]> git.saurik.com Git - apple/xnu.git/blob - iokit/Kernel/IONVRAM.cpp
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-7195.60.75.tar.gz
[apple/xnu.git] / iokit / Kernel / IONVRAM.cpp
1 /*
2 * Copyright (c) 1998-2006 Apple Computer, Inc. All rights reserved.
3 * Copyright (c) 2007-2012 Apple Inc. All rights reserved.
4 *
5 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 *
7 * This file contains Original Code and/or Modifications of Original Code
8 * as defined in and that are subject to the Apple Public Source License
9 * Version 2.0 (the 'License'). You may not use this file except in
10 * compliance with the License. The rights granted to you under the License
11 * may not be used to create, or enable the creation or redistribution of,
12 * unlawful or unlicensed copies of an Apple operating system, or to
13 * circumvent, violate, or enable the circumvention or violation of, any
14 * terms of an Apple operating system software license agreement.
15 *
16 * Please obtain a copy of the License at
17 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 *
19 * The Original Code and all software distributed under the License are
20 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
21 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
22 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
24 * Please see the License for the specific language governing rights and
25 * limitations under the License.
26 *
27 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
28 */
29
30 #define IOKIT_ENABLE_SHARED_PTR
31
32 #include <AssertMacros.h>
33 #include <IOKit/IOLib.h>
34 #include <IOKit/IONVRAM.h>
35 #include <IOKit/IOPlatformExpert.h>
36 #include <IOKit/IOUserClient.h>
37 #include <IOKit/IOKitKeys.h>
38 #include <IOKit/IOKitKeysPrivate.h>
39 #include <IOKit/IOBSD.h>
40 #include <kern/debug.h>
41 #include <pexpert/boot.h>
42 #include <pexpert/pexpert.h>
43
44 #define super IOService
45
46 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
47
48 // Internal values
49 #define NVRAM_CHRP_SIG_APPLE 0x5A
50 #define NVRAM_CHRP_APPLE_HEADER_NAME "nvram"
51
52 // From Apple CHRP Spec
53 #define NVRAM_CHRP_SIG_SYSTEM 0x70
54 #define NVRAM_CHRP_SIG_CONFIG 0x71
55 #define NVRAM_CHRP_SIG_FREESPACE 0x7F
56
57 #define NVRAM_CHRP_PARTITION_NAME_COMMON "common"
58 #define NVRAM_CHRP_PARTITION_NAME_SYSTEM "system"
59 #define NVRAM_CHRP_PARTITION_NAME_SYSTEM_LEGACY "secure"
60 #define NVRAM_CHRP_PARTITION_NAME_FREESPACE "\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77"
61
62 #define NVRAM_CHRP_LENGTH_BLOCK_SIZE 0x10 // CHRP length field is in 16 byte blocks
63
64 typedef struct chrp_nvram_header { //16 bytes
65 uint8_t sig;
66 uint8_t cksum; // checksum on sig, len, and name
67 uint16_t len; // total length of the partition in 16 byte blocks starting with the signature
68 // and ending with the last byte of data area, ie len includes its own header size
69 char name[12];
70 uint8_t data[0];
71 } chrp_nvram_header_t;
72
73 typedef struct apple_nvram_header { // 16 + 16 bytes
74 struct chrp_nvram_header chrp;
75 uint32_t adler;
76 uint32_t generation;
77 uint8_t padding[8];
78 } apple_nvram_header_t;
79
80
81 #define kIONVRAMPrivilege kIOClientPrivilegeAdministrator
82
83 OSDefineMetaClassAndStructors(IODTNVRAM, IOService);
84
85 #if defined(DEBUG) || defined(DEVELOPMENT)
86 #define DEBUG_INFO(fmt, args...) \
87 ({ \
88 if (gNVRAMLogging) \
89 IOLog("IONVRAM::%s:%u - " fmt, __FUNCTION__, __LINE__, ##args); \
90 })
91
92 #define DEBUG_ALWAYS(fmt, args...) \
93 ({ \
94 IOLog("IONVRAM::%s:%u - " fmt, __FUNCTION__, __LINE__, ##args); \
95 })
96 #else
97 #define DEBUG_INFO(fmt, args...)
98 #define DEBUG_ALWAYS(fmt, args...)
99 #endif
100
101 #define DEBUG_ERROR DEBUG_ALWAYS
102
103 #define CONTROLLERLOCK() \
104 ({ \
105 if (preemption_enabled() && !panic_active()) \
106 IOLockLock(_controllerLock); \
107 })
108
109 #define CONTROLLERUNLOCK() \
110 ({ \
111 if (preemption_enabled() && !panic_active()) \
112 IOLockUnlock(_controllerLock); \
113 })
114
115 #define NVRAMLOCK() \
116 ({ \
117 if (preemption_enabled() && !panic_active()) \
118 IOLockLock(_variableLock); \
119 })
120
121 #define NVRAMUNLOCK() \
122 ({ \
123 if (preemption_enabled() && !panic_active()) \
124 IOLockUnlock(_variableLock); \
125 })
126
127 #define NVRAMLOCKASSERT() \
128 ({ \
129 if (preemption_enabled() && !panic_active()) \
130 IOLockAssert(_variableLock, kIOLockAssertOwned); \
131 })
132
133 typedef struct {
134 const char *name;
135 UInt32 offset;
136 UInt32 size;
137 OSSharedPtr<OSDictionary> &dict;
138 UInt8 *image;
139 } NVRAMRegionInfo;
140
141 // Guid for Apple System Boot variables
142 // 40A0DDD2-77F8-4392-B4A3-1E7304206516
143 UUID_DEFINE(gAppleSystemVariableGuid, 0x40, 0xA0, 0xDD, 0xD2, 0x77, 0xF8, 0x43, 0x92, 0xB4, 0xA3, 0x1E, 0x73, 0x04, 0x20, 0x65, 0x16);
144
145 // Apple NVRAM Variable namespace (APPLE_VENDOR_OS_VARIABLE_GUID)
146 // 7C436110-AB2A-4BBB-A880-FE41995C9F82
147 UUID_DEFINE(gAppleNVRAMGuid, 0x7C, 0x43, 0x61, 0x10, 0xAB, 0x2A, 0x4B, 0xBB, 0xA8, 0x80, 0xFE, 0x41, 0x99, 0x5C, 0x9F, 0x82);
148
149 static bool gNVRAMLogging = false;
150
151 // allowlist variables from macboot that need to be set/get from system region if present
152 static const char * const gNVRAMSystemList[] = {
153 "adbe-tunable",
154 "adbe-tunables",
155 "adfe-tunables",
156 "alamo-path",
157 "alt-boot-volume",
158 "ASMB",
159 "atc0",
160 "atc1",
161 "auto-boot",
162 "auto-boot-halt-stage",
163 "auto-boot-once",
164 "auto-boot-usb",
165 "auxkc-path",
166 "backlight-level",
167 "backlight-nits",
168 "base-system-path",
169 "boot-args",
170 "boot-breadcrumbs",
171 "boot-command",
172 "boot-device",
173 "boot-image",
174 "boot-partition",
175 "boot-path",
176 "boot-ramdisk",
177 "boot-script",
178 "boot-volume",
179 "bootdelay",
180 "bt1addr",
181 "btaddr",
182 "cam-use-ext-ldo",
183 "CLCG_override",
184 "com.apple.System.boot-nonce",
185 "com.apple.System.rtc-offset",
186 "com.apple.System.tz0-size",
187 "core-bin-offset",
188 "cpu-bin-offset",
189 "darkboot",
190 "DClr_override",
191 "dcp-auto-boot",
192 "debug-gg",
193 "debug-soc",
194 "debug-uarts",
195 "diags-path",
196 "disable-boot-wdt",
197 "display-color-space",
198 "display-timing",
199 "display-vsh-comp",
200 "dpcd-max-brightness",
201 "dtdump",
202 "dtdump-path",
203 "e75",
204 "emu",
205 "enable-auth-debug",
206 "enable-jop",
207 "enable-marconi",
208 "enable-upgrade-fallback",
209 "enforce-iuob",
210 "eth1addr",
211 "ethaddr",
212 "failboot-breadcrumbs",
213 "fixed-lcm-boost",
214 "force-ctrr-lock",
215 "force-upgrade-fail",
216 "fuos-path",
217 "hib-ui-force",
218 "hibhack-test-hmac",
219 "iboot-data",
220 "iboot-failure-reason",
221 "iboot-failure-reason-str",
222 "iboot-failure-volume",
223 "iboot1-precommitted",
224 "idle-off",
225 "is-tethered",
226 "kaslr-off",
227 "kaslr-slide",
228 "kis-rsm",
229 "knobs",
230 "loadaddr",
231 "memmapdump",
232 "mipi-bridge-cmd-verify",
233 "mipi-bridge-poll-cmd-fifo",
234 "no-ctrr",
235 "one-time-boot-command",
236 "osenvironment",
237 "ota-breadcrumbs",
238 "ota-outcome",
239 "panicmedic",
240 "panicmedic-threshold",
241 "panicmedic-timestamps",
242 "phleet-path",
243 "pinot-panel-id",
244 "pintoaddr",
245 "policy-nonce-digests",
246 "preserve-debuggability",
247 "prevent-restores", // Keep for factory <rdar://problem/70476321>
248 "prev-lang:kbd",
249 "ramrod-kickstart-aces",
250 "rbdaddr0",
251 "rbm-path",
252 "reconfig-behavior",
253 "reconfig-breakpoints",
254 "recovery-boot-mode",
255 "recovery-breadcrumbs",
256 "restored-host-timeout",
257 "root-live-fs",
258 "rtos-path",
259 "soc-bin-offset",
260 "StartupMute",
261 "StartupMuteAccessibility",
262 "storage-prev-assert",
263 "storage-prev-assert-stored",
264 "summit-panel-id",
265 "SystemAudioVolume",
266 "SystemAudioVolumeExtension",
267 "SystemAudioVolumeSaved",
268 "tz0-size-override",
269 "upgrade-fallback-boot-command",
270 "upgrade-retry",
271 "usb-enabled",
272 "wifi1addr",
273 "wifiaddr",
274 nullptr
275 };
276
277 typedef struct {
278 const char *name;
279 IONVRAMVariableType type;
280 } VariableTypeEntry;
281
282 static const
283 VariableTypeEntry gVariableTypes[] = {
284 {"auto-boot?", kOFVariableTypeBoolean},
285 {"boot-args", kOFVariableTypeString},
286 {"boot-command", kOFVariableTypeString},
287 {"boot-device", kOFVariableTypeString},
288 {"boot-file", kOFVariableTypeString},
289 {"boot-screen", kOFVariableTypeString},
290 {"boot-script", kOFVariableTypeString},
291 {"console-screen", kOFVariableTypeString},
292 {"default-client-ip", kOFVariableTypeString},
293 {"default-gateway-ip", kOFVariableTypeString},
294 {"default-mac-address?", kOFVariableTypeBoolean},
295 {"default-router-ip", kOFVariableTypeString},
296 {"default-server-ip", kOFVariableTypeString},
297 {"default-subnet-mask", kOFVariableTypeString},
298 {"diag-device", kOFVariableTypeString},
299 {"diag-file", kOFVariableTypeString},
300 {"diag-switch?", kOFVariableTypeBoolean},
301 {"fcode-debug?", kOFVariableTypeBoolean},
302 {"input-device", kOFVariableTypeString},
303 {"input-device-1", kOFVariableTypeString},
304 {"little-endian?", kOFVariableTypeBoolean},
305 {"load-base", kOFVariableTypeNumber},
306 {"mouse-device", kOFVariableTypeString},
307 {"nvramrc", kOFVariableTypeString},
308 {"oem-banner", kOFVariableTypeString},
309 {"oem-banner?", kOFVariableTypeBoolean},
310 {"oem-logo", kOFVariableTypeString},
311 {"oem-logo?", kOFVariableTypeBoolean},
312 {"output-device", kOFVariableTypeString},
313 {"output-device-1", kOFVariableTypeString},
314 {"pci-probe-list", kOFVariableTypeNumber},
315 {"pci-probe-mask", kOFVariableTypeNumber},
316 {"real-base", kOFVariableTypeNumber},
317 {"real-mode?", kOFVariableTypeBoolean},
318 {"real-size", kOFVariableTypeNumber},
319 {"screen-#columns", kOFVariableTypeNumber},
320 {"screen-#rows", kOFVariableTypeNumber},
321 {"security-mode", kOFVariableTypeString},
322 {"selftest-#megs", kOFVariableTypeNumber},
323 {"use-generic?", kOFVariableTypeBoolean},
324 {"use-nvramrc?", kOFVariableTypeBoolean},
325 {"virt-base", kOFVariableTypeNumber},
326 {"virt-size", kOFVariableTypeNumber},
327
328 #if !defined(__x86_64__)
329 {"acc-cm-override-charger-count", kOFVariableTypeNumber},
330 {"acc-cm-override-count", kOFVariableTypeNumber},
331 {"acc-mb-ld-lifetime", kOFVariableTypeNumber},
332 {"com.apple.System.boot-nonce", kOFVariableTypeString},
333 {"darkboot", kOFVariableTypeBoolean},
334 {"enter-tdm-mode", kOFVariableTypeBoolean},
335 #endif /* !defined(__x86_64__) */
336 {nullptr, kOFVariableTypeData} // Default type to return
337 };
338
339 union VariablePermission {
340 struct {
341 uint64_t UserWrite :1;
342 uint64_t RootRequired :1;
343 uint64_t KernelOnly :1;
344 uint64_t ResetNVRAMOnlyDelete :1;
345 uint64_t NeverAllowedToDelete :1;
346 uint64_t FullAccess :1;
347 uint64_t Reserved:58;
348 } Bits;
349 uint64_t Uint64;
350 };
351
352 typedef struct {
353 const char *name;
354 VariablePermission p;
355 } VariablePermissionEntry;
356
357 static const
358 VariablePermissionEntry gVariablePermissions[] = {
359 {"aapl,pci", .p.Bits.RootRequired = 1},
360 {"battery-health", .p.Bits.RootRequired = 1,
361 .p.Bits.NeverAllowedToDelete = 1},
362 {"boot-image", .p.Bits.UserWrite = 1},
363 {"com.apple.System.fp-state", .p.Bits.KernelOnly = 1},
364 {"policy-nonce-digests", .p.Bits.ResetNVRAMOnlyDelete = 1},
365 {"security-password", .p.Bits.RootRequired = 1},
366
367 #if !defined(__x86_64__)
368 {"acc-cm-override-charger-count", .p.Bits.KernelOnly = 1},
369 {"acc-cm-override-count", .p.Bits.KernelOnly = 1},
370 {"acc-mb-ld-lifetime", .p.Bits.KernelOnly = 1},
371 {"backlight-level", .p.Bits.UserWrite = 1},
372 {"com.apple.System.boot-nonce", .p.Bits.KernelOnly = 1},
373 {"com.apple.System.sep.art", .p.Bits.KernelOnly = 1},
374 {"darkboot", .p.Bits.UserWrite = 1},
375 {"nonce-seeds", .p.Bits.KernelOnly = 1},
376 #endif /* !defined(__x86_64__) */
377
378 {nullptr, {.Bits.FullAccess = 1}} // Default access
379 };
380
381 static IONVRAMVariableType
382 getVariableType(const char *propName)
383 {
384 const VariableTypeEntry *entry;
385
386 entry = gVariableTypes;
387 while (entry->name != nullptr) {
388 if (strcmp(entry->name, propName) == 0) {
389 break;
390 }
391 entry++;
392 }
393
394 return entry->type;
395 }
396
397 static IONVRAMVariableType
398 getVariableType(const OSSymbol *propSymbol)
399 {
400 return getVariableType(propSymbol->getCStringNoCopy());
401 }
402
403 static VariablePermission
404 getVariablePermission(const char *propName)
405 {
406 const VariablePermissionEntry *entry;
407
408 entry = gVariablePermissions;
409 while (entry->name != nullptr) {
410 if (strcmp(entry->name, propName) == 0) {
411 break;
412 }
413 entry++;
414 }
415
416 return entry->p;
417 }
418
419 static bool
420 variableInAllowList(const char *varName)
421 {
422 unsigned int i = 0;
423
424 while (gNVRAMSystemList[i] != nullptr) {
425 if (strcmp(varName, gNVRAMSystemList[i]) == 0) {
426 return true;
427 }
428 i++;
429 }
430
431 return false;
432 }
433
434 static bool
435 verifyWriteSizeLimit(const uuid_t *varGuid, const char *variableName, size_t propDataSize)
436 {
437 if (variableInAllowList(variableName)) {
438 if (strnstr(variableName, "breadcrumbs", strlen(variableName)) != NULL) {
439 return propDataSize <= 1024;
440 } else {
441 return propDataSize <= 768;
442 }
443 }
444
445 return true;
446 }
447
448 static bool
449 verifyPermission(IONVRAMOperation op, const uuid_t *varGuid, const char *varName)
450 {
451 VariablePermission perm;
452 bool kernel, admin, writeEntitled, readEntitled, allowList, systemGuid, systemEntitled;
453
454 perm = getVariablePermission(varName);
455
456 kernel = current_task() == kernel_task;
457
458 if (perm.Bits.KernelOnly) {
459 DEBUG_INFO("KernelOnly access for %s, kernel=%d\n", varName, kernel);
460 return kernel;
461 }
462
463 allowList = variableInAllowList(varName);
464 systemGuid = uuid_compare(*varGuid, gAppleSystemVariableGuid) == 0;
465 admin = IOUserClient::clientHasPrivilege(current_task(), kIONVRAMPrivilege) == kIOReturnSuccess;
466 writeEntitled = IOTaskHasEntitlement(current_task(), kIONVRAMWriteAccessKey);
467 readEntitled = IOTaskHasEntitlement(current_task(), kIONVRAMReadAccessKey);
468 systemEntitled = IOTaskHasEntitlement(current_task(), kIONVRAMSystemAllowKey) || kernel;
469
470 switch (op) {
471 case kIONVRAMOperationRead:
472 if (kernel || admin || readEntitled || perm.Bits.FullAccess) {
473 return true;
474 }
475 break;
476
477 case kIONVRAMOperationWrite:
478 if (kernel || perm.Bits.UserWrite || admin || writeEntitled) {
479 if (systemGuid) {
480 if (allowList) {
481 if (!systemEntitled) {
482 DEBUG_ERROR("Allowed write to system region when NOT entitled for %s\n", varName);
483 }
484 } else if (!systemEntitled) {
485 DEBUG_ERROR("Not entitled for system region writes for %s\n", varName);
486 break;
487 }
488 }
489 return true;
490 }
491 break;
492
493 case kIONVRAMOperationDelete:
494 case kIONVRAMOperationObliterate:
495 case kIONVRAMOperationReset:
496 if (perm.Bits.NeverAllowedToDelete) {
497 DEBUG_INFO("Never allowed to delete %s\n", varName);
498 break;
499 } else if ((op == kIONVRAMOperationObliterate) && perm.Bits.ResetNVRAMOnlyDelete) {
500 DEBUG_INFO("Not allowed to obliterate %s\n", varName);
501 break;
502 }
503
504 if (kernel || perm.Bits.UserWrite || admin || writeEntitled) {
505 if (systemGuid) {
506 if (allowList) {
507 if (!systemEntitled) {
508 DEBUG_ERROR("Allowed delete to system region when NOT entitled for %s\n", varName);
509 }
510 } else if (!systemEntitled) {
511 DEBUG_ERROR("Not entitled for system region deletes for %s\n", varName);
512 break;
513 }
514 }
515 return true;
516 }
517 break;
518 }
519
520 DEBUG_INFO("Permission for %s denied, kernel=%d, admin=%d, writeEntitled=%d, readEntitled=%d, systemGuid=%d, systemEntitled=%d\n",
521 varName, kernel, admin, writeEntitled, readEntitled, systemGuid, systemEntitled);
522 return false;
523 }
524
525 static bool
526 verifyPermission(IONVRAMOperation op, const uuid_t *varGuid, const OSSymbol *varName)
527 {
528 return verifyPermission(op, varGuid, varName->getCStringNoCopy());
529 }
530
531 /*
532 * Parse a variable name of the form "GUID:name".
533 * If the name cannot be parsed, substitute the Apple global variable GUID.
534 * Returns TRUE if a GUID was found in the name, FALSE otherwise.
535 * The guidResult and nameResult arguments may be nullptr if you just want
536 * to check the format of the string.
537 */
538 static bool
539 parseVariableName(const char *key, uuid_t *guidResult, const char **nameResult)
540 {
541 uuid_string_t temp = {0};
542 size_t keyLen = strlen(key);
543 bool result = false;
544 const char *name = key;
545 uuid_t guid;
546
547 if (keyLen > sizeof(temp)) {
548 // check for at least UUID + ":" + more
549 memcpy(temp, key, sizeof(temp) - 1);
550
551 if ((uuid_parse(temp, guid) == 0) &&
552 (key[sizeof(temp) - 1] == ':')) {
553 name = key + sizeof(temp);
554 result = true;
555 }
556 }
557
558 if (guidResult) {
559 result ? uuid_copy(*guidResult, guid) : uuid_copy(*guidResult, gAppleNVRAMGuid);
560 }
561 if (nameResult) {
562 *nameResult = name;
563 }
564
565 return false;
566 }
567
568 // private IOService based class for publishing distinct dictionary properties on
569 // for easy ioreg access since the serializeProperties call is overloaded and is used
570 // as variable access
571 class IODTNVRAMVariables : public IOService
572 {
573 OSDeclareDefaultStructors(IODTNVRAMVariables)
574 private:
575 IODTNVRAM *_provider;
576 OSDictionary *_properties;
577 uuid_t _guid;
578
579 public:
580 bool init(const uuid_t *guid);
581 virtual bool start(IOService * provider) APPLE_KEXT_OVERRIDE;
582 virtual IOReturn setProperties(OSObject * properties) APPLE_KEXT_OVERRIDE;
583 virtual bool serializeProperties(OSSerialize *s) const APPLE_KEXT_OVERRIDE;
584 };
585
586 OSDefineMetaClassAndStructors(IODTNVRAMVariables, IOService)
587
588 bool
589 IODTNVRAMVariables::init(const uuid_t *guid)
590 {
591 require(super::init(), error);
592 require(guid, error);
593
594 uuid_copy(_guid, *guid);
595
596 return true;
597
598 error:
599 return false;
600 }
601
602 bool
603 IODTNVRAMVariables::start(IOService * provider)
604 {
605 require(IOService::start(provider), error);
606
607 require(_provider = OSDynamicCast(IODTNVRAM, provider), error);
608
609 registerService();
610
611 return true;
612
613 error:
614 stop(provider);
615
616 return false;
617 }
618
619 IOReturn
620 IODTNVRAMVariables::setProperties(OSObject * properties)
621 {
622 if (OSDynamicCast(OSDictionary, properties)) {
623 OSSafeReleaseNULL(_properties);
624 _properties = OSDynamicCast(OSDictionary, properties);
625 properties->retain();
626 }
627
628 return IOService::setProperties(properties);
629 }
630
631 bool
632 IODTNVRAMVariables::serializeProperties(OSSerialize *s) const
633 {
634 const OSSymbol *key;
635 OSSharedPtr<OSDictionary> dict;
636 OSSharedPtr<OSCollectionIterator> iter;
637 OSSharedPtr<OSDictionary> localProperties(_properties, OSRetain);
638 bool result = false;
639
640 require(localProperties != nullptr, exit);
641
642 dict = OSDictionary::withCapacity(localProperties->getCount());
643 require_action(dict, exit, DEBUG_ERROR("No dictionary\n"));
644
645 iter = OSCollectionIterator::withCollection(localProperties.get());
646 require_action(iter, exit, DEBUG_ERROR("failed to create iterator\n"));
647
648 while ((key = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
649 if (verifyPermission(kIONVRAMOperationRead, &_guid, key)) {
650 dict->setObject(key, localProperties->getObject(key));
651 }
652 }
653
654 result = dict->serialize(s);
655
656 exit:
657 DEBUG_INFO("result=%d\n", result);
658 return result;
659 }
660
661 bool
662 IODTNVRAM::init(IORegistryEntry *old, const IORegistryPlane *plane)
663 {
664 OSSharedPtr<OSDictionary> dict;
665
666 if (!super::init(old, plane)) {
667 return false;
668 }
669
670 _variableLock = IOLockAlloc();
671 if (!_variableLock) {
672 return false;
673 }
674
675 _controllerLock = IOLockAlloc();
676 if (!_controllerLock) {
677 return false;
678 }
679
680 PE_parse_boot_argn("nvram-log", &gNVRAMLogging, sizeof(gNVRAMLogging));
681
682 dict = OSDictionary::withCapacity(1);
683 if (dict == nullptr) {
684 return false;
685 }
686 setPropertyTable(dict.get());
687 dict.reset();
688
689 _nvramSize = getNVRAMSize();
690 if (_nvramSize == 0) {
691 DEBUG_ERROR("NVRAM : Error - default size not specified in DT\n");
692 return false;
693 }
694 // partition offsets are UInt16 (bytes / 0x10) + 1
695 if (_nvramSize > 0xFFFF * 0x10) {
696 DEBUG_ERROR("NVRAM : truncating _nvramSize from %ld\n", (long) _nvramSize);
697 _nvramSize = 0xFFFF * 0x10;
698 }
699 _nvramImage = IONew(UInt8, _nvramSize);
700 if (_nvramImage == nullptr) {
701 return false;
702 }
703
704 _nvramPartitionOffsets = OSDictionary::withCapacity(1);
705 if (_nvramPartitionOffsets == nullptr) {
706 return false;
707 }
708
709 _nvramPartitionLengths = OSDictionary::withCapacity(1);
710 if (_nvramPartitionLengths == nullptr) {
711 return false;
712 }
713
714 _registryPropertiesKey = OSSymbol::withCStringNoCopy("aapl,pci");
715 if (_registryPropertiesKey == nullptr) {
716 return false;
717 }
718
719 // <rdar://problem/9529235> race condition possible between
720 // IODTNVRAM and IONVRAMController (restore loses boot-args)
721 initProxyData();
722
723 // Require at least the common partition to be present and error free
724 if (_commonDict == nullptr) {
725 return false;
726 }
727
728 return true;
729 }
730
731 void
732 IODTNVRAM::initProxyData(void)
733 {
734 OSSharedPtr<IORegistryEntry> entry;
735 const char *key = "nvram-proxy-data";
736 OSData *data;
737 const void *bytes;
738
739 entry = IORegistryEntry::fromPath("/chosen", gIODTPlane);
740 if (entry != nullptr) {
741 OSSharedPtr<OSObject> prop = entry->copyProperty(key);
742 if (prop != nullptr) {
743 data = OSDynamicCast(OSData, prop.get());
744 if (data != nullptr) {
745 bytes = data->getBytesNoCopy();
746 if ((bytes != nullptr) && (data->getLength() <= _nvramSize)) {
747 bcopy(bytes, _nvramImage, data->getLength());
748 initNVRAMImage();
749 _isProxied = true;
750 }
751 }
752 }
753 entry->removeProperty(key);
754 }
755 }
756
757 UInt32
758 IODTNVRAM::getNVRAMSize(void)
759 {
760 OSSharedPtr<IORegistryEntry> entry;
761 const char *key = "nvram-total-size";
762 OSData *data;
763 UInt32 size = 0;
764
765 entry = IORegistryEntry::fromPath("/chosen", gIODTPlane);
766 if (entry != nullptr) {
767 OSSharedPtr<OSObject> prop = entry->copyProperty(key);
768 if (prop != nullptr) {
769 data = OSDynamicCast(OSData, prop.get());
770 if (data != nullptr) {
771 size = *((UInt32*)data->getBytesNoCopy());
772 DEBUG_ALWAYS("NVRAM size is %u bytes\n", (unsigned int) size);
773 }
774 }
775 }
776 return size;
777 }
778
779
780 void
781 IODTNVRAM::registerNVRAMController(IONVRAMController *nvram)
782 {
783 IOReturn ret;
784
785 if (_nvramController != nullptr) {
786 DEBUG_ERROR("Duplicate controller set\n");
787 return;
788 }
789
790 DEBUG_INFO("setting controller\n");
791
792 _nvramController = nvram;
793
794 // <rdar://problem/9529235> race condition possible between
795 // IODTNVRAM and IONVRAMController (restore loses boot-args)
796 if (!_isProxied) {
797 DEBUG_INFO("Proxied NVRAM data\n");
798 _nvramController->read(0, _nvramImage, _nvramSize);
799 initNVRAMImage();
800 }
801
802 if (_systemPartitionSize) {
803 _systemService = new IODTNVRAMVariables;
804
805 if (!_systemService || !_systemService->init(&gAppleSystemVariableGuid)) {
806 DEBUG_ERROR("Unable to start the system service!\n");
807 goto no_system;
808 }
809
810 _systemService->setName("options-system");
811
812 if (!_systemService->attach(this)) {
813 DEBUG_ERROR("Unable to attach the system service!\n");
814 OSSafeReleaseNULL(_systemService);
815 goto no_system;
816 }
817
818 if (!_systemService->start(this)) {
819 DEBUG_ERROR("Unable to start the system service!\n");
820 _systemService->detach(this);
821 OSSafeReleaseNULL(_systemService);
822 goto no_system;
823 }
824 }
825
826 no_system:
827 if (_commonPartitionSize) {
828 _commonService = new IODTNVRAMVariables;
829
830 if (!_commonService || !_commonService->init(&gAppleNVRAMGuid)) {
831 DEBUG_ERROR("Unable to start the common service!\n");
832 goto no_common;
833 }
834
835 _commonService->setName("options-common");
836
837 if (!_commonService->attach(this)) {
838 DEBUG_ERROR("Unable to attach the common service!\n");
839 OSSafeReleaseNULL(_commonService);
840 goto no_common;
841 }
842
843 if (!_commonService->start(this)) {
844 DEBUG_ERROR("Unable to start the common service!\n");
845 _commonService->detach(this);
846 OSSafeReleaseNULL(_commonService);
847 goto no_common;
848 }
849 }
850
851 no_common:
852 ret = serializeVariables();
853 DEBUG_INFO("serializeVariables ret=0x%08x\n", ret);
854 }
855
856 void
857 IODTNVRAM::initNVRAMImage(void)
858 {
859 char partitionID[18];
860 UInt32 partitionOffset, partitionLength;
861 UInt32 currentLength, currentOffset = 0;
862
863 _commonPartitionOffset = 0xFFFFFFFF;
864 _systemPartitionOffset = 0xFFFFFFFF;
865
866 // Look through the partitions to find the OF and System partitions.
867 while (currentOffset < _nvramSize) {
868 bool common_partition;
869 bool system_partition;
870
871 chrp_nvram_header_t * header = (chrp_nvram_header_t *)(_nvramImage + currentOffset);
872
873 currentLength = header->len * NVRAM_CHRP_LENGTH_BLOCK_SIZE;
874
875 if (currentLength < sizeof(chrp_nvram_header_t)) {
876 break;
877 }
878
879 partitionOffset = currentOffset + sizeof(chrp_nvram_header_t);
880 partitionLength = currentLength - sizeof(chrp_nvram_header_t);
881
882 if ((partitionOffset + partitionLength) > _nvramSize) {
883 break;
884 }
885
886 common_partition = memcmp(header->name, NVRAM_CHRP_PARTITION_NAME_COMMON, strlen(NVRAM_CHRP_PARTITION_NAME_COMMON)) == 0;
887 system_partition = (memcmp(header->name, NVRAM_CHRP_PARTITION_NAME_SYSTEM, strlen(NVRAM_CHRP_PARTITION_NAME_SYSTEM)) == 0) ||
888 (memcmp(header->name, NVRAM_CHRP_PARTITION_NAME_SYSTEM_LEGACY, strlen(NVRAM_CHRP_PARTITION_NAME_SYSTEM_LEGACY)) == 0);
889
890 if (common_partition) {
891 _commonPartitionOffset = partitionOffset;
892 _commonPartitionSize = partitionLength;
893 } else if (system_partition) {
894 _systemPartitionOffset = partitionOffset;
895 _systemPartitionSize = partitionLength;
896 } else {
897 OSSharedPtr<OSNumber> partitionOffsetNumber, partitionLengthNumber;
898
899 // Construct the partition ID from the signature and name.
900 snprintf(partitionID, sizeof(partitionID), "0x%02x,", header->sig);
901 strncpy(partitionID + 5, header->name, sizeof(header->name));
902 partitionID[17] = '\0';
903
904 partitionOffsetNumber = OSNumber::withNumber(partitionOffset, 32);
905 partitionLengthNumber = OSNumber::withNumber(partitionLength, 32);
906
907 // Save the partition offset and length
908 _nvramPartitionOffsets->setObject(partitionID, partitionOffsetNumber.get());
909 _nvramPartitionLengths->setObject(partitionID, partitionLengthNumber.get());
910 }
911 currentOffset += currentLength;
912 }
913
914 if (_commonPartitionOffset != 0xFFFFFFFF) {
915 _commonImage = _nvramImage + _commonPartitionOffset;
916 }
917
918 if (_systemPartitionOffset != 0xFFFFFFFF) {
919 _systemImage = _nvramImage + _systemPartitionOffset;
920 }
921
922 DEBUG_ALWAYS("NVRAM : ofPartitionOffset - 0x%x, ofPartitionSize - 0x%x, systemPartitionOffset - 0x%x, systemPartitionSize - 0x%x\n",
923 (unsigned int) _commonPartitionOffset, (unsigned int) _commonPartitionSize, (unsigned int) _systemPartitionOffset, (unsigned int) _systemPartitionSize);
924
925 _lastDeviceSync = 0;
926 _freshInterval = TRUE; // we will allow sync() even before the first 15 minutes have passed.
927
928 initVariables();
929 }
930
931 void
932 IODTNVRAM::syncInternal(bool rateLimit)
933 {
934 DEBUG_INFO("rateLimit=%d\n", rateLimit);
935
936 // Don't try to perform controller operations if none has been registered.
937 if (_nvramController == nullptr) {
938 return;
939 }
940
941 // Rate limit requests to sync. Drivers that need this rate limiting will
942 // shadow the data and only write to flash when they get a sync call
943 if (rateLimit && !safeToSync()) {
944 return;
945 }
946
947 DEBUG_INFO("Calling sync()\n");
948
949 CONTROLLERLOCK();
950 _nvramController->sync();
951 CONTROLLERUNLOCK();
952 }
953
954 void
955 IODTNVRAM::sync(void)
956 {
957 syncInternal(false);
958 }
959
960 bool
961 IODTNVRAM::serializeProperties(OSSerialize *s) const
962 {
963 const OSSymbol *key;
964 OSSharedPtr<OSDictionary> systemDict, commonDict, dict;
965 OSSharedPtr<OSCollectionIterator> iter;
966 bool result = false;
967 unsigned int totalCapacity = 0;
968
969 NVRAMLOCK();
970 if (_commonDict) {
971 commonDict = OSDictionary::withDictionary(_commonDict.get());
972 }
973
974 if (_systemDict) {
975 systemDict = OSDictionary::withDictionary(_systemDict.get());
976 }
977 NVRAMUNLOCK();
978
979 totalCapacity += (commonDict != nullptr) ? commonDict->getCapacity() : 0;
980 totalCapacity += (systemDict != nullptr) ? systemDict->getCapacity() : 0;
981
982 dict = OSDictionary::withCapacity(totalCapacity);
983
984 if (dict == nullptr) {
985 DEBUG_ERROR("No dictionary\n");
986 goto exit;
987 }
988
989 // Copy system entries first if present then copy unique common entries
990 if (systemDict != nullptr) {
991 iter = OSCollectionIterator::withCollection(systemDict.get());
992 if (iter == nullptr) {
993 DEBUG_ERROR("failed to create iterator\n");
994 goto exit;
995 }
996
997 while ((key = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
998 if (verifyPermission(kIONVRAMOperationRead, &gAppleSystemVariableGuid, key)) {
999 dict->setObject(key, systemDict->getObject(key));
1000 }
1001 }
1002
1003 iter.reset();
1004 }
1005
1006 if (commonDict != nullptr) {
1007 iter = OSCollectionIterator::withCollection(commonDict.get());
1008 if (iter == nullptr) {
1009 DEBUG_ERROR("failed to create common iterator\n");
1010 goto exit;
1011 }
1012
1013 while ((key = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
1014 if (dict->getObject(key) != nullptr) {
1015 // Skip non uniques
1016 continue;
1017 }
1018 if (verifyPermission(kIONVRAMOperationRead, &gAppleNVRAMGuid, key)) {
1019 dict->setObject(key, commonDict->getObject(key));
1020 }
1021 }
1022 }
1023
1024 result = dict->serialize(s);
1025
1026 exit:
1027 DEBUG_INFO("result=%d\n", result);
1028
1029 return result;
1030 }
1031
1032 IOReturn
1033 IODTNVRAM::chooseDictionary(IONVRAMOperation operation, const uuid_t *varGuid, const char *variableName, OSDictionary **dict) const
1034 {
1035 if (_systemDict != nullptr) {
1036 bool systemGuid = uuid_compare(*varGuid, gAppleSystemVariableGuid) == 0;
1037
1038 if (variableInAllowList(variableName)) {
1039 DEBUG_INFO("Using system dictionary due to allow list\n");
1040 if (!systemGuid) {
1041 DEBUG_ERROR("System GUID NOT used for %s\n", variableName);
1042 }
1043 *dict = _systemDict.get();
1044 } else if (systemGuid) {
1045 DEBUG_INFO("Using system dictionary via GUID\n");
1046 *dict = _systemDict.get();
1047 } else {
1048 DEBUG_INFO("Using common dictionary\n");
1049 *dict = _commonDict.get();
1050 }
1051 } else {
1052 DEBUG_INFO("Defaulting to common dictionary\n");
1053 *dict = _commonDict.get();
1054 }
1055
1056 return kIOReturnSuccess;
1057 }
1058
1059 bool
1060 IODTNVRAM::handleSpecialVariables(const char *name, uuid_t *guid, OSObject *obj, IOReturn *error)
1061 {
1062 IOReturn err = kIOReturnSuccess;
1063 bool special = false;
1064
1065 NVRAMLOCKASSERT();
1066
1067 if (strcmp(name, "ResetNVRam") == 0) {
1068 DEBUG_INFO("%s requested\n", name);
1069
1070 if (uuid_compare(*guid, gAppleSystemVariableGuid) == 0) {
1071 if (_systemDict != nullptr) {
1072 _systemDict->flushCollection();
1073 }
1074
1075 _commonDict->flushCollection();
1076 DEBUG_INFO("system & common dictionary flushed\n");
1077 }
1078
1079 special = true;
1080 } else if (strcmp(name, "ObliterateNVRam") == 0) {
1081 DEBUG_INFO("%s requested\n", name);
1082
1083 if ((_systemDict != nullptr) && (uuid_compare(*guid, gAppleSystemVariableGuid) == 0)) {
1084 const OSSymbol *key;
1085 OSSharedPtr<OSDictionary> newDict;
1086 OSSharedPtr<OSCollectionIterator> iter;
1087
1088 newDict = OSDictionary::withCapacity(_systemDict->getCapacity());
1089 iter = OSCollectionIterator::withCollection(newDict.get());
1090 if ((newDict == nullptr) || (iter == nullptr)) {
1091 err = kIOReturnNoMemory;
1092 goto exit;
1093 }
1094
1095 while ((key = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
1096 const OSSymbol *key = OSDynamicCast(OSSymbol, iter->getNextObject());
1097 if (key == nullptr) {
1098 err = kIOReturnNoMemory;
1099 goto exit;
1100 }
1101
1102 if (!verifyPermission(kIONVRAMOperationObliterate, &gAppleSystemVariableGuid, key)) {
1103 newDict->setObject(key, _systemDict->getObject(key));
1104 }
1105 }
1106
1107 _systemDict = newDict;
1108
1109 DEBUG_INFO("system dictionary flushed\n");
1110 } else if (_commonDict != nullptr) {
1111 const OSSymbol *key;
1112 OSSharedPtr<OSDictionary> newDict;
1113 OSSharedPtr<OSCollectionIterator> iter;
1114
1115 newDict = OSDictionary::withCapacity(_commonDict->getCapacity());
1116 iter = OSCollectionIterator::withCollection(newDict.get());
1117 if ((newDict == nullptr) || (iter == nullptr)) {
1118 err = kIOReturnNoMemory;
1119 goto exit;
1120 }
1121
1122 while ((key = OSDynamicCast(OSSymbol, iter->getNextObject()))) {
1123 if (!verifyPermission(kIONVRAMOperationObliterate, &gAppleNVRAMGuid, key)) {
1124 newDict->setObject(key, _commonDict->getObject(key));
1125 }
1126 }
1127
1128 _commonDict = newDict;
1129
1130 DEBUG_INFO("common dictionary flushed\n");
1131 }
1132
1133 special = true;
1134 }
1135
1136 exit:
1137 if (error) {
1138 *error = err;
1139 }
1140
1141 return special;
1142 }
1143
1144 OSSharedPtr<OSObject>
1145 IODTNVRAM::copyProperty(const OSSymbol *aKey) const
1146 {
1147 IOReturn result;
1148 const char *variableName;
1149 uuid_t varGuid;
1150 OSDictionary *dict;
1151 OSSharedPtr<OSObject> theObject = nullptr;
1152
1153 if (aKey->isEqualTo(kIOBSDNameKey) ||
1154 aKey->isEqualTo(kIOBSDNamesKey) ||
1155 aKey->isEqualTo(kIOBSDMajorKey) ||
1156 aKey->isEqualTo(kIOBSDMinorKey) ||
1157 aKey->isEqualTo(kIOBSDUnitKey)) {
1158 // These will never match.
1159 // Check here and exit to avoid logging spam
1160 return nullptr;
1161 }
1162 DEBUG_INFO("aKey=%s\n", aKey->getCStringNoCopy());
1163
1164 parseVariableName(aKey->getCStringNoCopy(), &varGuid, &variableName);
1165
1166 result = chooseDictionary(kIONVRAMOperationRead, &varGuid, variableName, &dict);
1167 if (result != kIOReturnSuccess) {
1168 goto exit;
1169 }
1170
1171 if (!verifyPermission(kIONVRAMOperationRead, &varGuid, variableName)) {
1172 DEBUG_INFO("Not privileged\n");
1173 goto exit;
1174 }
1175
1176 NVRAMLOCK();
1177 theObject.reset(dict->getObject(variableName), OSRetain);
1178 NVRAMUNLOCK();
1179
1180 if (theObject != nullptr) {
1181 DEBUG_INFO("found data\n");
1182 }
1183
1184 exit:
1185 return theObject;
1186 }
1187
1188 OSSharedPtr<OSObject>
1189 IODTNVRAM::copyProperty(const char *aKey) const
1190 {
1191 OSSharedPtr<const OSSymbol> keySymbol;
1192 OSSharedPtr<OSObject> theObject;
1193
1194 keySymbol = OSSymbol::withCString(aKey);
1195 if (keySymbol != nullptr) {
1196 theObject = copyProperty(keySymbol.get());
1197 }
1198
1199 return theObject;
1200 }
1201
1202 OSObject *
1203 IODTNVRAM::getProperty(const OSSymbol *aKey) const
1204 {
1205 // The shared pointer gets released at the end of the function,
1206 // and returns a view into theObject.
1207 OSSharedPtr<OSObject> theObject = copyProperty(aKey);
1208
1209 return theObject.get();
1210 }
1211
1212 OSObject *
1213 IODTNVRAM::getProperty(const char *aKey) const
1214 {
1215 // The shared pointer gets released at the end of the function,
1216 // and returns a view into theObject.
1217 OSSharedPtr<OSObject> theObject = copyProperty(aKey);
1218
1219 return theObject.get();
1220 }
1221
1222 IOReturn
1223 IODTNVRAM::setPropertyInternal(const OSSymbol *aKey, OSObject *anObject)
1224 {
1225 IOReturn result = kIOReturnSuccess;
1226 bool remove = false;
1227 OSString *tmpString = nullptr;
1228 OSSharedPtr<OSObject> propObject, oldObject;
1229 OSSharedPtr<OSObject> sharedObject(anObject, OSRetain);
1230 const char *variableName;
1231 uuid_t varGuid;
1232 OSDictionary *dict;
1233 bool deletePropertyKey, syncNowPropertyKey, forceSyncNowPropertyKey;
1234 bool ok;
1235 size_t propDataSize = 0;
1236
1237 DEBUG_INFO("aKey=%s\n", aKey->getCStringNoCopy());
1238
1239 parseVariableName(aKey->getCStringNoCopy(), &varGuid, &variableName);
1240 deletePropertyKey = strncmp(variableName, kIONVRAMDeletePropertyKey, sizeof(kIONVRAMDeletePropertyKey)) == 0;
1241 syncNowPropertyKey = strncmp(variableName, kIONVRAMSyncNowPropertyKey, sizeof(kIONVRAMSyncNowPropertyKey)) == 0;
1242 forceSyncNowPropertyKey = strncmp(variableName, kIONVRAMForceSyncNowPropertyKey, sizeof(kIONVRAMForceSyncNowPropertyKey)) == 0;
1243
1244 if (deletePropertyKey) {
1245 tmpString = OSDynamicCast(OSString, anObject);
1246 if (tmpString != nullptr) {
1247 DEBUG_INFO("kIONVRAMDeletePropertyKey found\n");
1248 OSSharedPtr<const OSSymbol> sharedKey = OSSymbol::withString(tmpString);
1249 removeProperty(sharedKey.get());
1250 } else {
1251 DEBUG_INFO("kIONVRAMDeletePropertyKey value needs to be an OSString\n");
1252 result = kIOReturnError;
1253 }
1254 goto exit;
1255 } else if (syncNowPropertyKey || forceSyncNowPropertyKey) {
1256 tmpString = OSDynamicCast(OSString, anObject);
1257 DEBUG_INFO("NVRAM sync key %s found\n", aKey->getCStringNoCopy());
1258 if (tmpString != nullptr) {
1259 // We still want to throttle NVRAM commit rate for SyncNow. ForceSyncNow is provided as a really big hammer.
1260 syncInternal(syncNowPropertyKey);
1261 } else {
1262 DEBUG_INFO("%s value needs to be an OSString\n", variableName);
1263 result = kIOReturnError;
1264 }
1265 goto exit;
1266 }
1267
1268 result = chooseDictionary(kIONVRAMOperationWrite, &varGuid, variableName, &dict);
1269 if (result != kIOReturnSuccess) {
1270 goto exit;
1271 }
1272
1273 if (!verifyPermission(kIONVRAMOperationWrite, &varGuid, variableName)) {
1274 DEBUG_INFO("Not privileged\n");
1275 result = kIOReturnNotPrivileged;
1276 goto exit;
1277 }
1278
1279 // Make sure the object is of the correct type.
1280 switch (getVariableType(variableName)) {
1281 case kOFVariableTypeBoolean:
1282 propObject = OSDynamicPtrCast<OSBoolean>(sharedObject);
1283 break;
1284
1285 case kOFVariableTypeNumber:
1286 propObject = OSDynamicPtrCast<OSNumber>(sharedObject);
1287 break;
1288
1289 case kOFVariableTypeString:
1290 propObject = OSDynamicPtrCast<OSString>(sharedObject);
1291 if (propObject != nullptr) {
1292 propDataSize = (OSDynamicPtrCast<OSString>(propObject))->getLength();
1293
1294 if (aKey->isEqualTo(kIONVRAMBootArgsKey) && (propDataSize >= BOOT_LINE_LENGTH)) {
1295 DEBUG_ERROR("boot-args size too large for BOOT_LINE_LENGTH, propDataSize=%zu\n", propDataSize);
1296 result = kIOReturnNoSpace;
1297 goto exit;
1298 }
1299 }
1300 break;
1301
1302 case kOFVariableTypeData:
1303 propObject = OSDynamicPtrCast<OSData>(sharedObject);
1304 if (propObject == nullptr) {
1305 tmpString = OSDynamicCast(OSString, sharedObject.get());
1306 if (tmpString != nullptr) {
1307 propObject = OSData::withBytes(tmpString->getCStringNoCopy(),
1308 tmpString->getLength());
1309 }
1310 }
1311
1312 if (propObject != nullptr) {
1313 propDataSize = (OSDynamicPtrCast<OSData>(propObject))->getLength();
1314 }
1315
1316 #if defined(XNU_TARGET_OS_OSX)
1317 if ((propObject != nullptr) && ((OSDynamicPtrCast<OSData>(propObject))->getLength() == 0)) {
1318 remove = true;
1319 }
1320 #endif /* defined(XNU_TARGET_OS_OSX) */
1321 break;
1322 default:
1323 break;
1324 }
1325
1326 if (propObject == nullptr) {
1327 DEBUG_INFO("No property object\n");
1328 result = kIOReturnBadArgument;
1329 goto exit;
1330 }
1331
1332 if (!verifyWriteSizeLimit(&varGuid, variableName, propDataSize)) {
1333 DEBUG_ERROR("Property data size of %zu too long for %s\n", propDataSize, variableName);
1334 result = kIOReturnNoSpace;
1335 goto exit;
1336 }
1337
1338 NVRAMLOCK();
1339 ok = handleSpecialVariables(variableName, &varGuid, propObject.get(), &result);
1340 NVRAMUNLOCK();
1341
1342 if (ok) {
1343 serializeVariables();
1344 goto exit;
1345 }
1346
1347 NVRAMLOCK();
1348 oldObject.reset(dict->getObject(variableName), OSRetain);
1349 if (remove == false) {
1350 DEBUG_INFO("Adding object\n");
1351 if (!dict->setObject(variableName, propObject.get())) {
1352 result = kIOReturnBadArgument;
1353 }
1354 } else {
1355 DEBUG_INFO("Removing object\n");
1356 // Check for existence so we can decide whether we need to sync variables
1357 if (oldObject) {
1358 result = removePropertyInternal(aKey);
1359 } else {
1360 result = kIOReturnNotFound;
1361 }
1362 }
1363 NVRAMUNLOCK();
1364
1365 if (result == kIOReturnSuccess) {
1366 result = serializeVariables();
1367 if (result != kIOReturnSuccess) {
1368 DEBUG_ERROR("serializeVariables failed, result=0x%08x\n", result);
1369
1370 NVRAMLOCK();
1371 if (oldObject) {
1372 dict->setObject(variableName, oldObject.get());
1373 } else {
1374 dict->removeObject(variableName);
1375 }
1376 NVRAMUNLOCK();
1377
1378 (void) serializeVariables();
1379 result = kIOReturnNoMemory;
1380 }
1381 }
1382
1383 if (oldObject) {
1384 oldObject.reset();
1385 }
1386 if (tmpString) {
1387 propObject.reset();
1388 }
1389
1390 exit:
1391 DEBUG_INFO("result=0x%08x\n", result);
1392
1393 return result;
1394 }
1395
1396 bool
1397 IODTNVRAM::setProperty(const OSSymbol *aKey, OSObject *anObject)
1398 {
1399 return setPropertyInternal(aKey, anObject) == kIOReturnSuccess;
1400 }
1401
1402 void
1403 IODTNVRAM::removeProperty(const OSSymbol *aKey)
1404 {
1405 IOReturn ret;
1406
1407 NVRAMLOCK();
1408 ret = removePropertyInternal(aKey);
1409 NVRAMUNLOCK();
1410
1411 if (ret == kIOReturnSuccess) {
1412 serializeVariables();
1413 } else {
1414 DEBUG_INFO("removePropertyInternal failed, ret=0x%08x\n", ret);
1415 }
1416 }
1417
1418 IOReturn
1419 IODTNVRAM::removePropertyInternal(const OSSymbol *aKey)
1420 {
1421 IOReturn result;
1422 const char *variableName;
1423 uuid_t varGuid;
1424 OSDictionary *dict;
1425
1426 DEBUG_INFO("aKey=%s\n", aKey->getCStringNoCopy());
1427
1428 NVRAMLOCKASSERT();
1429
1430 parseVariableName(aKey->getCStringNoCopy(), &varGuid, &variableName);
1431
1432 result = chooseDictionary(kIONVRAMOperationDelete, &varGuid, variableName, &dict);
1433 if (result != kIOReturnSuccess) {
1434 goto exit;
1435 }
1436
1437 if (!verifyPermission(kIONVRAMOperationDelete, &varGuid, variableName)) {
1438 DEBUG_INFO("Not priveleged\n");
1439 result = kIOReturnNotPrivileged;
1440 goto exit;
1441 }
1442
1443 // If the object exists, remove it from the dictionary.
1444 if (dict->getObject(variableName) != nullptr) {
1445 dict->removeObject(variableName);
1446 }
1447
1448 exit:
1449 return result;
1450 }
1451
1452 IOReturn
1453 IODTNVRAM::setProperties(OSObject *properties)
1454 {
1455 IOReturn result = kIOReturnSuccess;
1456 OSObject *object;
1457 const OSSymbol *key;
1458 OSDictionary *dict;
1459 OSSharedPtr<OSCollectionIterator> iter;
1460
1461 dict = OSDynamicCast(OSDictionary, properties);
1462 if (dict == nullptr) {
1463 DEBUG_ERROR("Not a dictionary\n");
1464 return kIOReturnBadArgument;
1465 }
1466
1467 iter = OSCollectionIterator::withCollection(dict);
1468 if (iter == nullptr) {
1469 DEBUG_ERROR("Couldn't create iterator\n");
1470 return kIOReturnBadArgument;
1471 }
1472
1473 while (result == kIOReturnSuccess) {
1474 key = OSDynamicCast(OSSymbol, iter->getNextObject());
1475 if (key == nullptr) {
1476 break;
1477 }
1478
1479 object = dict->getObject(key);
1480 if (object == nullptr) {
1481 continue;
1482 }
1483
1484 result = setPropertyInternal(key, object);
1485 }
1486
1487 DEBUG_INFO("result=0x%08x\n", result);
1488
1489 return result;
1490 }
1491
1492 IOReturn
1493 IODTNVRAM::readXPRAM(IOByteCount offset, UInt8 *buffer,
1494 IOByteCount length)
1495 {
1496 return kIOReturnUnsupported;
1497 }
1498
1499 IOReturn
1500 IODTNVRAM::writeXPRAM(IOByteCount offset, UInt8 *buffer,
1501 IOByteCount length)
1502 {
1503 return kIOReturnUnsupported;
1504 }
1505
1506 IOReturn
1507 IODTNVRAM::readNVRAMProperty(IORegistryEntry *entry,
1508 const OSSymbol **name,
1509 OSData **value)
1510 {
1511 IOReturn err;
1512
1513 err = readNVRAMPropertyType1(entry, name, value);
1514
1515 return err;
1516 }
1517
1518 IOReturn
1519 IODTNVRAM::writeNVRAMProperty(IORegistryEntry *entry,
1520 const OSSymbol *name,
1521 OSData *value)
1522 {
1523 IOReturn err;
1524
1525 err = writeNVRAMPropertyType1(entry, name, value);
1526
1527 return err;
1528 }
1529
1530 OSDictionary *
1531 IODTNVRAM::getNVRAMPartitions(void)
1532 {
1533 return _nvramPartitionLengths.get();
1534 }
1535
1536 IOReturn
1537 IODTNVRAM::readNVRAMPartition(const OSSymbol *partitionID,
1538 IOByteCount offset, UInt8 *buffer,
1539 IOByteCount length)
1540 {
1541 OSNumber *partitionOffsetNumber, *partitionLengthNumber;
1542 UInt32 partitionOffset, partitionLength, end;
1543
1544 partitionOffsetNumber =
1545 (OSNumber *)_nvramPartitionOffsets->getObject(partitionID);
1546 partitionLengthNumber =
1547 (OSNumber *)_nvramPartitionLengths->getObject(partitionID);
1548
1549 if ((partitionOffsetNumber == nullptr) || (partitionLengthNumber == nullptr)) {
1550 return kIOReturnNotFound;
1551 }
1552
1553 partitionOffset = partitionOffsetNumber->unsigned32BitValue();
1554 partitionLength = partitionLengthNumber->unsigned32BitValue();
1555
1556 if (os_add_overflow(offset, length, &end)) {
1557 return kIOReturnBadArgument;
1558 }
1559 if ((buffer == nullptr) || (length == 0) || (end > partitionLength)) {
1560 return kIOReturnBadArgument;
1561 }
1562
1563 bcopy(_nvramImage + partitionOffset + offset, buffer, length);
1564
1565 return kIOReturnSuccess;
1566 }
1567
1568 IOReturn
1569 IODTNVRAM::writeNVRAMPartition(const OSSymbol *partitionID,
1570 IOByteCount offset, UInt8 *buffer,
1571 IOByteCount length)
1572 {
1573 OSNumber *partitionOffsetNumber, *partitionLengthNumber;
1574 UInt32 partitionOffset, partitionLength, end;
1575
1576 partitionOffsetNumber =
1577 (OSNumber *)_nvramPartitionOffsets->getObject(partitionID);
1578 partitionLengthNumber =
1579 (OSNumber *)_nvramPartitionLengths->getObject(partitionID);
1580
1581 if ((partitionOffsetNumber == nullptr) || (partitionLengthNumber == nullptr)) {
1582 return kIOReturnNotFound;
1583 }
1584
1585 partitionOffset = partitionOffsetNumber->unsigned32BitValue();
1586 partitionLength = partitionLengthNumber->unsigned32BitValue();
1587
1588 if (os_add_overflow(offset, length, &end)) {
1589 return kIOReturnBadArgument;
1590 }
1591 if ((buffer == nullptr) || (length == 0) || (end > partitionLength)) {
1592 return kIOReturnBadArgument;
1593 }
1594
1595 bcopy(buffer, _nvramImage + partitionOffset + offset, length);
1596
1597 if (_nvramController != nullptr) {
1598 _nvramController->write(0, _nvramImage, _nvramSize);
1599 }
1600
1601 return kIOReturnSuccess;
1602 }
1603
1604 IOByteCount
1605 IODTNVRAM::savePanicInfo(UInt8 *buffer, IOByteCount length)
1606 {
1607 return 0;
1608 }
1609
1610 // Private methods
1611
1612 UInt8
1613 IODTNVRAM::calculatePartitionChecksum(UInt8 *partitionHeader)
1614 {
1615 UInt8 cnt, isum, csum = 0;
1616
1617 for (cnt = 0; cnt < 0x10; cnt++) {
1618 isum = csum + partitionHeader[cnt];
1619 if (isum < csum) {
1620 isum++;
1621 }
1622 csum = isum;
1623 }
1624
1625 return csum;
1626 }
1627
1628 IOReturn
1629 IODTNVRAM::initVariables(void)
1630 {
1631 UInt32 cnt;
1632 UInt8 *propName, *propData;
1633 UInt32 propNameLength, propDataLength, regionIndex;
1634 OSSharedPtr<const OSSymbol> propSymbol;
1635 OSSharedPtr<OSObject> propObject;
1636 NVRAMRegionInfo *currentRegion;
1637 NVRAMRegionInfo variableRegions[] = { { NVRAM_CHRP_PARTITION_NAME_COMMON, _commonPartitionOffset, _commonPartitionSize, _commonDict, _commonImage},
1638 { NVRAM_CHRP_PARTITION_NAME_SYSTEM, _systemPartitionOffset, _systemPartitionSize, _systemDict, _systemImage} };
1639
1640 DEBUG_INFO("...\n");
1641
1642 for (regionIndex = 0; regionIndex < ARRAY_SIZE(variableRegions); regionIndex++) {
1643 currentRegion = &variableRegions[regionIndex];
1644
1645 if (currentRegion->size == 0) {
1646 continue;
1647 }
1648
1649 currentRegion->dict = OSDictionary::withCapacity(1);
1650
1651 DEBUG_INFO("region = %s\n", currentRegion->name);
1652 cnt = 0;
1653 while (cnt < currentRegion->size) {
1654 // Break if there is no name.
1655 if (currentRegion->image[cnt] == '\0') {
1656 break;
1657 }
1658
1659 // Find the length of the name.
1660 propName = currentRegion->image + cnt;
1661 for (propNameLength = 0; (cnt + propNameLength) < currentRegion->size;
1662 propNameLength++) {
1663 if (currentRegion->image[cnt + propNameLength] == '=') {
1664 break;
1665 }
1666 }
1667
1668 // Break if the name goes past the end of the partition.
1669 if ((cnt + propNameLength) >= currentRegion->size) {
1670 break;
1671 }
1672 cnt += propNameLength + 1;
1673
1674 propData = currentRegion->image + cnt;
1675 for (propDataLength = 0; (cnt + propDataLength) < currentRegion->size;
1676 propDataLength++) {
1677 if (currentRegion->image[cnt + propDataLength] == '\0') {
1678 break;
1679 }
1680 }
1681
1682 // Break if the data goes past the end of the partition.
1683 if ((cnt + propDataLength) >= currentRegion->size) {
1684 break;
1685 }
1686 cnt += propDataLength + 1;
1687
1688 if (convertPropToObject(propName, propNameLength,
1689 propData, propDataLength,
1690 propSymbol, propObject)) {
1691 DEBUG_INFO("adding %s, dataLength=%u\n", propSymbol.get()->getCStringNoCopy(), (unsigned int)propDataLength);
1692 currentRegion->dict.get()->setObject(propSymbol.get(), propObject.get());
1693 }
1694 }
1695 }
1696
1697 // Create the boot-args property if it is not in the dictionary.
1698 if (_commonDict->getObject(kIONVRAMBootArgsKey) == nullptr) {
1699 propObject = OSString::withCStringNoCopy("");
1700 if (propObject != nullptr) {
1701 _commonDict->setObject(kIONVRAMBootArgsKey, propObject.get());
1702 }
1703 }
1704
1705 DEBUG_INFO("%s _commonDict=%p _systemDict=%p\n", __FUNCTION__, _commonDict.get(), _systemDict.get());
1706
1707 return kIOReturnSuccess;
1708 }
1709
1710 IOReturn
1711 IODTNVRAM::syncOFVariables(void)
1712 {
1713 return kIOReturnUnsupported;
1714 }
1715
1716 IOReturn
1717 IODTNVRAM::serializeVariables(void)
1718 {
1719 IOReturn ret;
1720 bool ok;
1721 UInt32 length, maxLength, regionIndex;
1722 UInt8 *buffer, *tmpBuffer;
1723 const OSSymbol *tmpSymbol;
1724 OSObject *tmpObject;
1725 OSSharedPtr<OSCollectionIterator> iter;
1726 OSSharedPtr<OSNumber> sizeUsed;
1727 UInt32 systemUsed = 0;
1728 UInt32 commonUsed = 0;
1729 OSSharedPtr<OSData> nvramImage;
1730 NVRAMRegionInfo *currentRegion;
1731 NVRAMRegionInfo variableRegions[] = { { NVRAM_CHRP_PARTITION_NAME_COMMON, _commonPartitionOffset, _commonPartitionSize, _commonDict, _commonImage},
1732 { NVRAM_CHRP_PARTITION_NAME_SYSTEM, _systemPartitionOffset, _systemPartitionSize, _systemDict, _systemImage} };
1733
1734 if (_systemPanicked) {
1735 return kIOReturnNotReady;
1736 }
1737
1738 if (_nvramController == nullptr) {
1739 DEBUG_ERROR("No _nvramController\n");
1740 return kIOReturnNotReady;
1741 }
1742
1743 DEBUG_INFO("...\n");
1744
1745 NVRAMLOCK();
1746
1747 for (regionIndex = 0; regionIndex < ARRAY_SIZE(variableRegions); regionIndex++) {
1748 currentRegion = &variableRegions[regionIndex];
1749
1750 if (currentRegion->size == 0) {
1751 continue;
1752 }
1753
1754 DEBUG_INFO("region = %s\n", currentRegion->name);
1755 buffer = tmpBuffer = IONew(UInt8, currentRegion->size);
1756 if (buffer == nullptr) {
1757 return kIOReturnNoMemory;
1758 }
1759 bzero(buffer, currentRegion->size);
1760
1761 ok = true;
1762 maxLength = currentRegion->size;
1763
1764 iter = OSCollectionIterator::withCollection(currentRegion->dict.get());
1765 if (iter == nullptr) {
1766 ok = false;
1767 }
1768
1769 while (ok) {
1770 tmpSymbol = OSDynamicCast(OSSymbol, iter->getNextObject());
1771 if (tmpSymbol == nullptr) {
1772 break;
1773 }
1774
1775 DEBUG_INFO("adding variable %s\n", tmpSymbol->getCStringNoCopy());
1776
1777 tmpObject = currentRegion->dict->getObject(tmpSymbol);
1778
1779 length = maxLength;
1780 ok = convertObjectToProp(tmpBuffer, &length, tmpSymbol, tmpObject);
1781 if (ok) {
1782 tmpBuffer += length;
1783 maxLength -= length;
1784 }
1785 }
1786
1787 if (ok) {
1788 bcopy(buffer, currentRegion->image, currentRegion->size);
1789 }
1790
1791 IODelete(buffer, UInt8, currentRegion->size);
1792
1793 if ((strncmp(currentRegion->name, NVRAM_CHRP_PARTITION_NAME_SYSTEM, strlen(NVRAM_CHRP_PARTITION_NAME_SYSTEM)) == 0) &&
1794 (_systemService != nullptr)) {
1795 _systemService->setProperties(_systemDict.get());
1796 systemUsed = maxLength;
1797 } else if ((strncmp(currentRegion->name, NVRAM_CHRP_PARTITION_NAME_COMMON, strlen(NVRAM_CHRP_PARTITION_NAME_COMMON)) == 0) &&
1798 (_commonService != nullptr)) {
1799 _commonService->setProperties(_commonDict.get());
1800 commonUsed = maxLength;
1801 }
1802
1803 if (!ok) {
1804 return kIOReturnBadArgument;
1805 }
1806 }
1807
1808 nvramImage = OSData::withBytes(_nvramImage, _nvramSize);
1809
1810 NVRAMUNLOCK();
1811
1812 DEBUG_INFO("ok=%d\n", ok);
1813
1814 CONTROLLERLOCK();
1815
1816 if (_systemService) {
1817 sizeUsed = OSNumber::withNumber(systemUsed, 32);
1818 _nvramController->setProperty("SystemUsed", sizeUsed.get());
1819 sizeUsed.reset();
1820 }
1821
1822 if (_commonService) {
1823 sizeUsed = OSNumber::withNumber(commonUsed, 32);
1824 _nvramController->setProperty("CommonUsed", sizeUsed.get());
1825 sizeUsed.reset();
1826 }
1827
1828 ret = _nvramController->write(0, (uint8_t *)nvramImage->getBytesNoCopy(), nvramImage->getLength());
1829
1830 CONTROLLERUNLOCK();
1831
1832 return ret;
1833 }
1834
1835 UInt32
1836 IODTNVRAM::getOFVariableType(const char *propName) const
1837 {
1838 return 0;
1839 }
1840
1841 UInt32
1842 IODTNVRAM::getOFVariableType(const OSSymbol *propSymbol) const
1843 {
1844 return 0;
1845 }
1846
1847
1848 UInt32
1849 IODTNVRAM::getOFVariablePerm(const char *propName) const
1850 {
1851 return 0;
1852 }
1853
1854 UInt32
1855 IODTNVRAM::getOFVariablePerm(const OSSymbol *propSymbol) const
1856 {
1857 return 0;
1858 }
1859
1860 bool
1861 IODTNVRAM::getOWVariableInfo(UInt32 variableNumber, const OSSymbol **propSymbol,
1862 UInt32 *propType, UInt32 *propOffset)
1863 {
1864 /* UNSUPPORTED */
1865 return false;
1866 }
1867 bool
1868 IODTNVRAM::convertPropToObject(UInt8 *propName, UInt32 propNameLength,
1869 UInt8 *propData, UInt32 propDataLength,
1870 const OSSymbol **propSymbol,
1871 OSObject **propObject)
1872 {
1873 OSSharedPtr<const OSSymbol> tmpSymbol;
1874 OSSharedPtr<OSNumber> tmpNumber;
1875 OSSharedPtr<OSString> tmpString;
1876 OSSharedPtr<OSObject> tmpObject = nullptr;
1877
1878 propName[propNameLength] = '\0';
1879 tmpSymbol = OSSymbol::withCString((const char *)propName);
1880 propName[propNameLength] = '=';
1881 if (tmpSymbol == nullptr) {
1882 return false;
1883 }
1884
1885 switch (getVariableType(tmpSymbol.get())) {
1886 case kOFVariableTypeBoolean:
1887 if (!strncmp("true", (const char *)propData, propDataLength)) {
1888 tmpObject.reset(kOSBooleanTrue, OSRetain);
1889 } else if (!strncmp("false", (const char *)propData, propDataLength)) {
1890 tmpObject.reset(kOSBooleanFalse, OSRetain);
1891 }
1892 break;
1893
1894 case kOFVariableTypeNumber:
1895 tmpNumber = OSNumber::withNumber(strtol((const char *)propData, nullptr, 0), 32);
1896 if (tmpNumber != nullptr) {
1897 tmpObject = tmpNumber;
1898 }
1899 break;
1900
1901 case kOFVariableTypeString:
1902 tmpString = OSString::withCString((const char *)propData);
1903 if (tmpString != nullptr) {
1904 tmpObject = tmpString;
1905 }
1906 break;
1907
1908 case kOFVariableTypeData:
1909 tmpObject = unescapeBytesToData(propData, propDataLength);
1910 break;
1911
1912 default:
1913 break;
1914 }
1915
1916 if (tmpObject == nullptr) {
1917 tmpSymbol.reset();
1918 return false;
1919 }
1920
1921 *propSymbol = tmpSymbol.detach();
1922 *propObject = tmpObject.detach();
1923
1924 return true;
1925 }
1926
1927 bool
1928 IODTNVRAM::convertPropToObject(UInt8 *propName, UInt32 propNameLength,
1929 UInt8 *propData, UInt32 propDataLength,
1930 OSSharedPtr<const OSSymbol>& propSymbol,
1931 OSSharedPtr<OSObject>& propObject)
1932 {
1933 const OSSymbol* propSymbolRaw = nullptr;
1934 OSObject* propObjectRaw = nullptr;
1935 bool result = convertPropToObject(propName, propNameLength, propData, propDataLength,
1936 &propSymbolRaw, &propObjectRaw);
1937 propSymbol.reset(propSymbolRaw, OSNoRetain);
1938 propObject.reset(propObjectRaw, OSNoRetain);
1939 return result;
1940 }
1941
1942 bool
1943 IODTNVRAM::convertObjectToProp(UInt8 *buffer, UInt32 *length,
1944 const OSSymbol *propSymbol, OSObject *propObject)
1945 {
1946 const UInt8 *propName;
1947 UInt32 propNameLength, propDataLength, remaining;
1948 IONVRAMVariableType propType;
1949 OSBoolean *tmpBoolean = nullptr;
1950 OSNumber *tmpNumber = nullptr;
1951 OSString *tmpString = nullptr;
1952 OSSharedPtr<OSData> tmpData;
1953
1954 propName = (const UInt8 *)propSymbol->getCStringNoCopy();
1955 propNameLength = propSymbol->getLength();
1956 propType = getVariableType(propSymbol);
1957
1958 // Get the size of the data.
1959 propDataLength = 0xFFFFFFFF;
1960 switch (propType) {
1961 case kOFVariableTypeBoolean:
1962 tmpBoolean = OSDynamicCast(OSBoolean, propObject);
1963 if (tmpBoolean != nullptr) {
1964 propDataLength = 5;
1965 }
1966 break;
1967
1968 case kOFVariableTypeNumber:
1969 tmpNumber = OSDynamicCast(OSNumber, propObject);
1970 if (tmpNumber != nullptr) {
1971 propDataLength = 10;
1972 }
1973 break;
1974
1975 case kOFVariableTypeString:
1976 tmpString = OSDynamicCast(OSString, propObject);
1977 if (tmpString != nullptr) {
1978 propDataLength = tmpString->getLength();
1979 }
1980 break;
1981
1982 case kOFVariableTypeData:
1983 tmpData.reset(OSDynamicCast(OSData, propObject), OSNoRetain);
1984 if (tmpData != nullptr) {
1985 tmpData = escapeDataToData(tmpData.detach());
1986 propDataLength = tmpData->getLength();
1987 }
1988 break;
1989
1990 default:
1991 break;
1992 }
1993
1994 // Make sure the propertySize is known and will fit.
1995 if (propDataLength == 0xFFFFFFFF) {
1996 return false;
1997 }
1998 if ((propNameLength + propDataLength + 2) > *length) {
1999 return false;
2000 }
2001
2002 // Copy the property name equal sign.
2003 buffer += snprintf((char *)buffer, *length, "%s=", propName);
2004 remaining = *length - propNameLength - 1;
2005
2006 switch (propType) {
2007 case kOFVariableTypeBoolean:
2008 if (tmpBoolean->getValue()) {
2009 strlcpy((char *)buffer, "true", remaining);
2010 } else {
2011 strlcpy((char *)buffer, "false", remaining);
2012 }
2013 break;
2014
2015 case kOFVariableTypeNumber:
2016 {
2017 uint32_t tmpValue = tmpNumber->unsigned32BitValue();
2018 if (tmpValue == 0xFFFFFFFF) {
2019 strlcpy((char *)buffer, "-1", remaining);
2020 } else if (tmpValue < 1000) {
2021 snprintf((char *)buffer, remaining, "%d", (uint32_t)tmpValue);
2022 } else {
2023 snprintf((char *)buffer, remaining, "0x%x", (uint32_t)tmpValue);
2024 }
2025 }
2026 break;
2027
2028 case kOFVariableTypeString:
2029 strlcpy((char *)buffer, tmpString->getCStringNoCopy(), remaining);
2030 break;
2031
2032 case kOFVariableTypeData:
2033 bcopy(tmpData->getBytesNoCopy(), buffer, propDataLength);
2034 tmpData.reset();
2035 break;
2036
2037 default:
2038 break;
2039 }
2040
2041 propDataLength = ((UInt32) strlen((const char *)buffer));
2042
2043 *length = propNameLength + propDataLength + 2;
2044
2045 return true;
2046 }
2047
2048
2049 UInt16
2050 IODTNVRAM::generateOWChecksum(UInt8 *buffer)
2051 {
2052 UInt32 cnt, checksum = 0;
2053 UInt16 *tmpBuffer = (UInt16 *)buffer;
2054
2055 for (cnt = 0; cnt < _commonPartitionSize / 2; cnt++) {
2056 checksum += tmpBuffer[cnt];
2057 }
2058
2059 return checksum % 0x0000FFFF;
2060 }
2061
2062 bool
2063 IODTNVRAM::validateOWChecksum(UInt8 *buffer)
2064 {
2065 UInt32 cnt, checksum, sum = 0;
2066 UInt16 *tmpBuffer = (UInt16 *)buffer;
2067
2068 for (cnt = 0; cnt < _commonPartitionSize / 2; cnt++) {
2069 sum += tmpBuffer[cnt];
2070 }
2071
2072 checksum = (sum >> 16) + (sum & 0x0000FFFF);
2073 if (checksum == 0x10000) {
2074 checksum--;
2075 }
2076 checksum = (checksum ^ 0x0000FFFF) & 0x0000FFFF;
2077
2078 return checksum == 0;
2079 }
2080
2081 void
2082 IODTNVRAM::updateOWBootArgs(const OSSymbol *key, OSObject *value)
2083 {
2084 /* UNSUPPORTED */
2085 }
2086
2087 bool
2088 IODTNVRAM::searchNVRAMProperty(IONVRAMDescriptor *hdr, UInt32 *where)
2089 {
2090 return false;
2091 }
2092
2093 IOReturn
2094 IODTNVRAM::readNVRAMPropertyType0(IORegistryEntry *entry,
2095 const OSSymbol **name,
2096 OSData **value)
2097 {
2098 return kIOReturnUnsupported;
2099 }
2100
2101
2102 IOReturn
2103 IODTNVRAM::writeNVRAMPropertyType0(IORegistryEntry *entry,
2104 const OSSymbol *name,
2105 OSData *value)
2106 {
2107 return kIOReturnUnsupported;
2108 }
2109
2110
2111 OSSharedPtr<OSData>
2112 IODTNVRAM::unescapeBytesToData(const UInt8 *bytes, UInt32 length)
2113 {
2114 OSSharedPtr<OSData> data;
2115 UInt32 totalLength = 0;
2116 UInt32 cnt, cnt2;
2117 UInt8 byte;
2118 bool ok;
2119
2120 // Calculate the actual length of the data.
2121 ok = true;
2122 totalLength = 0;
2123 for (cnt = 0; cnt < length;) {
2124 byte = bytes[cnt++];
2125 if (byte == 0xFF) {
2126 byte = bytes[cnt++];
2127 if (byte == 0x00) {
2128 ok = false;
2129 break;
2130 }
2131 cnt2 = byte & 0x7F;
2132 } else {
2133 cnt2 = 1;
2134 }
2135 totalLength += cnt2;
2136 }
2137
2138 if (ok) {
2139 // Create an empty OSData of the correct size.
2140 data = OSData::withCapacity(totalLength);
2141 if (data != nullptr) {
2142 for (cnt = 0; cnt < length;) {
2143 byte = bytes[cnt++];
2144 if (byte == 0xFF) {
2145 byte = bytes[cnt++];
2146 cnt2 = byte & 0x7F;
2147 byte = (byte & 0x80) ? 0xFF : 0x00;
2148 } else {
2149 cnt2 = 1;
2150 }
2151 data->appendByte(byte, cnt2);
2152 }
2153 }
2154 }
2155
2156 return data;
2157 }
2158
2159 OSSharedPtr<OSData>
2160 IODTNVRAM::escapeDataToData(OSData * value)
2161 {
2162 OSSharedPtr<OSData> result;
2163 const UInt8 *startPtr;
2164 const UInt8 *endPtr;
2165 const UInt8 *wherePtr;
2166 UInt8 byte;
2167 bool ok = true;
2168
2169 wherePtr = (const UInt8 *) value->getBytesNoCopy();
2170 endPtr = wherePtr + value->getLength();
2171
2172 result = OSData::withCapacity((unsigned int) (endPtr - wherePtr));
2173 if (!result) {
2174 return result;
2175 }
2176
2177 while (wherePtr < endPtr) {
2178 startPtr = wherePtr;
2179 byte = *wherePtr++;
2180 if ((byte == 0x00) || (byte == 0xFF)) {
2181 for (;
2182 ((wherePtr - startPtr) < 0x80) && (wherePtr < endPtr) && (byte == *wherePtr);
2183 wherePtr++) {
2184 }
2185 ok &= result->appendByte(0xff, 1);
2186 byte = (byte & 0x80) | ((UInt8)(wherePtr - startPtr));
2187 }
2188 ok &= result->appendByte(byte, 1);
2189 }
2190 ok &= result->appendByte(0, 1);
2191
2192 if (!ok) {
2193 result.reset();
2194 }
2195
2196 return result;
2197 }
2198
2199 static bool
2200 IsApplePropertyName(const char * propName)
2201 {
2202 char c;
2203 while ((c = *propName++)) {
2204 if ((c >= 'A') && (c <= 'Z')) {
2205 break;
2206 }
2207 }
2208
2209 return c == 0;
2210 }
2211
2212 IOReturn
2213 IODTNVRAM::readNVRAMPropertyType1(IORegistryEntry *entry,
2214 const OSSymbol **name,
2215 OSData **value)
2216 {
2217 IOReturn err = kIOReturnNoResources;
2218 OSData *data;
2219 const UInt8 *startPtr;
2220 const UInt8 *endPtr;
2221 const UInt8 *wherePtr;
2222 const UInt8 *nvPath = nullptr;
2223 const char *nvName = nullptr;
2224 const char *resultName = nullptr;
2225 const UInt8 *resultValue = nullptr;
2226 UInt32 resultValueLen = 0;
2227 UInt8 byte;
2228
2229 NVRAMLOCK();
2230 data = OSDynamicCast(OSData, _commonDict->getObject(_registryPropertiesKey.get()));
2231 NVRAMUNLOCK();
2232
2233 if (data == nullptr) {
2234 return err;
2235 }
2236
2237 startPtr = (const UInt8 *) data->getBytesNoCopy();
2238 endPtr = startPtr + data->getLength();
2239
2240 wherePtr = startPtr;
2241 while (wherePtr < endPtr) {
2242 byte = *(wherePtr++);
2243 if (byte) {
2244 continue;
2245 }
2246
2247 if (nvPath == nullptr) {
2248 nvPath = startPtr;
2249 } else if (nvName == nullptr) {
2250 nvName = (const char *) startPtr;
2251 } else {
2252 OSSharedPtr<IORegistryEntry> compareEntry = IORegistryEntry::fromPath((const char *) nvPath, gIODTPlane);
2253 if (entry == compareEntry) {
2254 bool appleProp = IsApplePropertyName(nvName);
2255 if (!appleProp || !resultName) {
2256 resultName = nvName;
2257 resultValue = startPtr;
2258 resultValueLen = (UInt32) (wherePtr - startPtr - 1); // OSData getLength() is 32b
2259 }
2260 if (!appleProp) {
2261 break;
2262 }
2263 }
2264 nvPath = nullptr;
2265 nvName = nullptr;
2266 }
2267 startPtr = wherePtr;
2268 }
2269 if (resultName) {
2270 *name = OSSymbol::withCString(resultName).detach();
2271 *value = unescapeBytesToData(resultValue, resultValueLen).detach();
2272 if ((*name != nullptr) && (*value != nullptr)) {
2273 err = kIOReturnSuccess;
2274 } else {
2275 err = kIOReturnNoMemory;
2276 }
2277 }
2278 return err;
2279 }
2280
2281 IOReturn
2282 IODTNVRAM::writeNVRAMPropertyType1(IORegistryEntry *entry,
2283 const OSSymbol *propName,
2284 OSData *value)
2285 {
2286 OSSharedPtr<OSData> data, oldData;
2287 const UInt8 *startPtr;
2288 const UInt8 *propStart;
2289 const UInt8 *endPtr;
2290 const UInt8 *wherePtr;
2291 const UInt8 *nvPath = nullptr;
2292 const char *nvName = nullptr;
2293 const char *comp;
2294 const char *name;
2295 UInt8 byte;
2296 bool ok = true;
2297 bool settingAppleProp;
2298
2299 settingAppleProp = IsApplePropertyName(propName->getCStringNoCopy());
2300
2301 // copy over existing properties for other entries
2302
2303 NVRAMLOCK();
2304
2305 oldData.reset(OSDynamicCast(OSData, _commonDict->getObject(_registryPropertiesKey.get())), OSRetain);
2306 if (oldData) {
2307 startPtr = (const UInt8 *) oldData->getBytesNoCopy();
2308 endPtr = startPtr + oldData->getLength();
2309
2310 propStart = startPtr;
2311 wherePtr = startPtr;
2312 while (wherePtr < endPtr) {
2313 byte = *(wherePtr++);
2314 if (byte) {
2315 continue;
2316 }
2317 if (nvPath == nullptr) {
2318 nvPath = startPtr;
2319 } else if (nvName == nullptr) {
2320 nvName = (const char *) startPtr;
2321 } else {
2322 OSSharedPtr<IORegistryEntry> compareEntry = IORegistryEntry::fromPath((const char *) nvPath, gIODTPlane);
2323
2324 if (entry == compareEntry) {
2325 if ((settingAppleProp && propName->isEqualTo(nvName))
2326 || (!settingAppleProp && !IsApplePropertyName(nvName))) {
2327 // delete old property (nvPath -> wherePtr) source OSData len is 32b
2328 data = OSData::withBytes(propStart, (UInt32)(nvPath - propStart));
2329 if (data) {
2330 ok &= data->appendBytes(wherePtr, (UInt32)(endPtr - wherePtr));
2331 }
2332 break;
2333 }
2334 }
2335 nvPath = nullptr;
2336 nvName = nullptr;
2337 }
2338
2339 startPtr = wherePtr;
2340 }
2341 }
2342
2343 // make the new property
2344
2345 if (!data) {
2346 if (oldData) {
2347 data = OSData::withData(oldData.get());
2348 } else {
2349 data = OSData::withCapacity(16);
2350 }
2351 if (!data) {
2352 ok = false;
2353 }
2354 }
2355
2356 if (ok && value && value->getLength()) {
2357 do {
2358 // get entries in path
2359 OSSharedPtr<OSArray> array = OSArray::withCapacity(5);
2360 if (!array) {
2361 ok = false;
2362 break;
2363 }
2364 do{
2365 array->setObject(entry);
2366 } while ((entry = entry->getParentEntry(gIODTPlane)));
2367
2368 // append path
2369 for (int i = array->getCount() - 3;
2370 (entry = (IORegistryEntry *) array->getObject(i));
2371 i--) {
2372 name = entry->getName(gIODTPlane);
2373 comp = entry->getLocation(gIODTPlane);
2374 if (comp) {
2375 ok &= data->appendBytes("/@", 2);
2376 } else {
2377 if (!name) {
2378 continue;
2379 }
2380 ok &= data->appendByte('/', 1);
2381 comp = name;
2382 }
2383 ok &= data->appendBytes(comp, (unsigned int) strnlen(comp, UINT16_MAX));
2384 }
2385 ok &= data->appendByte(0, 1);
2386 // append prop name
2387 ok &= data->appendBytes(propName->getCStringNoCopy(), propName->getLength() + 1);
2388
2389 // append escaped data
2390 OSSharedPtr<OSData> escapedData = escapeDataToData(value);
2391 ok &= (escapedData != nullptr);
2392 if (ok) {
2393 ok &= data->appendBytes(escapedData.get());
2394 }
2395 } while (false);
2396 }
2397
2398 if (ok) {
2399 ok = _commonDict->setObject(_registryPropertiesKey.get(), data.get());
2400 }
2401
2402 NVRAMUNLOCK();
2403
2404 if (ok) {
2405 if (serializeVariables() != kIOReturnSuccess) {
2406 NVRAMLOCK();
2407 if (oldData) {
2408 _commonDict->setObject(_registryPropertiesKey.get(), oldData.get());
2409 } else {
2410 _commonDict->removeObject(_registryPropertiesKey.get());
2411 }
2412 NVRAMUNLOCK();
2413
2414 (void) serializeVariables();
2415 ok = false;
2416 }
2417 }
2418
2419 oldData.reset();
2420
2421 return ok ? kIOReturnSuccess : kIOReturnNoMemory;
2422 }
2423
2424 bool
2425 IODTNVRAM::safeToSync(void)
2426 {
2427 AbsoluteTime delta;
2428 UInt64 delta_ns;
2429 SInt32 delta_secs;
2430
2431 // delta interval went by
2432 clock_get_uptime(&delta);
2433
2434 // Figure it in seconds.
2435 absolutetime_to_nanoseconds(delta, &delta_ns);
2436 delta_secs = (SInt32)(delta_ns / NSEC_PER_SEC);
2437
2438 if ((delta_secs > (_lastDeviceSync + MIN_SYNC_NOW_INTERVAL)) || _freshInterval) {
2439 _lastDeviceSync = delta_secs;
2440 _freshInterval = FALSE;
2441 return TRUE;
2442 }
2443
2444 return FALSE;
2445 }
mirror of XNU