]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2000-2019 Apple Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
27 | * | |
28 | * | |
29 | * Copyright (c) 1982, 1986, 1989, 1993 | |
30 | * The Regents of the University of California. All rights reserved. | |
31 | * | |
32 | * This code is derived from software contributed to Berkeley by | |
33 | * Mike Karels at Berkeley Software Design, Inc. | |
34 | * | |
35 | * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD | |
36 | * project, to make these variables more userfriendly. | |
37 | * | |
38 | * Redistribution and use in source and binary forms, with or without | |
39 | * modification, are permitted provided that the following conditions | |
40 | * are met: | |
41 | * 1. Redistributions of source code must retain the above copyright | |
42 | * notice, this list of conditions and the following disclaimer. | |
43 | * 2. Redistributions in binary form must reproduce the above copyright | |
44 | * notice, this list of conditions and the following disclaimer in the | |
45 | * documentation and/or other materials provided with the distribution. | |
46 | * 3. All advertising materials mentioning features or use of this software | |
47 | * must display the following acknowledgement: | |
48 | * This product includes software developed by the University of | |
49 | * California, Berkeley and its contributors. | |
50 | * 4. Neither the name of the University nor the names of its contributors | |
51 | * may be used to endorse or promote products derived from this software | |
52 | * without specific prior written permission. | |
53 | * | |
54 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
55 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
56 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
57 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
58 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
59 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
60 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
61 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
62 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
63 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
64 | * SUCH DAMAGE. | |
65 | * | |
66 | * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 | |
67 | */ | |
68 | ||
69 | ||
70 | #include <sys/param.h> | |
71 | #include <sys/buf.h> | |
72 | #include <sys/kernel.h> | |
73 | #include <sys/sysctl.h> | |
74 | #include <sys/malloc.h> | |
75 | #include <sys/proc_internal.h> | |
76 | #include <sys/kauth.h> | |
77 | #include <sys/systm.h> | |
78 | #include <sys/sysproto.h> | |
79 | ||
80 | #include <security/audit/audit.h> | |
81 | #include <pexpert/pexpert.h> | |
82 | ||
83 | #if CONFIG_MACF | |
84 | #include <security/mac_framework.h> | |
85 | #endif | |
86 | ||
87 | #if defined(HAS_APPLE_PAC) | |
88 | #include <ptrauth.h> | |
89 | #endif /* defined(HAS_APPLE_PAC) */ | |
90 | ||
91 | lck_grp_t * sysctl_lock_group = NULL; | |
92 | lck_rw_t * sysctl_geometry_lock = NULL; | |
93 | lck_mtx_t * sysctl_unlocked_node_lock = NULL; | |
94 | ||
95 | /* | |
96 | * Conditionally allow dtrace to see these functions for debugging purposes. | |
97 | */ | |
98 | #ifdef STATIC | |
99 | #undef STATIC | |
100 | #endif | |
101 | #if 0 | |
102 | #define STATIC | |
103 | #else | |
104 | #define STATIC static | |
105 | #endif | |
106 | ||
107 | /* forward declarations of static functions */ | |
108 | STATIC void sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i); | |
109 | STATIC int sysctl_sysctl_debug(struct sysctl_oid *oidp, void *arg1, | |
110 | int arg2, struct sysctl_req *req); | |
111 | STATIC int sysctl_sysctl_name(struct sysctl_oid *oidp, void *arg1, | |
112 | int arg2, struct sysctl_req *req); | |
113 | STATIC int sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, | |
114 | int *name, u_int namelen, int *next, int *len, int level, | |
115 | struct sysctl_oid **oidpp); | |
116 | STATIC int sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l); | |
117 | STATIC int sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l); | |
118 | STATIC int name2oid(char *name, int *oid, u_int *len); | |
119 | STATIC int sysctl_sysctl_name2oid(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); | |
120 | STATIC int sysctl_sysctl_next(struct sysctl_oid *oidp, void *arg1, int arg2, | |
121 | struct sysctl_req *req); | |
122 | STATIC int sysctl_sysctl_oidfmt(struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); | |
123 | STATIC int sysctl_old_user(struct sysctl_req *req, const void *p, size_t l); | |
124 | STATIC int sysctl_new_user(struct sysctl_req *req, void *p, size_t l); | |
125 | ||
126 | STATIC void sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp, | |
127 | size_t oldlen, user_addr_t newp, size_t newlen); | |
128 | STATIC int sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, u_int namelen, struct sysctl_req *req); | |
129 | ||
130 | int kernel_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); | |
131 | int kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen); | |
132 | int userland_sysctl(boolean_t string_is_canonical, | |
133 | char *namestring, size_t namestringlen, | |
134 | int *name, u_int namelen, struct sysctl_req *req, | |
135 | size_t *retval); | |
136 | ||
137 | struct sysctl_oid_list sysctl__children; /* root list */ | |
138 | ||
139 | /* | |
140 | * Initialization of the MIB tree. | |
141 | * | |
142 | * Order by number in each list. | |
143 | */ | |
144 | ||
145 | void | |
146 | sysctl_register_oid(struct sysctl_oid *new_oidp) | |
147 | { | |
148 | struct sysctl_oid *oidp = NULL; | |
149 | struct sysctl_oid_list *parent = new_oidp->oid_parent; | |
150 | struct sysctl_oid *p; | |
151 | struct sysctl_oid *q; | |
152 | int n; | |
153 | ||
154 | /* | |
155 | * The OID can be old-style (needs copy), new style without an earlier | |
156 | * version (also needs copy), or new style with a matching version (no | |
157 | * copy needed). Later versions are rejected (presumably, the OID | |
158 | * structure was changed for a necessary reason). | |
159 | */ | |
160 | if (!(new_oidp->oid_kind & CTLFLAG_OID2)) { | |
161 | /* | |
162 | * XXX: M_TEMP is perhaps not the most apropriate zone, as it | |
163 | * XXX: will subject us to use-after-free by other consumers. | |
164 | */ | |
165 | MALLOC(oidp, struct sysctl_oid *, sizeof(*oidp), M_TEMP, M_WAITOK | M_ZERO); | |
166 | if (oidp == NULL) { | |
167 | return; /* reject: no memory */ | |
168 | } | |
169 | /* | |
170 | * Copy the structure only through the oid_fmt field, which | |
171 | * is the last field in a non-OID2 OID structure. | |
172 | * | |
173 | * Note: We may want to set the oid_descr to the | |
174 | * oid_name (or "") at some future date. | |
175 | */ | |
176 | memcpy(oidp, new_oidp, offsetof(struct sysctl_oid, oid_descr)); | |
177 | } else { | |
178 | /* It's a later version; handle the versions we know about */ | |
179 | switch (new_oidp->oid_version) { | |
180 | case SYSCTL_OID_VERSION: | |
181 | /* current version */ | |
182 | oidp = new_oidp; | |
183 | break; | |
184 | default: | |
185 | return; /* rejects unknown version */ | |
186 | } | |
187 | } | |
188 | ||
189 | /* Get the write lock to modify the geometry */ | |
190 | lck_rw_lock_exclusive(sysctl_geometry_lock); | |
191 | ||
192 | /* | |
193 | * If this oid has a number OID_AUTO, give it a number which | |
194 | * is greater than any current oid. Make sure it is at least | |
195 | * OID_AUTO_START to leave space for pre-assigned oid numbers. | |
196 | */ | |
197 | if (oidp->oid_number == OID_AUTO) { | |
198 | /* First, find the highest oid in the parent list >OID_AUTO_START-1 */ | |
199 | n = OID_AUTO_START; | |
200 | SLIST_FOREACH(p, parent, oid_link) { | |
201 | if (p->oid_number > n) { | |
202 | n = p->oid_number; | |
203 | } | |
204 | } | |
205 | oidp->oid_number = n + 1; | |
206 | /* | |
207 | * Reflect the number in an llocated OID into the template | |
208 | * of the caller for sysctl_unregister_oid() compares. | |
209 | */ | |
210 | if (oidp != new_oidp) { | |
211 | new_oidp->oid_number = oidp->oid_number; | |
212 | } | |
213 | } | |
214 | ||
215 | #if defined(HAS_APPLE_PAC) | |
216 | if (oidp->oid_handler) { | |
217 | /* | |
218 | * Dereference function-pointer-signed oid_handler to prevent an | |
219 | * attacker with the ability to observe the result of the | |
220 | * auth_and_resign below from trying all possible inputs until an auth | |
221 | * succeeds. | |
222 | */ | |
223 | if (__builtin_expect(!*(uintptr_t*)ptrauth_auth_data((void*) | |
224 | oidp->oid_handler, ptrauth_key_function_pointer, 0), 0)) { | |
225 | /* | |
226 | * This is necessary to force the dereference but will never | |
227 | * actually be reached, dereferencing an invalidly signed pointer | |
228 | * will trap before getting here (and the codegen is nicer than | |
229 | * with a panic). | |
230 | */ | |
231 | __builtin_trap(); | |
232 | } | |
233 | /* | |
234 | * Sign oid_handler address-discriminated upon installation to make it | |
235 | * harder to replace with an arbitrary function pointer. | |
236 | */ | |
237 | oidp->oid_handler = ptrauth_auth_and_resign(oidp->oid_handler, | |
238 | ptrauth_key_function_pointer, 0, ptrauth_key_function_pointer, | |
239 | ptrauth_blend_discriminator(&oidp->oid_handler, | |
240 | ptrauth_string_discriminator("oid_handler"))); | |
241 | } | |
242 | #endif /* defined(HAS_APPLE_PAC) */ | |
243 | ||
244 | /* | |
245 | * Insert the oid into the parent's list in order. | |
246 | */ | |
247 | q = NULL; | |
248 | SLIST_FOREACH(p, parent, oid_link) { | |
249 | if (oidp->oid_number == p->oid_number) { | |
250 | panic("attempting to register a sysctl at previously registered slot : %d", oidp->oid_number); | |
251 | } else if (oidp->oid_number < p->oid_number) { | |
252 | break; | |
253 | } | |
254 | q = p; | |
255 | } | |
256 | if (q) { | |
257 | SLIST_INSERT_AFTER(q, oidp, oid_link); | |
258 | } else { | |
259 | SLIST_INSERT_HEAD(parent, oidp, oid_link); | |
260 | } | |
261 | ||
262 | /* Release the write lock */ | |
263 | lck_rw_unlock_exclusive(sysctl_geometry_lock); | |
264 | } | |
265 | ||
266 | void | |
267 | sysctl_unregister_oid(struct sysctl_oid *oidp) | |
268 | { | |
269 | struct sysctl_oid *removed_oidp = NULL; /* OID removed from tree */ | |
270 | struct sysctl_oid *old_oidp = NULL; /* OID compatibility copy */ | |
271 | ||
272 | /* Get the write lock to modify the geometry */ | |
273 | lck_rw_lock_exclusive(sysctl_geometry_lock); | |
274 | ||
275 | if (!(oidp->oid_kind & CTLFLAG_OID2)) { | |
276 | /* | |
277 | * We're using a copy so we can get the new fields in an | |
278 | * old structure, so we have to iterate to compare the | |
279 | * partial structure; when we find a match, we remove it | |
280 | * normally and free the memory. | |
281 | */ | |
282 | SLIST_FOREACH(old_oidp, oidp->oid_parent, oid_link) { | |
283 | if (!memcmp(&oidp->oid_number, &old_oidp->oid_number, (offsetof(struct sysctl_oid, oid_descr) - offsetof(struct sysctl_oid, oid_number)))) { | |
284 | break; | |
285 | } | |
286 | } | |
287 | if (old_oidp != NULL) { | |
288 | SLIST_REMOVE(old_oidp->oid_parent, old_oidp, sysctl_oid, oid_link); | |
289 | removed_oidp = old_oidp; | |
290 | } | |
291 | } else { | |
292 | /* It's a later version; handle the versions we know about */ | |
293 | switch (oidp->oid_version) { | |
294 | case SYSCTL_OID_VERSION: | |
295 | /* We can just remove the OID directly... */ | |
296 | SLIST_REMOVE(oidp->oid_parent, oidp, sysctl_oid, oid_link); | |
297 | removed_oidp = oidp; | |
298 | break; | |
299 | default: | |
300 | /* XXX: Can't happen; probably tree coruption.*/ | |
301 | break; /* rejects unknown version */ | |
302 | } | |
303 | } | |
304 | ||
305 | #if defined(HAS_APPLE_PAC) | |
306 | if (removed_oidp && removed_oidp->oid_handler && old_oidp == NULL) { | |
307 | /* | |
308 | * Revert address-discriminated signing performed by | |
309 | * sysctl_register_oid() (in case this oid is registered again). | |
310 | */ | |
311 | removed_oidp->oid_handler = ptrauth_auth_function(removed_oidp->oid_handler, | |
312 | ptrauth_key_function_pointer, | |
313 | ptrauth_blend_discriminator(&removed_oidp->oid_handler, | |
314 | ptrauth_string_discriminator("oid_handler"))); | |
315 | /* | |
316 | * Dereference the function-pointer-signed result to prevent an | |
317 | * attacker with the ability to observe the result of the | |
318 | * auth_and_resign above from trying all possible inputs until an auth | |
319 | * succeeds. | |
320 | */ | |
321 | if (__builtin_expect(!*(uintptr_t*)ptrauth_auth_data((void*) | |
322 | removed_oidp->oid_handler, ptrauth_key_function_pointer, 0), 0)) { | |
323 | /* | |
324 | * This is necessary to force the dereference but will never | |
325 | * actually be reached, dereferencing an invalidly signed pointer | |
326 | * will trap before getting here (and the codegen is nicer than | |
327 | * with a panic). | |
328 | */ | |
329 | __builtin_trap(); | |
330 | } | |
331 | } | |
332 | #endif /* defined(HAS_APPLE_PAC) */ | |
333 | ||
334 | /* | |
335 | * We've removed it from the list at this point, but we don't want | |
336 | * to return to the caller until all handler references have drained | |
337 | * out. Doing things in this order prevent other people coming in | |
338 | * and starting new operations against the OID node we want removed. | |
339 | * | |
340 | * Note: oidp could be NULL if it wasn't found. | |
341 | */ | |
342 | while (removed_oidp && removed_oidp->oid_refcnt) { | |
343 | lck_rw_sleep(sysctl_geometry_lock, LCK_SLEEP_EXCLUSIVE, &removed_oidp->oid_refcnt, THREAD_UNINT); | |
344 | } | |
345 | ||
346 | /* Release the write lock */ | |
347 | lck_rw_unlock_exclusive(sysctl_geometry_lock); | |
348 | ||
349 | /* If it was allocated, free it after dropping the lock */ | |
350 | if (old_oidp != NULL) { | |
351 | FREE(old_oidp, M_TEMP); | |
352 | } | |
353 | } | |
354 | ||
355 | /* | |
356 | * Bulk-register all the oids in a linker_set. | |
357 | */ | |
358 | void | |
359 | sysctl_register_set(const char *set) | |
360 | { | |
361 | struct sysctl_oid **oidpp, *oidp; | |
362 | ||
363 | LINKER_SET_FOREACH(oidpp, struct sysctl_oid **, set) { | |
364 | oidp = *oidpp; | |
365 | if (!(oidp->oid_kind & CTLFLAG_NOAUTO)) { | |
366 | sysctl_register_oid(oidp); | |
367 | } | |
368 | } | |
369 | } | |
370 | ||
371 | void | |
372 | sysctl_unregister_set(const char *set) | |
373 | { | |
374 | struct sysctl_oid **oidpp, *oidp; | |
375 | ||
376 | LINKER_SET_FOREACH(oidpp, struct sysctl_oid **, set) { | |
377 | oidp = *oidpp; | |
378 | if (!(oidp->oid_kind & CTLFLAG_NOAUTO)) { | |
379 | sysctl_unregister_oid(oidp); | |
380 | } | |
381 | } | |
382 | } | |
383 | ||
384 | /* | |
385 | * Exported in BSDKernel.exports, kept for binary compatibility | |
386 | */ | |
387 | #if defined(__x86_64__) | |
388 | void | |
389 | sysctl_register_fixed(void) | |
390 | { | |
391 | } | |
392 | #endif | |
393 | ||
394 | /* | |
395 | * Register the kernel's oids on startup. | |
396 | */ | |
397 | ||
398 | void | |
399 | sysctl_early_init(void) | |
400 | { | |
401 | /* | |
402 | * Initialize the geometry lock for reading/modifying the | |
403 | * sysctl tree. This is done here because IOKit registers | |
404 | * some sysctl's before bsd_init() would otherwise perform | |
405 | * subsystem initialization. | |
406 | */ | |
407 | ||
408 | sysctl_lock_group = lck_grp_alloc_init("sysctl", NULL); | |
409 | sysctl_geometry_lock = lck_rw_alloc_init(sysctl_lock_group, NULL); | |
410 | sysctl_unlocked_node_lock = lck_mtx_alloc_init(sysctl_lock_group, NULL); | |
411 | ||
412 | sysctl_register_set("__sysctl_set"); | |
413 | sysctl_load_devicetree_entries(); | |
414 | } | |
415 | ||
416 | /* | |
417 | * New handler interface | |
418 | * If the sysctl caller (user mode or kernel mode) is interested in the | |
419 | * value (req->oldptr != NULL), we copy the data (bigValue etc.) out, | |
420 | * if the caller wants to set the value (req->newptr), we copy | |
421 | * the data in (*pValue etc.). | |
422 | */ | |
423 | ||
424 | int | |
425 | sysctl_io_number(struct sysctl_req *req, long long bigValue, size_t valueSize, void *pValue, int *changed) | |
426 | { | |
427 | int smallValue; | |
428 | int error; | |
429 | ||
430 | if (changed) { | |
431 | *changed = 0; | |
432 | } | |
433 | ||
434 | /* | |
435 | * Handle the various combinations of caller buffer size and | |
436 | * data value size. We are generous in the case where the | |
437 | * caller has specified a 32-bit buffer but the value is 64-bit | |
438 | * sized. | |
439 | */ | |
440 | ||
441 | /* 32 bit value expected or 32 bit buffer offered */ | |
442 | if (((valueSize == sizeof(int)) || | |
443 | ((req->oldlen == sizeof(int)) && (valueSize == sizeof(long long)))) | |
444 | && (req->oldptr)) { | |
445 | smallValue = (int)bigValue; | |
446 | if ((long long)smallValue != bigValue) { | |
447 | return ERANGE; | |
448 | } | |
449 | error = SYSCTL_OUT(req, &smallValue, sizeof(smallValue)); | |
450 | } else { | |
451 | /* any other case is either size-equal or a bug */ | |
452 | error = SYSCTL_OUT(req, &bigValue, valueSize); | |
453 | } | |
454 | /* error or nothing to set */ | |
455 | if (error || !req->newptr) { | |
456 | return error; | |
457 | } | |
458 | ||
459 | /* set request for constant */ | |
460 | if (pValue == NULL) { | |
461 | return EPERM; | |
462 | } | |
463 | ||
464 | /* set request needs to convert? */ | |
465 | if ((req->newlen == sizeof(int)) && (valueSize == sizeof(long long))) { | |
466 | /* new value is 32 bits, upconvert to 64 bits */ | |
467 | error = SYSCTL_IN(req, &smallValue, sizeof(smallValue)); | |
468 | if (!error) { | |
469 | *(long long *)pValue = (long long)smallValue; | |
470 | } | |
471 | } else if ((req->newlen == sizeof(long long)) && (valueSize == sizeof(int))) { | |
472 | /* new value is 64 bits, downconvert to 32 bits and range check */ | |
473 | error = SYSCTL_IN(req, &bigValue, sizeof(bigValue)); | |
474 | if (!error) { | |
475 | smallValue = (int)bigValue; | |
476 | if ((long long)smallValue != bigValue) { | |
477 | return ERANGE; | |
478 | } | |
479 | *(int *)pValue = smallValue; | |
480 | } | |
481 | } else { | |
482 | /* sizes match, just copy in */ | |
483 | error = SYSCTL_IN(req, pValue, valueSize); | |
484 | } | |
485 | if (!error && changed) { | |
486 | *changed = 1; | |
487 | } | |
488 | return error; | |
489 | } | |
490 | ||
491 | int | |
492 | sysctl_io_string(struct sysctl_req *req, char *pValue, size_t valueSize, int trunc, int *changed) | |
493 | { | |
494 | int error; | |
495 | ||
496 | if (changed) { | |
497 | *changed = 0; | |
498 | } | |
499 | ||
500 | if (trunc && req->oldptr && req->oldlen && (req->oldlen < strlen(pValue) + 1)) { | |
501 | /* If trunc != 0, if you give it a too small (but larger than | |
502 | * 0 bytes) buffer, instead of returning ENOMEM, it truncates the | |
503 | * returned string to the buffer size. This preserves the semantics | |
504 | * of some library routines implemented via sysctl, which truncate | |
505 | * their returned data, rather than simply returning an error. The | |
506 | * returned string is always nul (ascii '\0') terminated. */ | |
507 | error = SYSCTL_OUT(req, pValue, req->oldlen - 1); | |
508 | if (!error) { | |
509 | char c = '\0'; | |
510 | error = SYSCTL_OUT(req, &c, 1); | |
511 | } | |
512 | } else { | |
513 | /* Copy string out */ | |
514 | error = SYSCTL_OUT(req, pValue, strlen(pValue) + 1); | |
515 | } | |
516 | ||
517 | /* error or no new value */ | |
518 | if (error || !req->newptr) { | |
519 | return error; | |
520 | } | |
521 | ||
522 | /* attempt to set read-only value */ | |
523 | if (valueSize == 0) { | |
524 | return EPERM; | |
525 | } | |
526 | ||
527 | /* make sure there's room for the new string */ | |
528 | if (req->newlen >= valueSize) { | |
529 | return EINVAL; | |
530 | } | |
531 | ||
532 | /* copy the string in and force nul termination */ | |
533 | error = SYSCTL_IN(req, pValue, req->newlen); | |
534 | pValue[req->newlen] = '\0'; | |
535 | ||
536 | if (!error && changed) { | |
537 | *changed = 1; | |
538 | } | |
539 | return error; | |
540 | } | |
541 | ||
542 | int | |
543 | sysctl_io_opaque(struct sysctl_req *req, void *pValue, size_t valueSize, int *changed) | |
544 | { | |
545 | int error; | |
546 | ||
547 | if (changed) { | |
548 | *changed = 0; | |
549 | } | |
550 | ||
551 | /* Copy blob out */ | |
552 | error = SYSCTL_OUT(req, pValue, valueSize); | |
553 | ||
554 | /* error or nothing to set */ | |
555 | if (error || !req->newptr) { | |
556 | return error; | |
557 | } | |
558 | ||
559 | error = SYSCTL_IN(req, pValue, valueSize); | |
560 | ||
561 | if (!error && changed) { | |
562 | *changed = 1; | |
563 | } | |
564 | return error; | |
565 | } | |
566 | ||
567 | /* | |
568 | * "Staff-functions" | |
569 | * | |
570 | * These functions implement a presently undocumented interface | |
571 | * used by the sysctl program to walk the tree, and get the type | |
572 | * so it can print the value. | |
573 | * This interface is under work and consideration, and should probably | |
574 | * be killed with a big axe by the first person who can find the time. | |
575 | * (be aware though, that the proper interface isn't as obvious as it | |
576 | * may seem, there are various conflicting requirements. | |
577 | * | |
578 | * {0,0} printf the entire MIB-tree. | |
579 | * {0,1,...} return the name of the "..." OID. | |
580 | * {0,2,...} return the next OID. | |
581 | * {0,3} return the OID of the name in "new" | |
582 | * {0,4,...} return the kind & format info for the "..." OID. | |
583 | */ | |
584 | ||
585 | /* | |
586 | * sysctl_sysctl_debug_dump_node | |
587 | * | |
588 | * Description: Dump debug information for a given sysctl_oid_list at the | |
589 | * given oid depth out to the kernel log, via printf | |
590 | * | |
591 | * Parameters: l sysctl_oid_list pointer | |
592 | * i current node depth | |
593 | * | |
594 | * Returns: (void) | |
595 | * | |
596 | * Implicit: kernel log, modified | |
597 | * | |
598 | * Locks: Assumes sysctl_geometry_lock is held prior to calling | |
599 | * | |
600 | * Notes: This function may call itself recursively to resolve Node | |
601 | * values, which potentially have an inferioer sysctl_oid_list | |
602 | * | |
603 | * This function is only callable indirectly via the function | |
604 | * sysctl_sysctl_debug() | |
605 | * | |
606 | * Bugs: The node depth indentation does not work; this may be an | |
607 | * artifact of leading space removal by the log daemon itself | |
608 | * or some intermediate routine. | |
609 | */ | |
610 | STATIC void | |
611 | sysctl_sysctl_debug_dump_node(struct sysctl_oid_list *l, int i) | |
612 | { | |
613 | int k; | |
614 | struct sysctl_oid *oidp; | |
615 | ||
616 | SLIST_FOREACH(oidp, l, oid_link) { | |
617 | for (k = 0; k < i; k++) { | |
618 | printf(" "); | |
619 | } | |
620 | ||
621 | printf("%d %s ", oidp->oid_number, oidp->oid_name); | |
622 | ||
623 | printf("%c%c%c", | |
624 | oidp->oid_kind & CTLFLAG_LOCKED ? 'L':' ', | |
625 | oidp->oid_kind & CTLFLAG_RD ? 'R':' ', | |
626 | oidp->oid_kind & CTLFLAG_WR ? 'W':' '); | |
627 | ||
628 | if (oidp->oid_handler) { | |
629 | printf(" *Handler"); | |
630 | } | |
631 | ||
632 | switch (oidp->oid_kind & CTLTYPE) { | |
633 | case CTLTYPE_NODE: | |
634 | printf(" Node\n"); | |
635 | if (!oidp->oid_handler) { | |
636 | sysctl_sysctl_debug_dump_node( | |
637 | oidp->oid_arg1, i + 2); | |
638 | } | |
639 | break; | |
640 | case CTLTYPE_INT: printf(" Int\n"); break; | |
641 | case CTLTYPE_STRING: printf(" String\n"); break; | |
642 | case CTLTYPE_QUAD: printf(" Quad\n"); break; | |
643 | case CTLTYPE_OPAQUE: printf(" Opaque/struct\n"); break; | |
644 | default: printf("\n"); | |
645 | } | |
646 | } | |
647 | } | |
648 | ||
649 | /* | |
650 | * sysctl_sysctl_debug | |
651 | * | |
652 | * Description: This function implements the "sysctl.debug" portion of the | |
653 | * OID space for sysctl. | |
654 | * | |
655 | * OID: 0, 0 | |
656 | * | |
657 | * Parameters: __unused | |
658 | * | |
659 | * Returns: ENOENT | |
660 | * | |
661 | * Implicit: kernel log, modified | |
662 | * | |
663 | * Locks: Acquires and then releases a read lock on the | |
664 | * sysctl_geometry_lock | |
665 | */ | |
666 | STATIC int | |
667 | sysctl_sysctl_debug(__unused struct sysctl_oid *oidp, __unused void *arg1, | |
668 | __unused int arg2, __unused struct sysctl_req *req) | |
669 | { | |
670 | lck_rw_lock_shared(sysctl_geometry_lock); | |
671 | sysctl_sysctl_debug_dump_node(&sysctl__children, 0); | |
672 | lck_rw_done(sysctl_geometry_lock); | |
673 | return ENOENT; | |
674 | } | |
675 | ||
676 | SYSCTL_PROC(_sysctl, 0, debug, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_LOCKED, | |
677 | 0, 0, sysctl_sysctl_debug, "-", ""); | |
678 | ||
679 | /* | |
680 | * sysctl_sysctl_name | |
681 | * | |
682 | * Description: Convert an OID into a string name; this is used by the user | |
683 | * space sysctl() command line utility; this is done in a purely | |
684 | * advisory capacity (e.g. to provide node names for "sysctl -A" | |
685 | * output). | |
686 | * | |
687 | * OID: 0, 1 | |
688 | * | |
689 | * Parameters: oidp __unused | |
690 | * arg1 A pointer to the OID name list | |
691 | * integer array, beginning at | |
692 | * adjusted option base 2 | |
693 | * arg2 The number of elements which | |
694 | * remain in the name array | |
695 | * | |
696 | * Returns: 0 Success | |
697 | * SYSCTL_OUT:EPERM Permission denied | |
698 | * SYSCTL_OUT:EFAULT Bad user supplied buffer | |
699 | * SYSCTL_OUT:??? Return value from user function | |
700 | * for SYSCTL_PROC leaf node | |
701 | * | |
702 | * Implict: Contents of user request buffer, modified | |
703 | * | |
704 | * Locks: Acquires and then releases a read lock on the | |
705 | * sysctl_geometry_lock | |
706 | * | |
707 | * Notes: SPI (System Programming Interface); this is subject to change | |
708 | * and may not be relied upon by third party applications; use | |
709 | * a subprocess to communicate with the "sysctl" command line | |
710 | * command instead, if you believe you need this functionality. | |
711 | * Preferrably, use sysctlbyname() instead. | |
712 | * | |
713 | * Setting of the NULL termination of the output string is | |
714 | * delayed until after the geometry lock is dropped. If there | |
715 | * are no Entries remaining in the OID name list when this | |
716 | * function is called, it will still write out the termination | |
717 | * byte. | |
718 | * | |
719 | * This function differs from other sysctl functions in that | |
720 | * it can not take an output buffer length of 0 to determine the | |
721 | * space which will be required. It is suggested that the buffer | |
722 | * length be PATH_MAX, and that authors of new sysctl's refrain | |
723 | * from exceeding this string length. | |
724 | */ | |
725 | STATIC int | |
726 | sysctl_sysctl_name(__unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
727 | struct sysctl_req *req) | |
728 | { | |
729 | int *name = (int *) arg1; | |
730 | u_int namelen = arg2; | |
731 | int error = 0; | |
732 | struct sysctl_oid *oid; | |
733 | struct sysctl_oid_list *lsp = &sysctl__children, *lsp2; | |
734 | char tempbuf[10] = {}; | |
735 | ||
736 | lck_rw_lock_shared(sysctl_geometry_lock); | |
737 | while (namelen) { | |
738 | if (!lsp) { | |
739 | snprintf(tempbuf, sizeof(tempbuf), "%d", *name); | |
740 | if (req->oldidx) { | |
741 | error = SYSCTL_OUT(req, ".", 1); | |
742 | } | |
743 | if (!error) { | |
744 | error = SYSCTL_OUT(req, tempbuf, strlen(tempbuf)); | |
745 | } | |
746 | if (error) { | |
747 | lck_rw_done(sysctl_geometry_lock); | |
748 | return error; | |
749 | } | |
750 | namelen--; | |
751 | name++; | |
752 | continue; | |
753 | } | |
754 | lsp2 = 0; | |
755 | SLIST_FOREACH(oid, lsp, oid_link) { | |
756 | if (oid->oid_number != *name) { | |
757 | continue; | |
758 | } | |
759 | ||
760 | if (req->oldidx) { | |
761 | error = SYSCTL_OUT(req, ".", 1); | |
762 | } | |
763 | if (!error) { | |
764 | error = SYSCTL_OUT(req, oid->oid_name, | |
765 | strlen(oid->oid_name)); | |
766 | } | |
767 | if (error) { | |
768 | lck_rw_done(sysctl_geometry_lock); | |
769 | return error; | |
770 | } | |
771 | ||
772 | namelen--; | |
773 | name++; | |
774 | ||
775 | if ((oid->oid_kind & CTLTYPE) != CTLTYPE_NODE) { | |
776 | break; | |
777 | } | |
778 | ||
779 | if (oid->oid_handler) { | |
780 | break; | |
781 | } | |
782 | ||
783 | lsp2 = (struct sysctl_oid_list *)oid->oid_arg1; | |
784 | break; | |
785 | } | |
786 | lsp = lsp2; | |
787 | } | |
788 | lck_rw_done(sysctl_geometry_lock); | |
789 | return SYSCTL_OUT(req, "", 1); | |
790 | } | |
791 | ||
792 | SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_name, ""); | |
793 | ||
794 | /* | |
795 | * sysctl_sysctl_next_ls | |
796 | * | |
797 | * Description: For a given OID name value, return the next consecutive OID | |
798 | * name value within the geometry tree | |
799 | * | |
800 | * Parameters: lsp The OID list to look in | |
801 | * name The OID name to start from | |
802 | * namelen The length of the OID name | |
803 | * next Pointer to new oid storage to | |
804 | * fill in | |
805 | * len Pointer to receive new OID | |
806 | * length value of storage written | |
807 | * level OID tree depth (used to compute | |
808 | * len value) | |
809 | * oidpp Pointer to OID list entry | |
810 | * pointer; used to walk the list | |
811 | * forward across recursion | |
812 | * | |
813 | * Returns: 0 Returning a new entry | |
814 | * 1 End of geometry list reached | |
815 | * | |
816 | * Implicit: *next Modified to contain the new OID | |
817 | * *len Modified to contain new length | |
818 | * | |
819 | * Locks: Assumes sysctl_geometry_lock is held prior to calling | |
820 | * | |
821 | * Notes: This function will not return OID values that have special | |
822 | * handlers, since we can not tell wheter these handlers consume | |
823 | * elements from the OID space as parameters. For this reason, | |
824 | * we STRONGLY discourage these types of handlers | |
825 | */ | |
826 | STATIC int | |
827 | sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, | |
828 | int *next, int *len, int level, struct sysctl_oid **oidpp) | |
829 | { | |
830 | struct sysctl_oid *oidp; | |
831 | ||
832 | *len = level; | |
833 | SLIST_FOREACH(oidp, lsp, oid_link) { | |
834 | *next = oidp->oid_number; | |
835 | *oidpp = oidp; | |
836 | ||
837 | if (!namelen) { | |
838 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { | |
839 | return 0; | |
840 | } | |
841 | if (oidp->oid_handler) { | |
842 | /* We really should call the handler here...*/ | |
843 | return 0; | |
844 | } | |
845 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; | |
846 | ||
847 | if (!SLIST_FIRST(lsp)) { | |
848 | /* This node had no children - skip it! */ | |
849 | continue; | |
850 | } | |
851 | ||
852 | if (!sysctl_sysctl_next_ls(lsp, 0, 0, next + 1, | |
853 | len, level + 1, oidpp)) { | |
854 | return 0; | |
855 | } | |
856 | goto next; | |
857 | } | |
858 | ||
859 | if (oidp->oid_number < *name) { | |
860 | continue; | |
861 | } | |
862 | ||
863 | if (oidp->oid_number > *name) { | |
864 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { | |
865 | return 0; | |
866 | } | |
867 | if (oidp->oid_handler) { | |
868 | return 0; | |
869 | } | |
870 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; | |
871 | if (!sysctl_sysctl_next_ls(lsp, name + 1, namelen - 1, | |
872 | next + 1, len, level + 1, oidpp)) { | |
873 | return 0; | |
874 | } | |
875 | goto next; | |
876 | } | |
877 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { | |
878 | continue; | |
879 | } | |
880 | ||
881 | if (oidp->oid_handler) { | |
882 | continue; | |
883 | } | |
884 | ||
885 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; | |
886 | if (!sysctl_sysctl_next_ls(lsp, name + 1, namelen - 1, next + 1, | |
887 | len, level + 1, oidpp)) { | |
888 | return 0; | |
889 | } | |
890 | next: | |
891 | namelen = 1; | |
892 | *len = level; | |
893 | } | |
894 | return 1; | |
895 | } | |
896 | ||
897 | /* | |
898 | * sysctl_sysctl_next | |
899 | * | |
900 | * Description: This is an iterator function designed to iterate the oid tree | |
901 | * and provide a list of OIDs for use by the user space "sysctl" | |
902 | * command line tool | |
903 | * | |
904 | * OID: 0, 2 | |
905 | * | |
906 | * Parameters: oidp __unused | |
907 | * arg1 Pointer to start OID name | |
908 | * arg2 Start OID name length | |
909 | * req Pointer to user request buffer | |
910 | * | |
911 | * Returns: 0 Success | |
912 | * ENOENT Reached end of OID space | |
913 | * SYSCTL_OUT:EPERM Permission denied | |
914 | * SYSCTL_OUT:EFAULT Bad user supplied buffer | |
915 | * SYSCTL_OUT:??? Return value from user function | |
916 | * for SYSCTL_PROC leaf node | |
917 | * | |
918 | * Implict: Contents of user request buffer, modified | |
919 | * | |
920 | * Locks: Acquires and then releases a read lock on the | |
921 | * sysctl_geometry_lock | |
922 | * | |
923 | * Notes: SPI (System Programming Interface); this is subject to change | |
924 | * and may not be relied upon by third party applications; use | |
925 | * a subprocess to communicate with the "sysctl" command line | |
926 | * command instead, if you believe you need this functionality. | |
927 | * Preferrably, use sysctlbyname() instead. | |
928 | * | |
929 | * This function differs from other sysctl functions in that | |
930 | * it can not take an output buffer length of 0 to determine the | |
931 | * space which will be required. It is suggested that the buffer | |
932 | * length be PATH_MAX, and that authors of new sysctl's refrain | |
933 | * from exceeding this string length. | |
934 | */ | |
935 | STATIC int | |
936 | sysctl_sysctl_next(__unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
937 | struct sysctl_req *req) | |
938 | { | |
939 | int *name = (int *) arg1; | |
940 | u_int namelen = arg2; | |
941 | int i, j, error; | |
942 | struct sysctl_oid *oid; | |
943 | struct sysctl_oid_list *lsp = &sysctl__children; | |
944 | int newoid[CTL_MAXNAME] = {}; | |
945 | ||
946 | lck_rw_lock_shared(sysctl_geometry_lock); | |
947 | i = sysctl_sysctl_next_ls(lsp, name, namelen, newoid, &j, 1, &oid); | |
948 | lck_rw_done(sysctl_geometry_lock); | |
949 | if (i) { | |
950 | return ENOENT; | |
951 | } | |
952 | error = SYSCTL_OUT(req, newoid, j * sizeof(int)); | |
953 | return error; | |
954 | } | |
955 | ||
956 | SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_next, ""); | |
957 | ||
958 | /* | |
959 | * name2oid | |
960 | * | |
961 | * Description: Support function for use by sysctl_sysctl_name2oid(); looks | |
962 | * up an OID name given a string name. | |
963 | * | |
964 | * Parameters: name NULL terminated string name | |
965 | * oid Pointer to receive OID name | |
966 | * len Pointer to receive OID length | |
967 | * pointer value (see "Notes") | |
968 | * | |
969 | * Returns: 0 Success | |
970 | * ENOENT Entry not found | |
971 | * | |
972 | * Implicit: *oid Modified to contain OID value | |
973 | * *len Modified to contain OID length | |
974 | * | |
975 | * Locks: Assumes sysctl_geometry_lock is held prior to calling | |
976 | */ | |
977 | STATIC int | |
978 | name2oid(char *name, int *oid, u_int *len) | |
979 | { | |
980 | int i; | |
981 | struct sysctl_oid *oidp; | |
982 | struct sysctl_oid_list *lsp = &sysctl__children; | |
983 | char *p; | |
984 | ||
985 | if (!*name) { | |
986 | return ENOENT; | |
987 | } | |
988 | ||
989 | p = name + strlen(name) - 1; | |
990 | if (*p == '.') { | |
991 | *p = '\0'; | |
992 | } | |
993 | ||
994 | *len = 0; | |
995 | ||
996 | for (p = name; *p && *p != '.'; p++) { | |
997 | ; | |
998 | } | |
999 | i = *p; | |
1000 | if (i == '.') { | |
1001 | *p = '\0'; | |
1002 | } | |
1003 | ||
1004 | oidp = SLIST_FIRST(lsp); | |
1005 | ||
1006 | while (oidp && *len < CTL_MAXNAME) { | |
1007 | if (strcmp(name, oidp->oid_name)) { | |
1008 | oidp = SLIST_NEXT(oidp, oid_link); | |
1009 | continue; | |
1010 | } | |
1011 | *oid++ = oidp->oid_number; | |
1012 | (*len)++; | |
1013 | ||
1014 | if (!i) { | |
1015 | return 0; | |
1016 | } | |
1017 | ||
1018 | if ((oidp->oid_kind & CTLTYPE) != CTLTYPE_NODE) { | |
1019 | break; | |
1020 | } | |
1021 | ||
1022 | if (oidp->oid_handler) { | |
1023 | break; | |
1024 | } | |
1025 | ||
1026 | lsp = (struct sysctl_oid_list *)oidp->oid_arg1; | |
1027 | oidp = SLIST_FIRST(lsp); | |
1028 | *p = i; /* restore */ | |
1029 | name = p + 1; | |
1030 | for (p = name; *p && *p != '.'; p++) { | |
1031 | ; | |
1032 | } | |
1033 | i = *p; | |
1034 | if (i == '.') { | |
1035 | *p = '\0'; | |
1036 | } | |
1037 | } | |
1038 | return ENOENT; | |
1039 | } | |
1040 | ||
1041 | /* | |
1042 | * sysctl_sysctl_name2oid | |
1043 | * | |
1044 | * Description: Translate a string name to an OID name value; this is used by | |
1045 | * the sysctlbyname() function as well as by the "sysctl" command | |
1046 | * line command. | |
1047 | * | |
1048 | * OID: 0, 3 | |
1049 | * | |
1050 | * Parameters: oidp __unused | |
1051 | * arg1 __unused | |
1052 | * arg2 __unused | |
1053 | * req Request structure | |
1054 | * | |
1055 | * Returns: ENOENT Input length too short | |
1056 | * ENAMETOOLONG Input length too long | |
1057 | * ENOMEM Could not allocate work area | |
1058 | * SYSCTL_IN/OUT:EPERM Permission denied | |
1059 | * SYSCTL_IN/OUT:EFAULT Bad user supplied buffer | |
1060 | * SYSCTL_IN/OUT:??? Return value from user function | |
1061 | * name2oid:ENOENT Not found | |
1062 | * | |
1063 | * Implicit: *req Contents of request, modified | |
1064 | * | |
1065 | * Locks: Acquires and then releases a read lock on the | |
1066 | * sysctl_geometry_lock | |
1067 | * | |
1068 | * Notes: SPI (System Programming Interface); this is subject to change | |
1069 | * and may not be relied upon by third party applications; use | |
1070 | * a subprocess to communicate with the "sysctl" command line | |
1071 | * command instead, if you believe you need this functionality. | |
1072 | * Preferrably, use sysctlbyname() instead. | |
1073 | * | |
1074 | * This function differs from other sysctl functions in that | |
1075 | * it can not take an output buffer length of 0 to determine the | |
1076 | * space which will be required. It is suggested that the buffer | |
1077 | * length be PATH_MAX, and that authors of new sysctl's refrain | |
1078 | * from exceeding this string length. | |
1079 | */ | |
1080 | STATIC int | |
1081 | sysctl_sysctl_name2oid(__unused struct sysctl_oid *oidp, __unused void *arg1, | |
1082 | __unused int arg2, struct sysctl_req *req) | |
1083 | { | |
1084 | char *p; | |
1085 | int error, oid[CTL_MAXNAME] = {}; | |
1086 | u_int len = 0; /* set by name2oid() */ | |
1087 | ||
1088 | if (req->newlen < 1) { | |
1089 | return ENOENT; | |
1090 | } | |
1091 | if (req->newlen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */ | |
1092 | return ENAMETOOLONG; | |
1093 | } | |
1094 | ||
1095 | MALLOC(p, char *, req->newlen + 1, M_TEMP, M_WAITOK); | |
1096 | if (!p) { | |
1097 | return ENOMEM; | |
1098 | } | |
1099 | ||
1100 | error = SYSCTL_IN(req, p, req->newlen); | |
1101 | if (error) { | |
1102 | FREE(p, M_TEMP); | |
1103 | return error; | |
1104 | } | |
1105 | ||
1106 | p[req->newlen] = '\0'; | |
1107 | ||
1108 | /* | |
1109 | * Note: We acquire and release the geometry lock here to | |
1110 | * avoid making name2oid needlessly complex. | |
1111 | */ | |
1112 | lck_rw_lock_shared(sysctl_geometry_lock); | |
1113 | error = name2oid(p, oid, &len); | |
1114 | lck_rw_done(sysctl_geometry_lock); | |
1115 | ||
1116 | FREE(p, M_TEMP); | |
1117 | ||
1118 | if (error) { | |
1119 | return error; | |
1120 | } | |
1121 | ||
1122 | error = SYSCTL_OUT(req, oid, len * sizeof *oid); | |
1123 | return error; | |
1124 | } | |
1125 | ||
1126 | SYSCTL_PROC(_sysctl, 3, name2oid, CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_KERN | CTLFLAG_LOCKED, 0, 0, | |
1127 | sysctl_sysctl_name2oid, "I", ""); | |
1128 | ||
1129 | /* | |
1130 | * sysctl_sysctl_oidfmt | |
1131 | * | |
1132 | * Description: For a given OID name, determine the format of the data which | |
1133 | * is associated with it. This is used by the "sysctl" command | |
1134 | * line command. | |
1135 | * | |
1136 | * OID: 0, 4 | |
1137 | * | |
1138 | * Parameters: oidp __unused | |
1139 | * arg1 The OID name to look up | |
1140 | * arg2 The length of the OID name | |
1141 | * req Pointer to user request buffer | |
1142 | * | |
1143 | * Returns: 0 Success | |
1144 | * EISDIR Malformed request | |
1145 | * ENOENT No such OID name | |
1146 | * SYSCTL_OUT:EPERM Permission denied | |
1147 | * SYSCTL_OUT:EFAULT Bad user supplied buffer | |
1148 | * SYSCTL_OUT:??? Return value from user function | |
1149 | * | |
1150 | * Implict: Contents of user request buffer, modified | |
1151 | * | |
1152 | * Locks: Acquires and then releases a read lock on the | |
1153 | * sysctl_geometry_lock | |
1154 | * | |
1155 | * Notes: SPI (System Programming Interface); this is subject to change | |
1156 | * and may not be relied upon by third party applications; use | |
1157 | * a subprocess to communicate with the "sysctl" command line | |
1158 | * command instead, if you believe you need this functionality. | |
1159 | * | |
1160 | * This function differs from other sysctl functions in that | |
1161 | * it can not take an output buffer length of 0 to determine the | |
1162 | * space which will be required. It is suggested that the buffer | |
1163 | * length be PATH_MAX, and that authors of new sysctl's refrain | |
1164 | * from exceeding this string length. | |
1165 | */ | |
1166 | STATIC int | |
1167 | sysctl_sysctl_oidfmt(__unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
1168 | struct sysctl_req *req) | |
1169 | { | |
1170 | int *name = (int *) arg1; | |
1171 | int error = ENOENT; /* default error: not found */ | |
1172 | u_int namelen = arg2; | |
1173 | u_int indx; | |
1174 | struct sysctl_oid *oid; | |
1175 | struct sysctl_oid_list *lsp = &sysctl__children; | |
1176 | ||
1177 | lck_rw_lock_shared(sysctl_geometry_lock); | |
1178 | oid = SLIST_FIRST(lsp); | |
1179 | ||
1180 | indx = 0; | |
1181 | while (oid && indx < CTL_MAXNAME) { | |
1182 | if (oid->oid_number == name[indx]) { | |
1183 | indx++; | |
1184 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { | |
1185 | if (oid->oid_handler) { | |
1186 | goto found; | |
1187 | } | |
1188 | if (indx == namelen) { | |
1189 | goto found; | |
1190 | } | |
1191 | lsp = (struct sysctl_oid_list *)oid->oid_arg1; | |
1192 | oid = SLIST_FIRST(lsp); | |
1193 | } else { | |
1194 | if (indx != namelen) { | |
1195 | error = EISDIR; | |
1196 | goto err; | |
1197 | } | |
1198 | goto found; | |
1199 | } | |
1200 | } else { | |
1201 | oid = SLIST_NEXT(oid, oid_link); | |
1202 | } | |
1203 | } | |
1204 | /* Not found */ | |
1205 | goto err; | |
1206 | ||
1207 | found: | |
1208 | if (!oid->oid_fmt) { | |
1209 | goto err; | |
1210 | } | |
1211 | error = SYSCTL_OUT(req, | |
1212 | &oid->oid_kind, sizeof(oid->oid_kind)); | |
1213 | if (!error) { | |
1214 | error = SYSCTL_OUT(req, oid->oid_fmt, | |
1215 | strlen(oid->oid_fmt) + 1); | |
1216 | } | |
1217 | err: | |
1218 | lck_rw_done(sysctl_geometry_lock); | |
1219 | return error; | |
1220 | } | |
1221 | ||
1222 | SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_sysctl_oidfmt, ""); | |
1223 | ||
1224 | ||
1225 | /* | |
1226 | * Default "handler" functions. | |
1227 | */ | |
1228 | ||
1229 | /* | |
1230 | * Handle an int, signed or unsigned. | |
1231 | * Two cases: | |
1232 | * a variable: point arg1 at it. | |
1233 | * a constant: pass it in arg2. | |
1234 | */ | |
1235 | ||
1236 | int | |
1237 | sysctl_handle_int(__unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
1238 | struct sysctl_req *req) | |
1239 | { | |
1240 | return sysctl_io_number(req, arg1? *(int*)arg1: arg2, sizeof(int), arg1, NULL); | |
1241 | } | |
1242 | ||
1243 | /* | |
1244 | * Handle a long, signed or unsigned. arg1 points to it. | |
1245 | */ | |
1246 | ||
1247 | int | |
1248 | sysctl_handle_long(__unused struct sysctl_oid *oidp, void *arg1, | |
1249 | __unused int arg2, struct sysctl_req *req) | |
1250 | { | |
1251 | if (!arg1) { | |
1252 | return EINVAL; | |
1253 | } | |
1254 | return sysctl_io_number(req, *(long*)arg1, sizeof(long), arg1, NULL); | |
1255 | } | |
1256 | ||
1257 | /* | |
1258 | * Handle a quad, signed or unsigned. arg1 points to it. | |
1259 | */ | |
1260 | ||
1261 | int | |
1262 | sysctl_handle_quad(__unused struct sysctl_oid *oidp, void *arg1, | |
1263 | __unused int arg2, struct sysctl_req *req) | |
1264 | { | |
1265 | if (!arg1) { | |
1266 | return EINVAL; | |
1267 | } | |
1268 | return sysctl_io_number(req, *(long long*)arg1, sizeof(long long), arg1, NULL); | |
1269 | } | |
1270 | ||
1271 | /* | |
1272 | * Expose an int value as a quad. | |
1273 | * | |
1274 | * This interface allows us to support interfaces defined | |
1275 | * as using quad values while the implementation is still | |
1276 | * using ints. | |
1277 | */ | |
1278 | int | |
1279 | sysctl_handle_int2quad(__unused struct sysctl_oid *oidp, void *arg1, | |
1280 | __unused int arg2, struct sysctl_req *req) | |
1281 | { | |
1282 | int error = 0; | |
1283 | long long val; | |
1284 | int newval; | |
1285 | ||
1286 | if (!arg1) { | |
1287 | return EINVAL; | |
1288 | } | |
1289 | val = (long long)*(int *)arg1; | |
1290 | error = SYSCTL_OUT(req, &val, sizeof(long long)); | |
1291 | ||
1292 | if (error || !req->newptr) { | |
1293 | return error; | |
1294 | } | |
1295 | ||
1296 | error = SYSCTL_IN(req, &val, sizeof(long long)); | |
1297 | if (!error) { | |
1298 | /* | |
1299 | * Value must be representable; check by | |
1300 | * casting and then casting back. | |
1301 | */ | |
1302 | newval = (int)val; | |
1303 | if ((long long)newval != val) { | |
1304 | error = ERANGE; | |
1305 | } else { | |
1306 | *(int *)arg1 = newval; | |
1307 | } | |
1308 | } | |
1309 | return error; | |
1310 | } | |
1311 | ||
1312 | /* | |
1313 | * Handle our generic '\0' terminated 'C' string. | |
1314 | * Two cases: | |
1315 | * a variable string: point arg1 at it, arg2 is max length. | |
1316 | * a constant string: point arg1 at it, arg2 is zero. | |
1317 | */ | |
1318 | ||
1319 | int | |
1320 | sysctl_handle_string( __unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
1321 | struct sysctl_req *req) | |
1322 | { | |
1323 | return sysctl_io_string(req, arg1, arg2, 0, NULL); | |
1324 | } | |
1325 | ||
1326 | /* | |
1327 | * Handle any kind of opaque data. | |
1328 | * arg1 points to it, arg2 is the size. | |
1329 | */ | |
1330 | ||
1331 | int | |
1332 | sysctl_handle_opaque(__unused struct sysctl_oid *oidp, void *arg1, int arg2, | |
1333 | struct sysctl_req *req) | |
1334 | { | |
1335 | return sysctl_io_opaque(req, arg1, arg2, NULL); | |
1336 | } | |
1337 | ||
1338 | /* | |
1339 | * Transfer functions to/from kernel space. | |
1340 | */ | |
1341 | STATIC int | |
1342 | sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l) | |
1343 | { | |
1344 | size_t i = 0; | |
1345 | ||
1346 | if (req->oldptr) { | |
1347 | i = l; | |
1348 | if (i > req->oldlen - req->oldidx) { | |
1349 | i = req->oldlen - req->oldidx; | |
1350 | } | |
1351 | if (i > 0) { | |
1352 | bcopy((const void*)p, CAST_DOWN(char *, (req->oldptr + req->oldidx)), i); | |
1353 | } | |
1354 | } | |
1355 | req->oldidx += l; | |
1356 | if (req->oldptr && i != l) { | |
1357 | return ENOMEM; | |
1358 | } | |
1359 | return 0; | |
1360 | } | |
1361 | ||
1362 | STATIC int | |
1363 | sysctl_new_kernel(struct sysctl_req *req, void *p, size_t l) | |
1364 | { | |
1365 | if (!req->newptr) { | |
1366 | return 0; | |
1367 | } | |
1368 | if (req->newlen - req->newidx < l) { | |
1369 | return EINVAL; | |
1370 | } | |
1371 | bcopy(CAST_DOWN(char *, (req->newptr + req->newidx)), p, l); | |
1372 | req->newidx += l; | |
1373 | return 0; | |
1374 | } | |
1375 | ||
1376 | int | |
1377 | kernel_sysctl(struct proc *p, int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen) | |
1378 | { | |
1379 | int error = 0; | |
1380 | struct sysctl_req req; | |
1381 | ||
1382 | /* | |
1383 | * Construct request. | |
1384 | */ | |
1385 | bzero(&req, sizeof req); | |
1386 | req.p = p; | |
1387 | if (oldlenp) { | |
1388 | req.oldlen = *oldlenp; | |
1389 | } | |
1390 | if (old) { | |
1391 | req.oldptr = CAST_USER_ADDR_T(old); | |
1392 | } | |
1393 | if (newlen) { | |
1394 | req.newlen = newlen; | |
1395 | req.newptr = CAST_USER_ADDR_T(new); | |
1396 | } | |
1397 | req.oldfunc = sysctl_old_kernel; | |
1398 | req.newfunc = sysctl_new_kernel; | |
1399 | req.lock = 1; | |
1400 | ||
1401 | /* make the request */ | |
1402 | error = sysctl_root(TRUE, FALSE, NULL, 0, name, namelen, &req); | |
1403 | ||
1404 | if (error && error != ENOMEM) { | |
1405 | return error; | |
1406 | } | |
1407 | ||
1408 | if (oldlenp) { | |
1409 | *oldlenp = req.oldidx; | |
1410 | } | |
1411 | ||
1412 | return error; | |
1413 | } | |
1414 | ||
1415 | /* | |
1416 | * Transfer function to/from user space. | |
1417 | */ | |
1418 | STATIC int | |
1419 | sysctl_old_user(struct sysctl_req *req, const void *p, size_t l) | |
1420 | { | |
1421 | int error = 0; | |
1422 | size_t i = 0; | |
1423 | ||
1424 | if (req->oldptr) { | |
1425 | if (req->oldlen - req->oldidx < l) { | |
1426 | return ENOMEM; | |
1427 | } | |
1428 | i = l; | |
1429 | if (i > req->oldlen - req->oldidx) { | |
1430 | i = req->oldlen - req->oldidx; | |
1431 | } | |
1432 | if (i > 0) { | |
1433 | error = copyout((const void*)p, (req->oldptr + req->oldidx), i); | |
1434 | } | |
1435 | } | |
1436 | req->oldidx += l; | |
1437 | if (error) { | |
1438 | return error; | |
1439 | } | |
1440 | if (req->oldptr && i < l) { | |
1441 | return ENOMEM; | |
1442 | } | |
1443 | return 0; | |
1444 | } | |
1445 | ||
1446 | STATIC int | |
1447 | sysctl_new_user(struct sysctl_req *req, void *p, size_t l) | |
1448 | { | |
1449 | int error; | |
1450 | ||
1451 | if (!req->newptr) { | |
1452 | return 0; | |
1453 | } | |
1454 | if (req->newlen - req->newidx < l) { | |
1455 | return EINVAL; | |
1456 | } | |
1457 | error = copyin((req->newptr + req->newidx), p, l); | |
1458 | req->newidx += l; | |
1459 | return error; | |
1460 | } | |
1461 | ||
1462 | /* | |
1463 | * Traverse our tree, and find the right node, execute whatever it points | |
1464 | * at, and return the resulting error code. | |
1465 | */ | |
1466 | ||
1467 | int | |
1468 | sysctl_root(boolean_t from_kernel, boolean_t string_is_canonical, char *namestring, size_t namestringlen, int *name, u_int namelen, struct sysctl_req *req) | |
1469 | { | |
1470 | u_int indx; | |
1471 | int i; | |
1472 | struct sysctl_oid *oid; | |
1473 | struct sysctl_oid_list *lsp = &sysctl__children; | |
1474 | sysctl_handler_t oid_handler = NULL; | |
1475 | int error; | |
1476 | boolean_t unlocked_node_found = FALSE; | |
1477 | boolean_t namestring_started = FALSE; | |
1478 | ||
1479 | /* Get the read lock on the geometry */ | |
1480 | lck_rw_lock_shared(sysctl_geometry_lock); | |
1481 | ||
1482 | if (string_is_canonical) { | |
1483 | /* namestring is actually canonical, name/namelen needs to be populated */ | |
1484 | error = name2oid(namestring, name, &namelen); | |
1485 | if (error) { | |
1486 | goto err; | |
1487 | } | |
1488 | } | |
1489 | ||
1490 | oid = SLIST_FIRST(lsp); | |
1491 | ||
1492 | indx = 0; | |
1493 | while (oid && indx < CTL_MAXNAME) { | |
1494 | if (oid->oid_number == name[indx]) { | |
1495 | if (!from_kernel && !string_is_canonical) { | |
1496 | if (namestring_started) { | |
1497 | if (strlcat(namestring, ".", namestringlen) >= namestringlen) { | |
1498 | error = ENAMETOOLONG; | |
1499 | goto err; | |
1500 | } | |
1501 | } | |
1502 | ||
1503 | if (strlcat(namestring, oid->oid_name, namestringlen) >= namestringlen) { | |
1504 | error = ENAMETOOLONG; | |
1505 | goto err; | |
1506 | } | |
1507 | namestring_started = TRUE; | |
1508 | } | |
1509 | ||
1510 | indx++; | |
1511 | if (!(oid->oid_kind & CTLFLAG_LOCKED)) { | |
1512 | unlocked_node_found = TRUE; | |
1513 | } | |
1514 | if (oid->oid_kind & CTLFLAG_NOLOCK) { | |
1515 | req->lock = 0; | |
1516 | } | |
1517 | /* | |
1518 | * For SYSCTL_PROC() functions which are for sysctl's | |
1519 | * which have parameters at the end of their OID | |
1520 | * space, you need to OR CTLTYPE_NODE into their | |
1521 | * access value. | |
1522 | * | |
1523 | * NOTE: For binary backward compatibility ONLY! Do | |
1524 | * NOT add new sysctl's that do this! Existing | |
1525 | * sysctl's which do this will eventually have | |
1526 | * compatibility code in user space, and this method | |
1527 | * will become unsupported. | |
1528 | */ | |
1529 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { | |
1530 | if (oid->oid_handler) { | |
1531 | goto found; | |
1532 | } | |
1533 | if (indx == namelen) { | |
1534 | error = ENOENT; | |
1535 | goto err; | |
1536 | } | |
1537 | ||
1538 | lsp = (struct sysctl_oid_list *)oid->oid_arg1; | |
1539 | oid = SLIST_FIRST(lsp); | |
1540 | } else { | |
1541 | if (indx != namelen) { | |
1542 | error = EISDIR; | |
1543 | goto err; | |
1544 | } | |
1545 | goto found; | |
1546 | } | |
1547 | } else { | |
1548 | oid = SLIST_NEXT(oid, oid_link); | |
1549 | } | |
1550 | } | |
1551 | error = ENOENT; | |
1552 | goto err; | |
1553 | found: | |
1554 | ||
1555 | /* | |
1556 | * indx is the index of the first remaining OID name, | |
1557 | * for sysctls that take them as arguments | |
1558 | */ | |
1559 | if (!from_kernel && !string_is_canonical && (indx < namelen)) { | |
1560 | char tempbuf[10]; | |
1561 | u_int indx2; | |
1562 | ||
1563 | for (indx2 = indx; indx2 < namelen; indx2++) { | |
1564 | snprintf(tempbuf, sizeof(tempbuf), "%d", name[indx2]); | |
1565 | ||
1566 | if (namestring_started) { | |
1567 | if (strlcat(namestring, ".", namestringlen) >= namestringlen) { | |
1568 | error = ENAMETOOLONG; | |
1569 | goto err; | |
1570 | } | |
1571 | } | |
1572 | ||
1573 | if (strlcat(namestring, tempbuf, namestringlen) >= namestringlen) { | |
1574 | error = ENAMETOOLONG; | |
1575 | goto err; | |
1576 | } | |
1577 | namestring_started = TRUE; | |
1578 | } | |
1579 | } | |
1580 | ||
1581 | /* If writing isn't allowed */ | |
1582 | if (req->newptr && (!(oid->oid_kind & CTLFLAG_WR) || | |
1583 | ((oid->oid_kind & CTLFLAG_SECURE) && securelevel > 0))) { | |
1584 | error = (EPERM); | |
1585 | goto err; | |
1586 | } | |
1587 | ||
1588 | /* | |
1589 | * If we're inside the kernel, the OID must be marked as kernel-valid. | |
1590 | */ | |
1591 | if (from_kernel && !(oid->oid_kind & CTLFLAG_KERN)) { | |
1592 | error = (EPERM); | |
1593 | goto err; | |
1594 | } | |
1595 | ||
1596 | /* | |
1597 | * This is where legacy enforcement of permissions occurs. If the | |
1598 | * flag does not say CTLFLAG_ANYBODY, then we prohibit anyone but | |
1599 | * root from writing new values down. If local enforcement happens | |
1600 | * at the leaf node, then it needs to be set as CTLFLAG_ANYBODY. In | |
1601 | * addition, if the leaf node is set this way, then in order to do | |
1602 | * specific enforcement, it has to be of type SYSCTL_PROC. | |
1603 | */ | |
1604 | if (!(oid->oid_kind & CTLFLAG_ANYBODY) && | |
1605 | req->newptr && req->p && | |
1606 | (error = proc_suser(req->p))) { | |
1607 | goto err; | |
1608 | } | |
1609 | ||
1610 | /* | |
1611 | * sysctl_unregister_oid() may change the handler value, so grab it | |
1612 | * under the lock. | |
1613 | */ | |
1614 | oid_handler = oid->oid_handler; | |
1615 | if (!oid_handler) { | |
1616 | error = EINVAL; | |
1617 | goto err; | |
1618 | } | |
1619 | ||
1620 | /* | |
1621 | * Reference the OID and drop the geometry lock; this prevents the | |
1622 | * OID from being deleted out from under the handler call, but does | |
1623 | * not prevent other calls into handlers or calls to manage the | |
1624 | * geometry elsewhere from blocking... | |
1625 | */ | |
1626 | OSAddAtomic(1, &oid->oid_refcnt); | |
1627 | ||
1628 | lck_rw_done(sysctl_geometry_lock); | |
1629 | ||
1630 | #if CONFIG_MACF | |
1631 | if (!from_kernel) { | |
1632 | error = mac_system_check_sysctlbyname(kauth_cred_get(), | |
1633 | namestring, | |
1634 | name, | |
1635 | namelen, | |
1636 | req->oldptr, | |
1637 | req->oldlen, | |
1638 | req->newptr, | |
1639 | req->newlen); | |
1640 | if (error) { | |
1641 | goto dropref; | |
1642 | } | |
1643 | } | |
1644 | #endif | |
1645 | ||
1646 | /* | |
1647 | * ...however, we still have to grab the mutex for those calls which | |
1648 | * may be into code whose reentrancy is protected by it. | |
1649 | */ | |
1650 | if (unlocked_node_found) { | |
1651 | lck_mtx_lock(sysctl_unlocked_node_lock); | |
1652 | } | |
1653 | ||
1654 | #if defined(HAS_APPLE_PAC) | |
1655 | /* | |
1656 | * oid_handler is signed address-discriminated by sysctl_register_oid(). | |
1657 | */ | |
1658 | oid_handler = ptrauth_auth_function(oid_handler, | |
1659 | ptrauth_key_function_pointer, | |
1660 | ptrauth_blend_discriminator(&oid->oid_handler, | |
1661 | ptrauth_string_discriminator("oid_handler"))); | |
1662 | #endif /* defined(HAS_APPLE_PAC) */ | |
1663 | ||
1664 | if ((oid->oid_kind & CTLTYPE) == CTLTYPE_NODE) { | |
1665 | i = oid_handler(oid, name + indx, namelen - indx, req); | |
1666 | } else { | |
1667 | i = oid_handler(oid, oid->oid_arg1, oid->oid_arg2, req); | |
1668 | } | |
1669 | error = i; | |
1670 | ||
1671 | if (unlocked_node_found) { | |
1672 | lck_mtx_unlock(sysctl_unlocked_node_lock); | |
1673 | } | |
1674 | ||
1675 | #if CONFIG_MACF | |
1676 | /* only used from another CONFIG_MACF block */ | |
1677 | dropref: | |
1678 | #endif | |
1679 | ||
1680 | /* | |
1681 | * This is tricky... we re-grab the geometry lock in order to drop | |
1682 | * the reference and wake on the address; since the geometry | |
1683 | * lock is a reader/writer lock rather than a mutex, we have to | |
1684 | * wake on all apparent 1->0 transitions. This abuses the drop | |
1685 | * after the reference decrement in order to wake any lck_rw_sleep() | |
1686 | * in progress in sysctl_unregister_oid() that slept because of a | |
1687 | * non-zero reference count. | |
1688 | * | |
1689 | * Note: OSAddAtomic() is defined to return the previous value; | |
1690 | * we use this and the fact that the lock itself is a | |
1691 | * barrier to avoid waking every time through on "hot" | |
1692 | * OIDs. | |
1693 | */ | |
1694 | lck_rw_lock_shared(sysctl_geometry_lock); | |
1695 | if (OSAddAtomic(-1, &oid->oid_refcnt) == 1) { | |
1696 | wakeup(&oid->oid_refcnt); | |
1697 | } | |
1698 | ||
1699 | err: | |
1700 | lck_rw_done(sysctl_geometry_lock); | |
1701 | return error; | |
1702 | } | |
1703 | ||
1704 | void | |
1705 | sysctl_create_user_req(struct sysctl_req *req, struct proc *p, user_addr_t oldp, | |
1706 | size_t oldlen, user_addr_t newp, size_t newlen) | |
1707 | { | |
1708 | bzero(req, sizeof(*req)); | |
1709 | ||
1710 | req->p = p; | |
1711 | ||
1712 | req->oldlen = oldlen; | |
1713 | req->oldptr = oldp; | |
1714 | ||
1715 | if (newlen) { | |
1716 | req->newlen = newlen; | |
1717 | req->newptr = newp; | |
1718 | } | |
1719 | ||
1720 | req->oldfunc = sysctl_old_user; | |
1721 | req->newfunc = sysctl_new_user; | |
1722 | req->lock = 1; | |
1723 | ||
1724 | return; | |
1725 | } | |
1726 | ||
1727 | int | |
1728 | sysctl(proc_t p, struct sysctl_args *uap, __unused int32_t *retval) | |
1729 | { | |
1730 | int error, new_error; | |
1731 | size_t oldlen = 0, newlen; | |
1732 | int name[CTL_MAXNAME]; | |
1733 | struct sysctl_req req; | |
1734 | char *namestring; | |
1735 | size_t namestringlen = MAXPATHLEN; | |
1736 | ||
1737 | /* | |
1738 | * all top-level sysctl names are non-terminal | |
1739 | */ | |
1740 | if (uap->namelen > CTL_MAXNAME || uap->namelen < 2) { | |
1741 | return EINVAL; | |
1742 | } | |
1743 | error = copyin(uap->name, &name[0], uap->namelen * sizeof(int)); | |
1744 | if (error) { | |
1745 | return error; | |
1746 | } | |
1747 | ||
1748 | AUDIT_ARG(ctlname, name, uap->namelen); | |
1749 | ||
1750 | if (uap->newlen > SIZE_T_MAX) { | |
1751 | return EINVAL; | |
1752 | } | |
1753 | newlen = (size_t)uap->newlen; | |
1754 | ||
1755 | if (uap->oldlenp != USER_ADDR_NULL) { | |
1756 | uint64_t oldlen64 = fuulong(uap->oldlenp); | |
1757 | ||
1758 | /* | |
1759 | * If more than 4G, clamp to 4G | |
1760 | */ | |
1761 | if (oldlen64 > SIZE_T_MAX) { | |
1762 | oldlen = SIZE_T_MAX; | |
1763 | } else { | |
1764 | oldlen = (size_t)oldlen64; | |
1765 | } | |
1766 | } | |
1767 | ||
1768 | sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen); | |
1769 | ||
1770 | /* Guess that longest length for the passed-in MIB, if we can be more aggressive than MAXPATHLEN */ | |
1771 | if (uap->namelen == 2) { | |
1772 | if (name[0] == CTL_KERN && name[1] < KERN_MAXID) { | |
1773 | namestringlen = 32; /* "kern.speculative_reads_disabled" */ | |
1774 | } else if (name[0] == CTL_HW && name[1] < HW_MAXID) { | |
1775 | namestringlen = 32; /* "hw.cachelinesize_compat" */ | |
1776 | } | |
1777 | } | |
1778 | ||
1779 | MALLOC(namestring, char *, namestringlen, M_TEMP, M_WAITOK); | |
1780 | if (!namestring) { | |
1781 | oldlen = 0; | |
1782 | goto err; | |
1783 | } | |
1784 | ||
1785 | error = userland_sysctl(FALSE, namestring, namestringlen, name, uap->namelen, &req, &oldlen); | |
1786 | ||
1787 | FREE(namestring, M_TEMP); | |
1788 | ||
1789 | if ((error) && (error != ENOMEM)) { | |
1790 | return error; | |
1791 | } | |
1792 | ||
1793 | err: | |
1794 | if (uap->oldlenp != USER_ADDR_NULL) { | |
1795 | /* | |
1796 | * Only overwrite the old error value on a new error | |
1797 | */ | |
1798 | new_error = suulong(uap->oldlenp, oldlen); | |
1799 | ||
1800 | if (new_error) { | |
1801 | error = new_error; | |
1802 | } | |
1803 | } | |
1804 | ||
1805 | return error; | |
1806 | } | |
1807 | ||
1808 | // sysctlbyname is also exported as KPI to kexts | |
1809 | // and the syscall name cannot conflict with it | |
1810 | int | |
1811 | sys_sysctlbyname(proc_t p, struct sysctlbyname_args *uap, __unused int32_t *retval) | |
1812 | { | |
1813 | int error, new_error; | |
1814 | size_t oldlen = 0, newlen; | |
1815 | char *name; | |
1816 | size_t namelen = 0; | |
1817 | struct sysctl_req req; | |
1818 | int oid[CTL_MAXNAME]; | |
1819 | ||
1820 | if (uap->namelen >= MAXPATHLEN) { /* XXX arbitrary, undocumented */ | |
1821 | return ENAMETOOLONG; | |
1822 | } | |
1823 | namelen = (size_t)uap->namelen; | |
1824 | ||
1825 | MALLOC(name, char *, namelen + 1, M_TEMP, M_WAITOK); | |
1826 | if (!name) { | |
1827 | return ENOMEM; | |
1828 | } | |
1829 | ||
1830 | error = copyin(uap->name, name, namelen); | |
1831 | if (error) { | |
1832 | FREE(name, M_TEMP); | |
1833 | return error; | |
1834 | } | |
1835 | name[namelen] = '\0'; | |
1836 | ||
1837 | /* XXX | |
1838 | * AUDIT_ARG(ctlname, name, uap->namelen); | |
1839 | */ | |
1840 | ||
1841 | if (uap->newlen > SIZE_T_MAX) { | |
1842 | FREE(name, M_TEMP); | |
1843 | return EINVAL; | |
1844 | } | |
1845 | newlen = (size_t)uap->newlen; | |
1846 | ||
1847 | if (uap->oldlenp != USER_ADDR_NULL) { | |
1848 | uint64_t oldlen64 = fuulong(uap->oldlenp); | |
1849 | ||
1850 | /* | |
1851 | * If more than 4G, clamp to 4G | |
1852 | */ | |
1853 | if (oldlen64 > SIZE_T_MAX) { | |
1854 | oldlen = SIZE_T_MAX; | |
1855 | } else { | |
1856 | oldlen = (size_t)oldlen64; | |
1857 | } | |
1858 | } | |
1859 | ||
1860 | sysctl_create_user_req(&req, p, uap->old, oldlen, uap->new, newlen); | |
1861 | ||
1862 | error = userland_sysctl(TRUE, name, namelen + 1, oid, CTL_MAXNAME, &req, &oldlen); | |
1863 | ||
1864 | FREE(name, M_TEMP); | |
1865 | ||
1866 | if ((error) && (error != ENOMEM)) { | |
1867 | return error; | |
1868 | } | |
1869 | ||
1870 | if (uap->oldlenp != USER_ADDR_NULL) { | |
1871 | /* | |
1872 | * Only overwrite the old error value on a new error | |
1873 | */ | |
1874 | new_error = suulong(uap->oldlenp, oldlen); | |
1875 | ||
1876 | if (new_error) { | |
1877 | error = new_error; | |
1878 | } | |
1879 | } | |
1880 | ||
1881 | return error; | |
1882 | } | |
1883 | ||
1884 | /* | |
1885 | * This is used from various compatibility syscalls too. That's why name | |
1886 | * must be in kernel space. | |
1887 | */ | |
1888 | int | |
1889 | userland_sysctl(boolean_t string_is_canonical, | |
1890 | char *namestring, size_t namestringlen, | |
1891 | int *name, u_int namelen, struct sysctl_req *req, | |
1892 | size_t *retval) | |
1893 | { | |
1894 | int error = 0; | |
1895 | struct sysctl_req req2; | |
1896 | ||
1897 | do { | |
1898 | /* if EAGAIN, reset output cursor */ | |
1899 | req2 = *req; | |
1900 | if (!string_is_canonical) { | |
1901 | namestring[0] = '\0'; | |
1902 | } | |
1903 | ||
1904 | error = sysctl_root(FALSE, string_is_canonical, namestring, namestringlen, name, namelen, &req2); | |
1905 | } while (error == EAGAIN); | |
1906 | ||
1907 | if (error && error != ENOMEM) { | |
1908 | return error; | |
1909 | } | |
1910 | ||
1911 | if (retval) { | |
1912 | if (req2.oldptr && req2.oldidx > req2.oldlen) { | |
1913 | *retval = req2.oldlen; | |
1914 | } else { | |
1915 | *retval = req2.oldidx; | |
1916 | } | |
1917 | } | |
1918 | return error; | |
1919 | } | |
1920 | ||
1921 | /* | |
1922 | * Kernel versions of the userland sysctl helper functions. | |
1923 | * | |
1924 | * These allow sysctl to be used in the same fashion in both | |
1925 | * userland and the kernel. | |
1926 | * | |
1927 | * Note that some sysctl handlers use copyin/copyout, which | |
1928 | * may not work correctly. | |
1929 | * | |
1930 | * The "sysctlbyname" KPI for use by kexts is aliased to this function. | |
1931 | */ | |
1932 | ||
1933 | int | |
1934 | kernel_sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen) | |
1935 | { | |
1936 | int oid[CTL_MAXNAME]; | |
1937 | int name2mib_oid[2]; | |
1938 | int error; | |
1939 | size_t oidlen; | |
1940 | ||
1941 | /* look up the OID with magic service node */ | |
1942 | name2mib_oid[0] = 0; | |
1943 | name2mib_oid[1] = 3; | |
1944 | ||
1945 | oidlen = sizeof(oid); | |
1946 | error = kernel_sysctl(current_proc(), name2mib_oid, 2, oid, &oidlen, __DECONST(void *, name), strlen(name)); | |
1947 | oidlen /= sizeof(int); | |
1948 | ||
1949 | /* now use the OID */ | |
1950 | if (error == 0) { | |
1951 | error = kernel_sysctl(current_proc(), oid, oidlen, oldp, oldlenp, newp, newlen); | |
1952 | } | |
1953 | return error; | |
1954 | } |