1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 #include <sys/dtrace_impl.h>
23 #include <sys/fbt.h>
24 #include <sys/sysctl.h>
25
26 #define CLOSURE(s) #s,
27 #define CRITICAL(s) #s,
28
29 #if KASAN
30 #define KASAN_ONLY(s) #s,
31 #else
32 #define KASAN_ONLY(s)
33 #endif /* KASAN */
34
35 #if CONFIG_UBSAN_MINIMAL
36 #define UBSAN_MINIMAL_ONLY(s) #s,
37 #else
38 #define UBSAN_MINIMAL_ONLY(s)
39 #endif
40
41 #if defined(__arm__) || defined(__arm64__)
42 #define ARM_ONLY(s) #s,
43 #else
44 #define ARM_ONLY(s)
45 #endif /* defined(__arm__) || defined(__arm64__) */
46 #if defined(__x86_64__)
47 #define X86_ONLY(s) #s,
48 #else
49 #define X86_ONLY(s)
50 #endif /* defined(__x86_64__) */
51
52 /*
53 * Routine prefixes that must not be probed, either because they are used in
54 * the exception path, by dtrace code in probe context, or are general
55 * critical routines that must never be probed.
56 *
57 * All routines whose name start with one of these will be ignored.
58 *
59 * This must be kept in asciibetical order for purposes of bsearch().
60 */
61 const char * fbt_blacklist[] =
62 {
63 CRITICAL(Call_DebuggerC)
64 CLOSURE(ClearIdlePop)
65 CLOSURE(Debugger)
66 CRITICAL(IOCPURunPlatformPanicActions)
67 CLOSURE(IS_64BIT_PROCESS)
68 CRITICAL(OSAdd)
69 CRITICAL(OSBit)
70 CLOSURE(OSCompareAndSwap)
71 CRITICAL(OSDecrement)
72 CRITICAL(OSIncrement)
73 CRITICAL(PEARMDebugPanicHook)
74 CRITICAL(PEHaltRestart)
75 CRITICAL(PE_)
76 CRITICAL(SavePanicInfo)
77 CLOSURE(SetIdlePop)
78 CRITICAL(SysChoked)
79 CRITICAL(_ZN15OSMetaClassBase12safeMetaCastEPKS_PK11OSMetaClass) /* OSMetaClassBase::safeMetaCast */
80 CRITICAL(_ZN16IOPlatformExpert11haltRestartEj) /* IOPlatformExpert::haltRestart */
81 CRITICAL(_ZN18IODTPlatformExpert11haltRestartEj) /* IODTPlatformExpert::haltRestart */
82 ARM_ONLY(_ZN8ASPNVRAM4syncEv) /* ASPNVRAM::sync */
83 CRITICAL(_ZN9IODTNVRAM13savePanicInfoEPhy) /* IODTNVRAM::savePanicInfo */
84 CRITICAL(_ZN9IOService14newTemperatureElPS_) /* IOService::newTemperature */
85 CRITICAL(_ZN9IOService26temperatureCriticalForZoneEPS_) /* IOService::temperatureCriticalForZone */
86 CRITICAL(_ZNK11OSMetaClass13checkMetaCastEPK15OSMetaClassBase) /* OSMetaClass::checkMetaCast */
87 CRITICAL(_ZNK15OSMetaClassBase8metaCastEPK11OSMetaClass) /* OSMetaClassBase::metaCast */
88 CRITICAL(_ZNK6OSData14getBytesNoCopyEv) /* Data::getBytesNoCopy, IOHibernateSystemWake path */
89 KASAN_ONLY(__asan)
90 ARM_ONLY(__div)
91 CLOSURE(__dtrace_probe)
92 KASAN_ONLY(__kasan)
93 ARM_ONLY(__ml)
94 ARM_ONLY(__mod)
95 CRITICAL(__strlcpy_chk)
96 CLOSURE(__thread_ro_circularity_panic)
97 UBSAN_MINIMAL_ONLY(__ubsan)
98 ARM_ONLY(__udiv)
99 ARM_ONLY(__umod)
100 CRITICAL(_disable_preemption)
101 CRITICAL(_enable_preemption)
102 CLOSURE(absolutetime_to_microtime)
103 X86_ONLY(acpi_)
104 X86_ONLY(act_machine)
105 CLOSURE(act_set_astbsd)
106 ARM_ONLY(alternate_debugger_enter)
107 ARM_ONLY(arm_init_idle_cpu)
108 CLOSURE(ast_dtrace_on)
109 CLOSURE(ast_pending)
110 CRITICAL(backtrace_)
111 CRITICAL(bcopy)
112 CLOSURE(clean_dcache)
113 CLOSURE(clean_mmu_dcache)
114 CRITICAL(clock_)
115 X86_ONLY(commpage_)
116 CLOSURE(copyin)
117 CLOSURE(copyout)
118 CRITICAL(cpu_)
119 CLOSURE(current_act)
120 CLOSURE(current_percpu_base)
121 CLOSURE(current_proc)
122 CLOSURE(current_processor)
123 CLOSURE(current_task)
124 CLOSURE(current_task_early)
125 CLOSURE(current_thread)
126 CLOSURE(current_thread_ro)
127 CLOSURE(current_thread_ro_unchecked)
128 CLOSURE(current_uthread)
129 CLOSURE(debug_)
130 X86_ONLY(dsmos_)
131 CLOSURE(dtrace_)
132 CRITICAL(enter_lohandler)
133 CRITICAL(fasttrap_)
134 CRITICAL(fbt_invop)
135 CRITICAL(fbt_perfCallback)
136 CLOSURE(find_user_regs)
137 ARM_ONLY(fleh_)
138 CLOSURE(flush_dcache)
139 ARM_ONLY(flush_mmu_tlb_)
140 CLOSURE(flush_tlb64)
141 CRITICAL(fuword)
142 X86_ONLY(get_active_thread)
143 CLOSURE(get_bsdtask_info)
144 CLOSURE(get_bsdthread_info)
145 CLOSURE(get_machthread)
146 CRITICAL(get_preemption_level)
147 CRITICAL(get_thread_ro)
148 CRITICAL(get_thread_ro_unchecked)
149 CRITICAL(get_threadtask)
150 CRITICAL(get_threadtask_early)
151 ARM_ONLY(get_vfp_enabled)
152 CRITICAL(getminor)
153 CRITICAL(handle_pending_TLB_flushes)
154 CRITICAL(hibernate_)
155 X86_ONLY(hndl_)
156 CRITICAL(hw_)
157 X86_ONLY(idt64)
158 CRITICAL(interrupt)
159 CRITICAL(invalidate_mmu_icache)
160 CRITICAL(is_saved_state32)
161 KASAN_ONLY(kasan)
162 CLOSURE(kauth_cred_get)
163 CLOSURE(kauth_getgid)
164 CLOSURE(kauth_getuid)
165 CRITICAL(kdb_)
166 CRITICAL(kdp_)
167 CRITICAL(kernel_preempt_check)
168 CRITICAL(kernel_trap)
169 CRITICAL(kprintf)
170 CRITICAL(ks_)
171 CLOSURE(kvtophys)
172 X86_ONLY(lapic_)
173 CRITICAL(lo_alltraps)
174 CRITICAL(lock_debugger)
175 CLOSURE(mach_absolute_time)
176 CRITICAL(machine_)
177 X86_ONLY(mapping_)
178 CRITICAL(mca_cpu_alloc)
179 CRITICAL(mca_cpu_init)
180 CLOSURE(memcpy)
181 CLOSURE(memmove)
182 CRITICAL(ml_)
183 CLOSURE(mt_core_snap)
184 CLOSURE(mt_cur_cpu_cycles)
185 CLOSURE(mt_cur_cpu_instrs)
186 CLOSURE(mt_cur_thread_cycles)
187 CLOSURE(mt_cur_thread_instrs)
188 CLOSURE(mt_fixed_counts)
189 CLOSURE(mt_fixed_counts_internal)
190 CLOSURE(mt_mtc_update_count)
191 CLOSURE(mt_update_thread)
192 CRITICAL(nanoseconds_to_absolutetime)
193 CRITICAL(nanotime_to_absolutetime)
194 CRITICAL(no_asts)
195 CLOSURE(other_percpu_base)
196 CRITICAL(ovbcopy)
197 CRITICAL(packA)
198 X86_ONLY(pal_)
199 CLOSURE(panic)
200 CRITICAL(phystokv)
201 CRITICAL(platform_)
202 X86_ONLY(pltrace)
203 X86_ONLY(pmCPU)
204 X86_ONLY(pmKextRegister)
205 X86_ONLY(pmMarkAllCPUsOff)
206 X86_ONLY(pmSafeMode)
207 X86_ONLY(pmTimerRestore)
208 X86_ONLY(pmTimerSave)
209 X86_ONLY(pmUnRegister)
210 X86_ONLY(pmap64_pdpt)
211 CLOSURE(pmap_find_pa)
212 CLOSURE(pmap_find_phys)
213 ARM_ONLY(pmap_get_cpu_data)
214 CLOSURE(pmap_get_mapwindow)
215 CLOSURE(pmap_pde)
216 CLOSURE(pmap_pde_internal0)
217 CLOSURE(pmap_pde_internal1)
218 CLOSURE(pmap_pte)
219 CLOSURE(pmap_pte_internal)
220 CLOSURE(pmap_put_mapwindow)
221 CLOSURE(pmap_valid_page)
222 CLOSURE(pmap_vtophys)
223 X86_ONLY(pms)
224 CRITICAL(power_management_init)
225 CRITICAL(preemption_underflow_panic)
226 CLOSURE(prf)
227 CLOSURE(proc_best_name)
228 CLOSURE(proc_is64bit)
229 CLOSURE(proc_require)
230 CRITICAL(rbtrace_bt)
231 CRITICAL(register_cpu_setup_func)
232 CRITICAL(ret64_iret)
233 CRITICAL(ret_to_user)
234 CRITICAL(return_to_kernel)
235 CRITICAL(return_to_user)
236 CRITICAL(rtc_)
237 CRITICAL(rtclock_)
238 CRITICAL(saved_state64)
239 CLOSURE(sdt_getargdesc)
240 CRITICAL(sdt_invop)
241 CLOSURE(setPop)
242 ARM_ONLY(sleh_)
243 CRITICAL(sprlock)
244 CRITICAL(sprunlock)
245 CLOSURE(strlcpy)
246 CRITICAL(strlen)
247 CRITICAL(strncmp)
248 CRITICAL(suword)
249 X86_ONLY(sync_iss_to_iks_unconditionally)
250 CLOSURE(systrace_stub)
251 CRITICAL(t_invop)
252 CLOSURE(thread_tid)
253 CLOSURE(timer_grab)
254 ARM_ONLY(timer_state_event)
255 CRITICAL(tmrCvt)
256 CRITICAL(trap_from_kernel)
257 CRITICAL(traptrace_)
258 CRITICAL(tsc_)
259 CRITICAL(uart_putc)
260 CRITICAL(unlock_debugger)
261 CRITICAL(unpackA)
262 CRITICAL(unregister_cpu_setup_func)
263 CRITICAL(uread)
264 CLOSURE(uthread_is64bit)
265 CRITICAL(uwrite)
266 CRITICAL(vstart)
267 CLOSURE(zone_has_index)
268 CLOSURE(zone_id_require)
269 CLOSURE(zone_id_require_panic)
270 CLOSURE(zone_range_contains)
271 CLOSURE(zone_require_panic)
272 CLOSURE(zone_require_ro)
273 CLOSURE(zpercpu_count)
274 };
275 #define BLACKLIST_COUNT (sizeof(fbt_blacklist)/sizeof(fbt_blacklist[0]))
276
277 /*
278 * Modules that should not be probed.
279 *
280 * This must be kept in asciibetical order for purposes of bsearch().
281 */
282 static const char* fbt_module_blacklist[] = {
283 X86_ONLY(com.apple.driver.AppleACPIEC)
284 X86_ONLY(com.apple.driver.AppleACPIPlatform)
285 ARM_ONLY(com.apple.driver.AppleARMPlatform)
286 X86_ONLY(com.apple.driver.AppleEFI)
287 X86_ONLY(com.apple.driver.AppleIntelCPUPowerManagement)
288 ARM_ONLY(com.apple.driver.AppleInterruptController)
289 X86_ONLY(com.apple.driver.AppleRTC)
290 X86_ONLY(com.apple.iokit.IOACPIFamily)
291 };
292 #define MODULE_BLACKLIST_COUNT (sizeof(fbt_module_blacklist)/sizeof(fbt_module_blacklist[0]))
293
294 int ignore_fbt_blacklist = 0;
295 extern int dtrace_kernel_symbol_mode;
296
297 #pragma clang diagnostic push
298 #pragma clang diagnostic ignored "-Wcast-qual"
299 static int
_cmp(const void * a,const void * b)300 _cmp(const void *a, const void *b)
301 {
302 const char *v = *(const char **)b;
303 return strncmp((const char *)a, v, strlen(v));
304 }
305
306
307 #pragma clang diagnostic pop
308 /*
309 * Module validation
310 */
311 bool
fbt_module_excluded(struct modctl * ctl)312 fbt_module_excluded(struct modctl* ctl)
313 {
314 const char *excluded;
315
316 ASSERT(!MOD_FBT_DONE(ctl));
317
318 if (ctl->mod_address == 0 || ctl->mod_size == 0 || !ctl->mod_loaded) {
319 return true;
320 }
321
322 if (ignore_fbt_blacklist) {
323 return false;
324 }
325
326 excluded = bsearch(ctl->mod_modname, fbt_module_blacklist,
327 MODULE_BLACKLIST_COUNT, sizeof(fbt_module_blacklist[0]), _cmp);
328 return excluded;
329 }
330
331 /*
332 * FBT probe name validation
333 */
334 bool
fbt_excluded(const char * name)335 fbt_excluded(const char* name)
336 {
337 const char *excluded;
338
339 if (ignore_fbt_blacklist) {
340 return false;
341 }
342
343 excluded = bsearch(name, fbt_blacklist, BLACKLIST_COUNT, sizeof(name),
344 _cmp );
345 return excluded;
346 }
347
348 SYSCTL_DECL(_kern_dtrace);
349
350 static int
351 sysctl_dtrace_ignore_fbt_blacklist SYSCTL_HANDLER_ARGS
352 {
353 #pragma unused(oidp, arg2)
354 int err;
355 int value = *(int*)arg1;
356
357 err = sysctl_io_number(req, value, sizeof(value), &value, NULL);
358 if (err) {
359 return err;
360 }
361 if (req->newptr) {
362 if (!(value == 0 || value == 1)) {
363 return ERANGE;
364 }
365
366 /*
367 * We do not allow setting the blacklist back to on, as we have no way
368 * of knowing if those unsafe probes are still used.
369 *
370 * If we are using kernel symbols, we also do not allow any change,
371 * since the symbols are jettison'd after the first pass.
372 *
373 * We do not need to take any locks here because those symbol modes
374 * are permanent and do not change after boot.
375 */
376 if (value != 1 || dtrace_kernel_symbol_mode == DTRACE_KERNEL_SYMBOLS_NEVER ||
377 dtrace_kernel_symbol_mode == DTRACE_KERNEL_SYMBOLS_ALWAYS_FROM_KERNEL) {
378 return EPERM;
379 }
380
381 ignore_fbt_blacklist = 1;
382 }
383
384 return 0;
385 }
386
387 SYSCTL_PROC(_kern_dtrace, OID_AUTO, ignore_fbt_blacklist,
388 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
389 &ignore_fbt_blacklist, 0,
390 sysctl_dtrace_ignore_fbt_blacklist, "I", "fbt provider ignore blacklist");
391
392 void
fbt_blacklist_init(void)393 fbt_blacklist_init(void)
394 {
395 PE_parse_boot_argn("IgnoreFBTBlacklist", &ignore_fbt_blacklist, sizeof(ignore_fbt_blacklist));
396 #if DEBUG || DEVELOPMENT
397 for (size_t i = 1; i < BLACKLIST_COUNT; i++) {
398 if (strcmp(fbt_blacklist[i - 1], fbt_blacklist[i]) > 0) {
399 panic("unordered fbt blacklist %s > %s", fbt_blacklist[i - 1], fbt_blacklist[i]);
400 }
401 }
402 #endif /* DEBUG || DEVELOPMENT */
403 }
404