDTree) {
960 IOLog("\nDT plane:\n");
961 IOPrintPlane( gIODTPlane );
962 }
963 if (gIOKitDebug & kIOLogServiceTree) {
964 IOLog("\nService plane:\n");
965 IOPrintPlane( gIOServicePlane );
966 }
967 if (gIOKitDebug & kIOLogMemory) {
968 IOPrintMemory();
969 }
970 }
971
972 return kIOReturnSuccess;
973 }
974
975 void
IOSetImageBoot(void)976 IOSetImageBoot(void)
977 {
978 // this will unhide all IOMedia, without waiting for kernelmanagement to start
979 IOService::setRootMedia(NULL);
980 }
981
982 bool
IORamDiskBSDRoot(void)983 IORamDiskBSDRoot(void)
984 {
985 char rdBootVar[kMaxBootVar];
986 if (PE_parse_boot_argn("rd", rdBootVar, kMaxBootVar )
987 || PE_parse_boot_argn("rootdev", rdBootVar, kMaxBootVar )) {
988 if ((rdBootVar[0] == 'm') && (rdBootVar[1] == 'd') && (rdBootVar[3] == 0)) {
989 return true;
990 }
991 }
992 return false;
993 }
994
995 void
IOSecureBSDRoot(const char * rootName)996 IOSecureBSDRoot(const char * rootName)
997 {
998 #if CONFIG_SECURE_BSD_ROOT
999 IOReturn result;
1000 IOPlatformExpert *pe;
1001 OSDictionary *matching;
1002 const OSSymbol *functionName = OSSymbol::withCStringNoCopy("SecureRootName");
1003
1004 matching = IOService::serviceMatching("IOPlatformExpert");
1005 assert(matching);
1006 pe = (IOPlatformExpert *) IOService::waitForMatchingService(matching, 30ULL * kSecondScale);
1007 matching->release();
1008 assert(pe);
1009 // Returns kIOReturnNotPrivileged is the root device is not secure.
1010 // Returns kIOReturnUnsupported if "SecureRootName" is not implemented.
1011 result = pe->callPlatformFunction(functionName, false, (void *)rootName, (void *)NULL, (void *)NULL, (void *)NULL);
1012 functionName->release();
1013 OSSafeReleaseNULL(pe);
1014
1015 if (result == kIOReturnNotPrivileged) {
1016 mdevremoveall();
1017 }
1018
1019 #endif // CONFIG_SECURE_BSD_ROOT
1020 }
1021
1022 void *
IOBSDRegistryEntryForDeviceTree(char * path)1023 IOBSDRegistryEntryForDeviceTree(char * path)
1024 {
1025 return IORegistryEntry::fromPath(path, gIODTPlane);
1026 }
1027
1028 void
IOBSDRegistryEntryRelease(void * entry)1029 IOBSDRegistryEntryRelease(void * entry)
1030 {
1031 IORegistryEntry * regEntry = (IORegistryEntry *)entry;
1032
1033 if (regEntry) {
1034 regEntry->release();
1035 }
1036 return;
1037 }
1038
1039 const void *
IOBSDRegistryEntryGetData(void * entry,char * property_name,int * packet_length)1040 IOBSDRegistryEntryGetData(void * entry, char * property_name,
1041 int * packet_length)
1042 {
1043 OSData * data;
1044 IORegistryEntry * regEntry = (IORegistryEntry *)entry;
1045
1046 data = (OSData *) regEntry->getProperty(property_name);
1047 if (data) {
1048 *packet_length = data->getLength();
1049 return data->getBytesNoCopy();
1050 }
1051 return NULL;
1052 }
1053
1054 kern_return_t
IOBSDGetPlatformUUID(uuid_t uuid,mach_timespec_t timeout)1055 IOBSDGetPlatformUUID( uuid_t uuid, mach_timespec_t timeout )
1056 {
1057 IOService * resources;
1058 OSString * string;
1059
1060 resources = IOService::waitForService( IOService::resourceMatching( kIOPlatformUUIDKey ), (timeout.tv_sec || timeout.tv_nsec) ? &timeout : NULL );
1061 if (resources == NULL) {
1062 return KERN_OPERATION_TIMED_OUT;
1063 }
1064
1065 string = (OSString *) IOService::getPlatform()->getProvider()->getProperty( kIOPlatformUUIDKey );
1066 if (string == NULL) {
1067 return KERN_NOT_SUPPORTED;
1068 }
1069
1070 uuid_parse( string->getCStringNoCopy(), uuid );
1071
1072 return KERN_SUCCESS;
1073 }
1074 } /* extern "C" */
1075
1076 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1077
1078 #include <sys/conf.h>
1079 #include <sys/vnode.h>
1080 #include <sys/vnode_internal.h>
1081 #include <sys/fcntl.h>
1082 #include <IOKit/IOPolledInterface.h>
1083 #include <IOKit/IOBufferMemoryDescriptor.h>
1084
1085 IOPolledFileIOVars * gIOPolledCoreFileVars;
1086 kern_return_t gIOPolledCoreFileOpenRet = kIOReturnNotReady;
1087 IOPolledCoreFileMode_t gIOPolledCoreFileMode = kIOPolledCoreFileModeNotInitialized;
1088
1089 #if IOPOLLED_COREFILE
1090
1091 #if defined(XNU_TARGET_OS_BRIDGE)
1092 // On bridgeOS allocate a 150MB corefile and leave 150MB free
1093 #define kIOCoreDumpSize 150ULL*1024ULL*1024ULL
1094 #define kIOCoreDumpFreeSize 150ULL*1024ULL*1024ULL
1095
1096 #elif !defined(XNU_TARGET_OS_OSX) /* defined(XNU_TARGET_OS_BRIDGE) */
1097 // On embedded devices with >3GB DRAM we allocate a 500MB corefile
1098 // otherwise allocate a 350MB corefile. Leave 350 MB free
1099
1100 #define kIOCoreDumpMinSize 350ULL*1024ULL*1024ULL
1101 #define kIOCoreDumpLargeSize 500ULL*1024ULL*1024ULL
1102
1103 #define kIOCoreDumpFreeSize 350ULL*1024ULL*1024ULL
1104
1105 #else /* defined(XNU_TARGET_OS_BRIDGE) */
1106 // on macOS devices allocate a corefile sized at 1GB / 32GB of DRAM,
1107 // fallback to a 1GB corefile and leave at least 1GB free
1108 #define kIOCoreDumpMinSize 1024ULL*1024ULL*1024ULL
1109 #define kIOCoreDumpIncrementalSize 1024ULL*1024ULL*1024ULL
1110
1111 #define kIOCoreDumpFreeSize 1024ULL*1024ULL*1024ULL
1112
1113 // on older macOS devices we allocate a 1MB file at boot
1114 // to store a panic time stackshot
1115 #define kIOStackshotFileSize 1024ULL*1024ULL
1116
1117 #endif /* defined(XNU_TARGET_OS_BRIDGE) */
1118
1119 static IOPolledCoreFileMode_t
GetCoreFileMode()1120 GetCoreFileMode()
1121 {
1122 if (on_device_corefile_enabled()) {
1123 return kIOPolledCoreFileModeCoredump;
1124 } else if (panic_stackshot_to_disk_enabled()) {
1125 return kIOPolledCoreFileModeStackshot;
1126 } else {
1127 return kIOPolledCoreFileModeDisabled;
1128 }
1129 }
1130
1131 static void
IOCoreFileGetSize(uint64_t * ideal_size,uint64_t * fallback_size,uint64_t * free_space_to_leave,IOPolledCoreFileMode_t mode)1132 IOCoreFileGetSize(uint64_t *ideal_size, uint64_t *fallback_size, uint64_t *free_space_to_leave, IOPolledCoreFileMode_t mode)
1133 {
1134 unsigned int requested_corefile_size = 0;
1135
1136 *ideal_size = *fallback_size = *free_space_to_leave = 0;
1137
1138 #if defined(XNU_TARGET_OS_BRIDGE)
1139 #pragma unused(mode)
1140 *ideal_size = *fallback_size = kIOCoreDumpSize;
1141 *free_space_to_leave = kIOCoreDumpFreeSize;
1142 #elif !defined(XNU_TARGET_OS_OSX) /* defined(XNU_TARGET_OS_BRIDGE) */
1143 #pragma unused(mode)
1144 *ideal_size = *fallback_size = kIOCoreDumpMinSize;
1145
1146 if (max_mem > (3 * 1024ULL * 1024ULL * 1024ULL)) {
1147 *ideal_size = kIOCoreDumpLargeSize;
1148 }
1149
1150 *free_space_to_leave = kIOCoreDumpFreeSize;
1151 #else /* defined(XNU_TARGET_OS_BRIDGE) */
1152 if (mode == kIOPolledCoreFileModeCoredump) {
1153 *ideal_size = *fallback_size = kIOCoreDumpMinSize;
1154 if (kIOCoreDumpIncrementalSize != 0 && max_mem > (32 * 1024ULL * 1024ULL * 1024ULL)) {
1155 *ideal_size = ((ROUNDUP(max_mem, (32 * 1024ULL * 1024ULL * 1024ULL)) / (32 * 1024ULL * 1024ULL * 1024ULL)) * kIOCoreDumpIncrementalSize);
1156 }
1157 *free_space_to_leave = kIOCoreDumpFreeSize;
1158 } else if (mode == kIOPolledCoreFileModeStackshot) {
1159 *ideal_size = *fallback_size = *free_space_to_leave = kIOStackshotFileSize;
1160 }
1161 #endif /* defined(XNU_TARGET_OS_BRIDGE) */
1162 // If a custom size was requested, override the ideal and requested sizes
1163 if (PE_parse_boot_argn("corefile_size_mb", &requested_corefile_size, sizeof(requested_corefile_size))) {
1164 IOLog("Boot-args specify %d MB kernel corefile\n", requested_corefile_size);
1165
1166 *ideal_size = *fallback_size = (requested_corefile_size * 1024ULL * 1024ULL);
1167 }
1168
1169 return;
1170 }
1171
1172 static IOReturn
IOAccessCoreFileData(void * context,boolean_t write,uint64_t offset,int length,void * buffer)1173 IOAccessCoreFileData(void *context, boolean_t write, uint64_t offset, int length, void *buffer)
1174 {
1175 errno_t vnode_error = 0;
1176 vfs_context_t vfs_context;
1177 vnode_t vnode_ptr = (vnode_t) context;
1178
1179 vfs_context = vfs_context_kernel();
1180 vnode_error = vn_rdwr(write ? UIO_WRITE : UIO_READ, vnode_ptr, (caddr_t)buffer, length, offset,
1181 UIO_SYSSPACE, IO_SWAP_DISPATCH | IO_SYNC | IO_NOCACHE | IO_UNIT, vfs_context_ucred(vfs_context), NULL, vfs_context_proc(vfs_context));
1182
1183 if (vnode_error) {
1184 IOLog("Failed to %s the corefile. Error %d\n", write ? "write to" : "read from", vnode_error);
1185 return kIOReturnError;
1186 }
1187
1188 return kIOReturnSuccess;
1189 }
1190
1191 static void
IOOpenPolledCoreFile(thread_call_param_t __unused,thread_call_param_t corefilename)1192 IOOpenPolledCoreFile(thread_call_param_t __unused, thread_call_param_t corefilename)
1193 {
1194 assert(corefilename != NULL);
1195
1196 IOReturn err;
1197 char *filename = (char *) corefilename;
1198 uint64_t corefile_size_bytes = 0, corefile_fallback_size_bytes = 0, free_space_to_leave_bytes = 0;
1199 IOPolledCoreFileMode_t mode_to_init = GetCoreFileMode();
1200
1201 if (gIOPolledCoreFileVars) {
1202 return;
1203 }
1204 if (!IOPolledInterface::gMetaClass.getInstanceCount()) {
1205 return;
1206 }
1207
1208 if (mode_to_init == kIOPolledCoreFileModeDisabled) {
1209 gIOPolledCoreFileMode = kIOPolledCoreFileModeDisabled;
1210 return;
1211 }
1212
1213 // We'll overwrite this once we open the file, we update this to mark that we have made
1214 // it past initialization
1215 gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed;
1216
1217 IOCoreFileGetSize(&corefile_size_bytes, &corefile_fallback_size_bytes, &free_space_to_leave_bytes, mode_to_init);
1218
1219 do {
1220 err = IOPolledFileOpen(filename, kIOPolledFileCreate, corefile_size_bytes, free_space_to_leave_bytes,
1221 NULL, 0, &gIOPolledCoreFileVars, NULL, NULL, NULL);
1222 if (kIOReturnSuccess == err) {
1223 break;
1224 } else if (kIOReturnNoSpace == err) {
1225 IOLog("Failed to open corefile of size %llu MB (low disk space)",
1226 (corefile_size_bytes / (1024ULL * 1024ULL)));
1227 if (corefile_size_bytes == corefile_fallback_size_bytes) {
1228 gIOPolledCoreFileOpenRet = err;
1229 return;
1230 }
1231 } else {
1232 IOLog("Failed to open corefile of size %llu MB (returned error 0x%x)\n",
1233 (corefile_size_bytes / (1024ULL * 1024ULL)), err);
1234 gIOPolledCoreFileOpenRet = err;
1235 return;
1236 }
1237
1238 err = IOPolledFileOpen(filename, kIOPolledFileCreate, corefile_fallback_size_bytes, free_space_to_leave_bytes,
1239 NULL, 0, &gIOPolledCoreFileVars, NULL, NULL, NULL);
1240 if (kIOReturnSuccess != err) {
1241 IOLog("Failed to open corefile of size %llu MB (returned error 0x%x)\n",
1242 (corefile_fallback_size_bytes / (1024ULL * 1024ULL)), err);
1243 gIOPolledCoreFileOpenRet = err;
1244 return;
1245 }
1246 } while (false);
1247
1248 gIOPolledCoreFileOpenRet = IOPolledFilePollersSetup(gIOPolledCoreFileVars, kIOPolledPreflightCoreDumpState);
1249 if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) {
1250 IOPolledFileClose(&gIOPolledCoreFileVars, 0, NULL, 0, 0, 0);
1251 IOLog("IOPolledFilePollersSetup for corefile failed with error: 0x%x\n", err);
1252 } else {
1253 IOLog("Opened corefile of size %llu MB\n", (corefile_size_bytes / (1024ULL * 1024ULL)));
1254 gIOPolledCoreFileMode = mode_to_init;
1255 }
1256
1257 // Provide the "polled file available" callback with a temporary way to read from the file
1258 (void) IOProvideCoreFileAccess(kdp_core_polled_io_polled_file_available, NULL);
1259
1260 return;
1261 }
1262
1263 kern_return_t
IOProvideCoreFileAccess(IOCoreFileAccessRecipient recipient,void * recipient_context)1264 IOProvideCoreFileAccess(IOCoreFileAccessRecipient recipient, void *recipient_context)
1265 {
1266 kern_return_t error = kIOReturnSuccess;
1267 errno_t vnode_error = 0;
1268 vfs_context_t vfs_context;
1269 vnode_t vnode_ptr;
1270
1271 if (!recipient) {
1272 return kIOReturnBadArgument;
1273 }
1274
1275 if (kIOReturnSuccess != gIOPolledCoreFileOpenRet) {
1276 return kIOReturnNotReady;
1277 }
1278
1279 // Open the kernel corefile
1280 vfs_context = vfs_context_kernel();
1281 vnode_error = vnode_open(kIOCoreDumpPath, (FREAD | FWRITE | O_NOFOLLOW), 0600, 0, &vnode_ptr, vfs_context);
1282 if (vnode_error) {
1283 IOLog("Failed to open the corefile. Error %d\n", vnode_error);
1284 return kIOReturnError;
1285 }
1286
1287 // Call the recipient function
1288 error = recipient(IOAccessCoreFileData, (void *)vnode_ptr, recipient_context);
1289
1290 // Close the kernel corefile
1291 vnode_close(vnode_ptr, FREAD | FWRITE, vfs_context);
1292
1293 return error;
1294 }
1295
1296 static void
IOClosePolledCoreFile(void)1297 IOClosePolledCoreFile(void)
1298 {
1299 // Notify kdp core that the corefile is no longer available
1300 (void) kdp_core_polled_io_polled_file_unavailable();
1301
1302 gIOPolledCoreFileOpenRet = kIOReturnNotOpen;
1303 gIOPolledCoreFileMode = kIOPolledCoreFileModeClosed;
1304 IOPolledFilePollersClose(gIOPolledCoreFileVars, kIOPolledPostflightCoreDumpState);
1305 IOPolledFileClose(&gIOPolledCoreFileVars, 0, NULL, 0, 0, 0);
1306 }
1307
1308 #endif /* IOPOLLED_COREFILE */
1309
1310 extern "C" void
IOBSDMountChange(struct mount * mp,uint32_t op)1311 IOBSDMountChange(struct mount * mp, uint32_t op)
1312 {
1313 #if IOPOLLED_COREFILE
1314 uint64_t flags;
1315 char path[128];
1316 int pathLen;
1317 vnode_t vn;
1318 int result;
1319
1320 switch (op) {
1321 case kIOMountChangeMount:
1322 case kIOMountChangeDidResize:
1323
1324 if (gIOPolledCoreFileVars) {
1325 break;
1326 }
1327 flags = vfs_flags(mp);
1328 if (MNT_RDONLY & flags) {
1329 break;
1330 }
1331 if (!(MNT_LOCAL & flags)) {
1332 break;
1333 }
1334
1335 vn = vfs_vnodecovered(mp);
1336 if (!vn) {
1337 break;
1338 }
1339 pathLen = sizeof(path);
1340 result = vn_getpath(vn, &path[0], &pathLen);
1341 vnode_put(vn);
1342 if (0 != result) {
1343 break;
1344 }
1345 if (!pathLen) {
1346 break;
1347 }
1348 #if defined(XNU_TARGET_OS_BRIDGE)
1349 // on bridgeOS systems we put the core in /private/var/internal. We don't
1350 // want to match with /private/var because /private/var/internal is often mounted
1351 // over /private/var
1352 if ((pathLen - 1) < (int) strlen("/private/var/internal")) {
1353 break;
1354 }
1355 #endif
1356 if (0 != strncmp(path, kIOCoreDumpPath, pathLen - 1)) {
1357 break;
1358 }
1359
1360 thread_call_enter1(corefile_open_call, (void *) kIOCoreDumpPath);
1361 break;
1362
1363 case kIOMountChangeUnmount:
1364 case kIOMountChangeWillResize:
1365 if (gIOPolledCoreFileVars && (mp == kern_file_mount(gIOPolledCoreFileVars->fileRef))) {
1366 thread_call_cancel_wait(corefile_open_call);
1367 IOClosePolledCoreFile();
1368 }
1369 break;
1370 }
1371 #endif /* IOPOLLED_COREFILE */
1372 }
1373
1374 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1375
1376
1377 extern "C"
1378 OS_ALWAYS_INLINE
1379 boolean_t
IOCurrentTaskHasEntitlement(const char * entitlement)1380 IOCurrentTaskHasEntitlement(const char * entitlement)
1381 {
1382 return IOTaskHasEntitlement(NULL, entitlement);
1383 }
1384
1385 extern "C" boolean_t
IOTaskHasEntitlement(task_t task,const char * entitlement)1386 IOTaskHasEntitlement(task_t task, const char * entitlement)
1387 {
1388 // Don't do this
1389 if (task == kernel_task || entitlement == NULL) {
1390 return false;
1391 }
1392 size_t entlen = strlen(entitlement);
1393 CEQuery_t query = {
1394 CESelectDictValueDynamic((const uint8_t*)entitlement, entlen),
1395 CEMatchBool(true)
1396 };
1397
1398 #if PMAP_CS_ENABLE && !CONFIG_X86_64_COMPAT
1399 if (pmap_cs_enabled()) {
1400 if (task == NULL || task == current_task()) {
1401 // NULL task means current task, which translated to the current pmap
1402 return pmap_query_entitlements(NULL, query, 2, NULL);
1403 }
1404 vm_map_t task_map = get_task_map_reference(task);
1405 if (task_map) {
1406 pmap_t pmap = vm_map_get_pmap(task_map);
1407 if (pmap && pmap_query_entitlements(pmap, query, 2, NULL)) {
1408 vm_map_deallocate(task_map);
1409 return true;
1410 }
1411 vm_map_deallocate(task_map);
1412 }
1413 return false;
1414 }
1415 #endif
1416 if (task == NULL) {
1417 task = current_task();
1418 }
1419
1420 proc_t p = (proc_t)get_bsdtask_info(task);
1421
1422 if (p == NULL) {
1423 return false;
1424 }
1425
1426 struct cs_blob* csblob = csproc_get_blob(p);
1427 if (csblob == NULL) {
1428 return false;
1429 }
1430
1431 void* osents = csblob_os_entitlements_get(csblob);
1432 if (osents == NULL) {
1433 return false;
1434 }
1435
1436 if (!amfi) {
1437 panic("CoreEntitlements: (IOTask): No AMFI\n");
1438 }
1439
1440 return amfi->OSEntitlements_query(osents, (uint8_t*)csblob_get_cdhash(csblob), query, 2) == amfi->CoreEntitlements.kNoError;
1441 }
1442
1443 extern "C" boolean_t
IOVnodeHasEntitlement(vnode_t vnode,int64_t off,const char * entitlement)1444 IOVnodeHasEntitlement(vnode_t vnode, int64_t off, const char *entitlement)
1445 {
1446 OSObject * obj;
1447 off_t offset = (off_t)off;
1448
1449 obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement);
1450 if (!obj) {
1451 return false;
1452 }
1453 obj->release();
1454 return obj != kOSBooleanFalse;
1455 }
1456
1457 extern "C" char *
IOVnodeGetEntitlement(vnode_t vnode,int64_t off,const char * entitlement)1458 IOVnodeGetEntitlement(vnode_t vnode, int64_t off, const char *entitlement)
1459 {
1460 OSObject *obj = NULL;
1461 OSString *str = NULL;
1462 size_t len;
1463 char *value = NULL;
1464 off_t offset = (off_t)off;
1465
1466 obj = IOUserClient::copyClientEntitlementVnode(vnode, offset, entitlement);
1467 if (obj != NULL) {
1468 str = OSDynamicCast(OSString, obj);
1469 if (str != NULL) {
1470 len = str->getLength() + 1;
1471 value = (char *)kalloc_data(len, Z_WAITOK);
1472 strlcpy(value, str->getCStringNoCopy(), len);
1473 }
1474 obj->release();
1475 }
1476 return value;
1477 }
1478