]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/bsd_init.c
projects / apple / xnu.git / blob
? search:


d9b90aff2a4991dd1dcecc0310cadf3b853f8ac3
[apple/xnu.git] / bsd / kern / bsd_init.c
1 /*
2 * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 *
28 *
29 * Copyright (c) 1982, 1986, 1989, 1991, 1992, 1993
30 * The Regents of the University of California. All rights reserved.
31 * (c) UNIX System Laboratories, Inc.
32 * All or some portions of this file are derived from material licensed
33 * to the University of California by American Telephone and Telegraph
34 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
35 * the permission of UNIX System Laboratories, Inc.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)init_main.c 8.16 (Berkeley) 5/14/95
66 */
67
68 /*
69 *
70 * Mach Operating System
71 * Copyright (c) 1987 Carnegie-Mellon University
72 * All rights reserved. The CMU software License Agreement specifies
73 * the terms and conditions for use and redistribution.
74 */
75 /*
76 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
77 * support for mandatory and extensible security protections. This notice
78 * is included in support of clause 2.2 (b) of the Apple Public License,
79 * Version 2.0.
80 */
81
82 #include <sys/param.h>
83 #include <sys/filedesc.h>
84 #include <sys/kernel.h>
85 #include <sys/mount_internal.h>
86 #include <sys/proc_internal.h>
87 #include <sys/kauth.h>
88 #include <sys/systm.h>
89 #include <sys/vnode_internal.h>
90 #include <sys/conf.h>
91 #include <sys/buf_internal.h>
92 #include <sys/clist.h>
93 #include <sys/user.h>
94 #include <sys/time.h>
95 #include <sys/systm.h>
96 #include <sys/mman.h>
97
98 #include <security/audit/audit.h>
99
100 #include <sys/malloc.h>
101 #include <sys/dkstat.h>
102 #include <sys/codesign.h>
103
104 #include <kern/startup.h>
105 #include <kern/thread.h>
106 #include <kern/task.h>
107 #include <kern/ast.h>
108 #include <kern/kalloc.h>
109 #include <mach/mach_host.h>
110
111 #include <mach/vm_param.h>
112
113 #include <vm/vm_map.h>
114 #include <vm/vm_kern.h>
115
116 #include <sys/ux_exception.h> /* for ux_exception_port */
117
118 #include <sys/reboot.h>
119 #include <mach/exception_types.h>
120 #include <dev/busvar.h> /* for pseudo_inits */
121 #include <sys/kdebug.h>
122
123 #include <mach/mach_types.h>
124 #include <mach/vm_prot.h>
125 #include <mach/semaphore.h>
126 #include <mach/sync_policy.h>
127 #include <kern/clock.h>
128 #include <mach/kern_return.h>
129 #include <mach/thread_act.h> /* for thread_resume() */
130 #include <mach/task.h> /* for task_set_exception_ports() */
131 #include <sys/ux_exception.h> /* for ux_handler() */
132 #include <sys/ubc_internal.h> /* for ubc_init() */
133 #include <sys/mcache.h> /* for mcache_init() */
134 #include <sys/mbuf.h> /* for mbinit() */
135 #include <sys/event.h> /* for knote_init() */
136 #include <sys/kern_memorystatus.h> /* for memorystatus_init() */
137 #include <sys/aio_kern.h> /* for aio_init() */
138 #include <sys/semaphore.h> /* for psem_cache_init() */
139 #include <net/dlil.h> /* for dlil_init() */
140 #include <net/kpi_protocol.h> /* for proto_kpi_init() */
141 #include <net/iptap.h> /* for iptap_init() */
142 #include <sys/pipe.h> /* for pipeinit() */
143 #include <sys/socketvar.h> /* for socketinit() */
144 #include <sys/protosw.h> /* for domaininit() */
145 #include <kern/sched_prim.h> /* for thread_wakeup() */
146 #include <net/if_ether.h> /* for ether_family_init() */
147 #include <net/if_gif.h> /* for gif_init() */
148 #include <vm/vm_protos.h> /* for vnode_pager_bootstrap() */
149 #include <miscfs/devfs/devfsdefs.h> /* for devfs_kernel_mount() */
150 #include <mach/host_priv.h> /* for host_set_exception_ports() */
151 #include <kern/host.h> /* for host_priv_self() */
152 #include <vm/vm_kern.h> /* for kmem_suballoc() */
153 #include <sys/semaphore.h> /* for psem_lock_init() */
154 #include <sys/msgbuf.h> /* for log_setsize() */
155 #include <sys/tty.h> /* for tty_init() */
156 #include <sys/proc_uuid_policy.h> /* proc_uuid_policy_init() */
157 #include <netinet/flow_divert.h> /* flow_divert_init() */
158 #include <net/content_filter.h> /* for cfil_init() */
159 #include <net/necp.h> /* for necp_init() */
160 #include <net/network_agent.h> /* for netagent_init() */
161 #include <net/packet_mangler.h> /* for pkt_mnglr_init() */
162 #include <net/if_utun.h> /* for utun_register_control() */
163 #include <net/if_ipsec.h> /* for ipsec_register_control() */
164 #include <net/net_str_id.h> /* for net_str_id_init() */
165 #include <net/netsrc.h> /* for netsrc_init() */
166 #include <net/ntstat.h> /* for nstat_init() */
167 #include <netinet/tcp_cc.h> /* for tcp_cc_init() */
168 #include <netinet/mptcp_var.h> /* for mptcp_control_register() */
169 #include <kern/assert.h> /* for assert() */
170 #include <sys/kern_overrides.h> /* for init_system_override() */
171
172 #include <net/init.h>
173
174 #if CONFIG_MACF
175 #include <security/mac_framework.h>
176 #include <security/mac_internal.h> /* mac_init_bsd() */
177 #include <security/mac_mach_internal.h> /* mac_update_task_label() */
178 #endif
179
180 #include <machine/exec.h>
181
182 #if NFSCLIENT
183 #include <sys/netboot.h>
184 #endif
185
186 #if CONFIG_IMAGEBOOT
187 #include <sys/imageboot.h>
188 #endif
189
190 #if PFLOG
191 #include <net/if_pflog.h>
192 #endif
193
194 #include <pexpert/pexpert.h>
195 #include <machine/pal_routines.h>
196 #include <console/video_console.h>
197
198
199 void * get_user_regs(thread_t); /* XXX kludge for <machine/thread.h> */
200 void IOKitInitializeTime(void); /* XXX */
201 void IOSleep(unsigned int); /* XXX */
202 void loopattach(void); /* XXX */
203
204 const char copyright[] =
205 "Copyright (c) 1982, 1986, 1989, 1991, 1993\n\t"
206 "The Regents of the University of California. "
207 "All rights reserved.\n\n";
208
209 /* Components of the first process -- never freed. */
210 struct proc proc0;
211 struct session session0;
212 struct pgrp pgrp0;
213 struct filedesc filedesc0;
214 struct plimit limit0;
215 struct pstats pstats0;
216 struct sigacts sigacts0;
217 proc_t kernproc;
218 proc_t initproc;
219
220 long tk_cancc;
221 long tk_nin;
222 long tk_nout;
223 long tk_rawcc;
224
225 int lock_trace = 0;
226 /* Global variables to make pstat happy. We do swapping differently */
227 int nswdev, nswap;
228 int nswapmap;
229 void *swapmap;
230 struct swdevt swdevt[1];
231
232 dev_t rootdev; /* device of the root */
233 dev_t dumpdev; /* device to take dumps on */
234 long dumplo; /* offset into dumpdev */
235 long hostid;
236 char hostname[MAXHOSTNAMELEN];
237 int hostnamelen;
238 char domainname[MAXDOMNAMELEN];
239 int domainnamelen;
240
241 char rootdevice[16]; /* hfs device names have at least 9 chars */
242
243 #if KMEMSTATS
244 struct kmemstats kmemstats[M_LAST];
245 #endif
246
247 struct vnode *rootvp;
248 int boothowto = RB_DEBUG;
249 int minimalboot = 0;
250
251 #if PROC_REF_DEBUG
252 __private_extern__ int proc_ref_tracking_disabled = 0; /* disable panics on leaked proc refs across syscall boundary */
253 #endif
254
255 extern kern_return_t IOFindBSDRoot(char *, unsigned int, dev_t *, u_int32_t *);
256 extern void IOSecureBSDRoot(const char * rootName);
257 extern kern_return_t IOKitBSDInit(void );
258 extern void kminit(void);
259 extern void file_lock_init(void);
260 extern void kmeminit(void);
261 extern void bsd_bufferinit(void);
262 extern void throttle_init(void);
263 extern void macx_init(void);
264 extern void acct_init(void);
265
266 extern int serverperfmode;
267 extern int ncl;
268
269 vm_map_t bsd_pageable_map;
270 vm_map_t mb_map;
271
272 static int bsd_simul_execs;
273 static int bsd_pageable_map_size;
274 __private_extern__ int execargs_cache_size = 0;
275 __private_extern__ int execargs_free_count = 0;
276 __private_extern__ vm_offset_t * execargs_cache = NULL;
277
278 void bsd_exec_setup(int);
279
280 __private_extern__ int bootarg_vnode_cache_defeat = 0;
281
282 #if CONFIG_JETSAM && (DEVELOPMENT || DEBUG)
283 __private_extern__ int bootarg_no_vnode_jetsam = 0;
284 #endif /* CONFIG_JETSAM && (DEVELOPMENT || DEBUG) */
285
286 /*
287 * Prevent kernel-based ASLR from being used, for testing.
288 */
289 #if DEVELOPMENT || DEBUG
290 __private_extern__ int bootarg_disable_aslr = 0;
291 #endif
292
293 int cmask = CMASK;
294 extern int customnbuf;
295
296 void bsd_init(void);
297 kern_return_t bsd_autoconf(void);
298 void bsd_utaskbootstrap(void);
299
300 static void parse_bsd_args(void);
301 extern task_t bsd_init_task;
302 extern boolean_t init_task_died;
303 #if CONFIG_DEV_KMEM
304 extern void dev_kmem_init(void);
305 #endif
306 extern void time_zone_slock_init(void);
307 extern void select_waitq_init(void);
308 static void process_name(const char *, proc_t);
309
310 static void setconf(void);
311
312 #if SYSV_SHM
313 extern void sysv_shm_lock_init(void);
314 #endif
315 #if SYSV_SEM
316 extern void sysv_sem_lock_init(void);
317 #endif
318 #if SYSV_MSG
319 extern void sysv_msg_lock_init(void);
320 #endif
321
322 #if CONFIG_MACF
323 #if defined (__i386__) || defined (__x86_64__)
324 /* MACF policy_check configuration flags; see policy_check.c for details */
325 int policy_check_flags = 0;
326
327 extern int check_policy_init(int);
328 #endif
329 #endif /* CONFIG_MACF */
330
331 /* If we are using CONFIG_DTRACE */
332 #if CONFIG_DTRACE
333 extern void dtrace_postinit(void);
334 #endif
335
336 /*
337 * Initialization code.
338 * Called from cold start routine as
339 * soon as a stack and segmentation
340 * have been established.
341 * Functions:
342 * turn on clock
343 * hand craft 0th process
344 * call all initialization routines
345 * hand craft 1st user process
346 */
347
348 /*
349 * Sets the name for the given task.
350 */
351 static void
352 process_name(const char *s, proc_t p)
353 {
354 strlcpy(p->p_comm, s, sizeof(p->p_comm));
355 strlcpy(p->p_name, s, sizeof(p->p_name));
356 }
357
358 /* To allow these values to be patched, they're globals here */
359 #include <machine/vmparam.h>
360 struct rlimit vm_initial_limit_stack = { DFLSSIZ, MAXSSIZ - PAGE_MAX_SIZE };
361 struct rlimit vm_initial_limit_data = { DFLDSIZ, MAXDSIZ };
362 struct rlimit vm_initial_limit_core = { DFLCSIZ, MAXCSIZ };
363
364 extern thread_t cloneproc(task_t, coalition_t, proc_t, int, int);
365 extern int (*mountroot)(void);
366
367 lck_grp_t * proc_lck_grp;
368 lck_grp_t * proc_slock_grp;
369 lck_grp_t * proc_fdmlock_grp;
370 lck_grp_t * proc_mlock_grp;
371 lck_grp_attr_t * proc_lck_grp_attr;
372 lck_attr_t * proc_lck_attr;
373 lck_mtx_t * proc_list_mlock;
374 lck_mtx_t * proc_klist_mlock;
375
376 extern lck_mtx_t * execargs_cache_lock;
377
378 /* hook called after root is mounted XXX temporary hack */
379 void (*mountroot_post_hook)(void);
380 void (*unmountroot_pre_hook)(void);
381
382 /*
383 * This function is called very early on in the Mach startup, from the
384 * function start_kernel_threads() in osfmk/kern/startup.c. It's called
385 * in the context of the current (startup) task using a call to the
386 * function kernel_thread_create() to jump into start_kernel_threads().
387 * Internally, kernel_thread_create() calls thread_create_internal(),
388 * which calls uthread_alloc(). The function of uthread_alloc() is
389 * normally to allocate a uthread structure, and fill out the uu_sigmask,
390 * uu_context fields. It skips filling these out in the case of the "task"
391 * being "kernel_task", because the order of operation is inverted. To
392 * account for that, we need to manually fill in at least the contents
393 * of the uu_context.vc_ucred field so that the uthread structure can be
394 * used like any other.
395 */
396
397 void
398 bsd_init(void)
399 {
400 struct uthread *ut;
401 unsigned int i;
402 struct vfs_context context;
403 kern_return_t ret;
404 struct ucred temp_cred;
405 struct posix_cred temp_pcred;
406 #if NFSCLIENT || CONFIG_IMAGEBOOT
407 boolean_t netboot = FALSE;
408 #endif
409
410 #define bsd_init_kprintf(x...) /* kprintf("bsd_init: " x) */
411
412 throttle_init();
413
414 printf(copyright);
415
416 bsd_init_kprintf("calling kmeminit\n");
417 kmeminit();
418
419 bsd_init_kprintf("calling parse_bsd_args\n");
420 parse_bsd_args();
421
422 #if CONFIG_DEV_KMEM
423 bsd_init_kprintf("calling dev_kmem_init\n");
424 dev_kmem_init();
425 #endif
426
427 /* Initialize kauth subsystem before instancing the first credential */
428 bsd_init_kprintf("calling kauth_init\n");
429 kauth_init();
430
431 /* Initialize process and pgrp structures. */
432 bsd_init_kprintf("calling procinit\n");
433 procinit();
434
435 /* Initialize the ttys (MUST be before kminit()/bsd_autoconf()!)*/
436 tty_init();
437
438 kernproc = &proc0; /* implicitly bzero'ed */
439
440 /* kernel_task->proc = kernproc; */
441 set_bsdtask_info(kernel_task,(void *)kernproc);
442
443 /* give kernproc a name */
444 bsd_init_kprintf("calling process_name\n");
445 process_name("kernel_task", kernproc);
446
447 /* allocate proc lock group attribute and group */
448 bsd_init_kprintf("calling lck_grp_attr_alloc_init\n");
449 proc_lck_grp_attr= lck_grp_attr_alloc_init();
450
451 proc_lck_grp = lck_grp_alloc_init("proc", proc_lck_grp_attr);
452 #if CONFIG_FINE_LOCK_GROUPS
453 proc_slock_grp = lck_grp_alloc_init("proc-slock", proc_lck_grp_attr);
454 proc_fdmlock_grp = lck_grp_alloc_init("proc-fdmlock", proc_lck_grp_attr);
455 proc_mlock_grp = lck_grp_alloc_init("proc-mlock", proc_lck_grp_attr);
456 #endif
457 /* Allocate proc lock attribute */
458 proc_lck_attr = lck_attr_alloc_init();
459 #if 0
460 #if __PROC_INTERNAL_DEBUG
461 lck_attr_setdebug(proc_lck_attr);
462 #endif
463 #endif
464
465 #if CONFIG_FINE_LOCK_GROUPS
466 proc_list_mlock = lck_mtx_alloc_init(proc_mlock_grp, proc_lck_attr);
467 proc_klist_mlock = lck_mtx_alloc_init(proc_mlock_grp, proc_lck_attr);
468 lck_mtx_init(&kernproc->p_mlock, proc_mlock_grp, proc_lck_attr);
469 lck_mtx_init(&kernproc->p_fdmlock, proc_fdmlock_grp, proc_lck_attr);
470 lck_spin_init(&kernproc->p_slock, proc_slock_grp, proc_lck_attr);
471 #else
472 proc_list_mlock = lck_mtx_alloc_init(proc_lck_grp, proc_lck_attr);
473 proc_klist_mlock = lck_mtx_alloc_init(proc_lck_grp, proc_lck_attr);
474 lck_mtx_init(&kernproc->p_mlock, proc_lck_grp, proc_lck_attr);
475 lck_mtx_init(&kernproc->p_fdmlock, proc_lck_grp, proc_lck_attr);
476 lck_spin_init(&kernproc->p_slock, proc_lck_grp, proc_lck_attr);
477 #endif
478
479 assert(bsd_simul_execs != 0);
480 execargs_cache_lock = lck_mtx_alloc_init(proc_lck_grp, proc_lck_attr);
481 execargs_cache_size = bsd_simul_execs;
482 execargs_free_count = bsd_simul_execs;
483 execargs_cache = (vm_offset_t *)kalloc(bsd_simul_execs * sizeof(vm_offset_t));
484 bzero(execargs_cache, bsd_simul_execs * sizeof(vm_offset_t));
485
486 if (current_task() != kernel_task)
487 printf("bsd_init: We have a problem, "
488 "current task is not kernel task\n");
489
490 bsd_init_kprintf("calling get_bsdthread_info\n");
491 ut = (uthread_t)get_bsdthread_info(current_thread());
492
493 #if CONFIG_MACF
494 /*
495 * Initialize the MAC Framework
496 */
497 mac_policy_initbsd();
498 kernproc->p_mac_enforce = 0;
499
500 #if defined (__i386__) || defined (__x86_64__)
501 /*
502 * We currently only support this on i386/x86_64, as that is the
503 * only lock code we have instrumented so far.
504 */
505 check_policy_init(policy_check_flags);
506 #endif
507 #endif /* MAC */
508
509 /* Initialize System Override call */
510 init_system_override();
511
512 /*
513 * Create process 0.
514 */
515 proc_list_lock();
516 LIST_INSERT_HEAD(&allproc, kernproc, p_list);
517 kernproc->p_pgrp = &pgrp0;
518 LIST_INSERT_HEAD(PGRPHASH(0), &pgrp0, pg_hash);
519 LIST_INIT(&pgrp0.pg_members);
520 #ifdef CONFIG_FINE_LOCK_GROUPS
521 lck_mtx_init(&pgrp0.pg_mlock, proc_mlock_grp, proc_lck_attr);
522 #else
523 lck_mtx_init(&pgrp0.pg_mlock, proc_lck_grp, proc_lck_attr);
524 #endif
525 /* There is no other bsd thread this point and is safe without pgrp lock */
526 LIST_INSERT_HEAD(&pgrp0.pg_members, kernproc, p_pglist);
527 kernproc->p_listflag |= P_LIST_INPGRP;
528 kernproc->p_pgrpid = 0;
529 kernproc->p_uniqueid = 0;
530
531 pgrp0.pg_session = &session0;
532 pgrp0.pg_membercnt = 1;
533
534 session0.s_count = 1;
535 session0.s_leader = kernproc;
536 session0.s_listflags = 0;
537 #ifdef CONFIG_FINE_LOCK_GROUPS
538 lck_mtx_init(&session0.s_mlock, proc_mlock_grp, proc_lck_attr);
539 #else
540 lck_mtx_init(&session0.s_mlock, proc_lck_grp, proc_lck_attr);
541 #endif
542 LIST_INSERT_HEAD(SESSHASH(0), &session0, s_hash);
543 proc_list_unlock();
544
545 kernproc->task = kernel_task;
546
547 kernproc->p_stat = SRUN;
548 kernproc->p_flag = P_SYSTEM;
549 kernproc->p_lflag = 0;
550 kernproc->p_ladvflag = 0;
551
552 #if DEVELOPMENT || DEBUG
553 if (bootarg_disable_aslr)
554 kernproc->p_flag |= P_DISABLE_ASLR;
555 #endif
556
557 kernproc->p_nice = NZERO;
558 kernproc->p_pptr = kernproc;
559
560 TAILQ_INIT(&kernproc->p_uthlist);
561 TAILQ_INSERT_TAIL(&kernproc->p_uthlist, ut, uu_list);
562
563 kernproc->sigwait = FALSE;
564 kernproc->sigwait_thread = THREAD_NULL;
565 kernproc->exit_thread = THREAD_NULL;
566 kernproc->p_csflags = CS_VALID;
567
568 /*
569 * Create credential. This also Initializes the audit information.
570 */
571 bsd_init_kprintf("calling bzero\n");
572 bzero(&temp_cred, sizeof(temp_cred));
573 bzero(&temp_pcred, sizeof(temp_pcred));
574 temp_pcred.cr_ngroups = 1;
575 /* kern_proc, shouldn't call up to DS for group membership */
576 temp_pcred.cr_flags = CRF_NOMEMBERD;
577 temp_cred.cr_audit.as_aia_p = audit_default_aia_p;
578
579 bsd_init_kprintf("calling kauth_cred_create\n");
580 /*
581 * We have to label the temp cred before we create from it to
582 * properly set cr_ngroups, or the create will fail.
583 */
584 posix_cred_label(&temp_cred, &temp_pcred);
585 kernproc->p_ucred = kauth_cred_create(&temp_cred);
586
587 /* update cred on proc */
588 PROC_UPDATE_CREDS_ONPROC(kernproc);
589
590 /* give the (already exisiting) initial thread a reference on it */
591 bsd_init_kprintf("calling kauth_cred_ref\n");
592 kauth_cred_ref(kernproc->p_ucred);
593 ut->uu_context.vc_ucred = kernproc->p_ucred;
594 ut->uu_context.vc_thread = current_thread();
595
596 TAILQ_INIT(&kernproc->p_aio_activeq);
597 TAILQ_INIT(&kernproc->p_aio_doneq);
598 kernproc->p_aio_total_count = 0;
599 kernproc->p_aio_active_count = 0;
600
601 bsd_init_kprintf("calling file_lock_init\n");
602 file_lock_init();
603
604 #if CONFIG_MACF
605 mac_cred_label_associate_kernel(kernproc->p_ucred);
606 #endif
607
608 /* Create the file descriptor table. */
609 kernproc->p_fd = &filedesc0;
610 filedesc0.fd_cmask = cmask;
611 filedesc0.fd_knlistsize = -1;
612 filedesc0.fd_knlist = NULL;
613 filedesc0.fd_knhash = NULL;
614 filedesc0.fd_knhashmask = 0;
615
616 /* Create the limits structures. */
617 kernproc->p_limit = &limit0;
618 for (i = 0; i < sizeof(kernproc->p_rlimit)/sizeof(kernproc->p_rlimit[0]); i++)
619 limit0.pl_rlimit[i].rlim_cur =
620 limit0.pl_rlimit[i].rlim_max = RLIM_INFINITY;
621 limit0.pl_rlimit[RLIMIT_NOFILE].rlim_cur = NOFILE;
622 limit0.pl_rlimit[RLIMIT_NPROC].rlim_cur = maxprocperuid;
623 limit0.pl_rlimit[RLIMIT_NPROC].rlim_max = maxproc;
624 limit0.pl_rlimit[RLIMIT_STACK] = vm_initial_limit_stack;
625 limit0.pl_rlimit[RLIMIT_DATA] = vm_initial_limit_data;
626 limit0.pl_rlimit[RLIMIT_CORE] = vm_initial_limit_core;
627 limit0.pl_refcnt = 1;
628
629 kernproc->p_stats = &pstats0;
630 kernproc->p_sigacts = &sigacts0;
631
632 /*
633 * Charge root for one process: launchd.
634 */
635 bsd_init_kprintf("calling chgproccnt\n");
636 (void)chgproccnt(0, 1);
637
638 /*
639 * Allocate a kernel submap for pageable memory
640 * for temporary copying (execve()).
641 */
642 {
643 vm_offset_t minimum;
644
645 bsd_init_kprintf("calling kmem_suballoc\n");
646 assert(bsd_pageable_map_size != 0);
647 ret = kmem_suballoc(kernel_map,
648 &minimum,
649 (vm_size_t)bsd_pageable_map_size,
650 TRUE,
651 VM_FLAGS_ANYWHERE | VM_MAKE_TAG(VM_KERN_MEMORY_BSD),
652 &bsd_pageable_map);
653 if (ret != KERN_SUCCESS)
654 panic("bsd_init: Failed to allocate bsd pageable map");
655 }
656
657 /*
658 * Initialize buffers and hash links for buffers
659 *
660 * SIDE EFFECT: Starts a thread for bcleanbuf_thread(), so must
661 * happen after a credential has been associated with
662 * the kernel task.
663 */
664 bsd_init_kprintf("calling bsd_bufferinit\n");
665 bsd_bufferinit();
666
667 /* Initialize the execve() semaphore */
668 bsd_init_kprintf("calling semaphore_create\n");
669
670 if (ret != KERN_SUCCESS)
671 panic("bsd_init: Failed to create execve semaphore");
672
673 /*
674 * Initialize the calendar.
675 */
676 bsd_init_kprintf("calling IOKitInitializeTime\n");
677 IOKitInitializeTime();
678
679 bsd_init_kprintf("calling ubc_init\n");
680 ubc_init();
681
682 /*
683 * Initialize device-switches.
684 */
685 bsd_init_kprintf("calling devsw_init() \n");
686 devsw_init();
687
688 /* Initialize the file systems. */
689 bsd_init_kprintf("calling vfsinit\n");
690 vfsinit();
691
692 #if CONFIG_PROC_UUID_POLICY
693 /* Initial proc_uuid_policy subsystem */
694 bsd_init_kprintf("calling proc_uuid_policy_init()\n");
695 proc_uuid_policy_init();
696 #endif
697
698 #if SOCKETS
699 /* Initialize per-CPU cache allocator */
700 mcache_init();
701
702 /* Initialize mbuf's. */
703 bsd_init_kprintf("calling mbinit\n");
704 mbinit();
705 net_str_id_init(); /* for mbuf tags */
706 #endif /* SOCKETS */
707
708 /*
709 * Initializes security event auditing.
710 * XXX: Should/could this occur later?
711 */
712 #if CONFIG_AUDIT
713 bsd_init_kprintf("calling audit_init\n");
714 audit_init();
715 #endif
716
717 /* Initialize kqueues */
718 bsd_init_kprintf("calling knote_init\n");
719 knote_init();
720
721 /* Initialize for async IO */
722 bsd_init_kprintf("calling aio_init\n");
723 aio_init();
724
725 /* Initialize pipes */
726 bsd_init_kprintf("calling pipeinit\n");
727 pipeinit();
728
729 /* Initialize SysV shm subsystem locks; the subsystem proper is
730 * initialized through a sysctl.
731 */
732 #if SYSV_SHM
733 bsd_init_kprintf("calling sysv_shm_lock_init\n");
734 sysv_shm_lock_init();
735 #endif
736 #if SYSV_SEM
737 bsd_init_kprintf("calling sysv_sem_lock_init\n");
738 sysv_sem_lock_init();
739 #endif
740 #if SYSV_MSG
741 bsd_init_kprintf("sysv_msg_lock_init\n");
742 sysv_msg_lock_init();
743 #endif
744 bsd_init_kprintf("calling pshm_lock_init\n");
745 pshm_lock_init();
746 bsd_init_kprintf("calling psem_lock_init\n");
747 psem_lock_init();
748
749 pthread_init();
750 /* POSIX Shm and Sem */
751 bsd_init_kprintf("calling pshm_cache_init\n");
752 pshm_cache_init();
753 bsd_init_kprintf("calling psem_cache_init\n");
754 psem_cache_init();
755 bsd_init_kprintf("calling time_zone_slock_init\n");
756 time_zone_slock_init();
757 bsd_init_kprintf("calling select_waitq_init\n");
758 select_waitq_init();
759
760 /*
761 * Initialize protocols. Block reception of incoming packets
762 * until everything is ready.
763 */
764 bsd_init_kprintf("calling sysctl_register_fixed\n");
765 sysctl_register_fixed();
766 bsd_init_kprintf("calling sysctl_mib_init\n");
767 sysctl_mib_init();
768 #if NETWORKING
769 bsd_init_kprintf("calling dlil_init\n");
770 dlil_init();
771 bsd_init_kprintf("calling proto_kpi_init\n");
772 proto_kpi_init();
773 #endif /* NETWORKING */
774 #if SOCKETS
775 bsd_init_kprintf("calling socketinit\n");
776 socketinit();
777 bsd_init_kprintf("calling domaininit\n");
778 domaininit();
779 iptap_init();
780 #if FLOW_DIVERT
781 flow_divert_init();
782 #endif /* FLOW_DIVERT */
783 #endif /* SOCKETS */
784
785 kernproc->p_fd->fd_cdir = NULL;
786 kernproc->p_fd->fd_rdir = NULL;
787
788 #if CONFIG_FREEZE
789 #ifndef CONFIG_MEMORYSTATUS
790 #error "CONFIG_FREEZE defined without matching CONFIG_MEMORYSTATUS"
791 #endif
792 /* Initialise background freezing */
793 bsd_init_kprintf("calling memorystatus_freeze_init\n");
794 memorystatus_freeze_init();
795 #endif
796
797 #if CONFIG_MEMORYSTATUS
798 /* Initialize kernel memory status notifications */
799 bsd_init_kprintf("calling memorystatus_init\n");
800 memorystatus_init();
801 #endif /* CONFIG_MEMORYSTATUS */
802
803 bsd_init_kprintf("calling macx_init\n");
804 macx_init();
805
806 bsd_init_kprintf("calling acct_init\n");
807 acct_init();
808
809 #ifdef GPROF
810 /* Initialize kernel profiling. */
811 kmstartup();
812 #endif
813
814 bsd_init_kprintf("calling bsd_autoconf\n");
815 bsd_autoconf();
816
817 #if CONFIG_DTRACE
818 dtrace_postinit();
819 #endif
820
821 /*
822 * We attach the loopback interface *way* down here to ensure
823 * it happens after autoconf(), otherwise it becomes the
824 * "primary" interface.
825 */
826 #include <loop.h>
827 #if NLOOP > 0
828 bsd_init_kprintf("calling loopattach\n");
829 loopattach(); /* XXX */
830 #endif
831 #if NGIF
832 /* Initialize gif interface (after lo0) */
833 gif_init();
834 #endif
835
836 #if PFLOG
837 /* Initialize packet filter log interface */
838 pfloginit();
839 #endif /* PFLOG */
840
841 #if NETHER > 0
842 /* Register the built-in dlil ethernet interface family */
843 bsd_init_kprintf("calling ether_family_init\n");
844 ether_family_init();
845 #endif /* ETHER */
846
847 #if NETWORKING
848 /* Call any kext code that wants to run just after network init */
849 bsd_init_kprintf("calling net_init_run\n");
850 net_init_run();
851
852 #if CONTENT_FILTER
853 cfil_init();
854 #endif
855
856 #if PACKET_MANGLER
857 pkt_mnglr_init();
858 #endif
859
860 #if NECP
861 /* Initialize Network Extension Control Policies */
862 necp_init();
863 #endif
864
865 netagent_init();
866
867 /* register user tunnel kernel control handler */
868 utun_register_control();
869 #if IPSEC
870 ipsec_register_control();
871 #endif /* IPSEC */
872 netsrc_init();
873 nstat_init();
874 tcp_cc_init();
875 #if MPTCP
876 mptcp_control_register();
877 #endif /* MPTCP */
878 #endif /* NETWORKING */
879
880 bsd_init_kprintf("calling vnode_pager_bootstrap\n");
881 vnode_pager_bootstrap();
882
883 bsd_init_kprintf("calling inittodr\n");
884 inittodr(0);
885
886 /* Mount the root file system. */
887 while( TRUE) {
888 int err;
889
890 bsd_init_kprintf("calling setconf\n");
891 setconf();
892 #if NFSCLIENT
893 netboot = (mountroot == netboot_mountroot);
894 #endif
895
896 bsd_init_kprintf("vfs_mountroot\n");
897 if (0 == (err = vfs_mountroot()))
898 break;
899 rootdevice[0] = '\0';
900 #if NFSCLIENT
901 if (netboot) {
902 PE_display_icon( 0, "noroot"); /* XXX a netboot-specific icon would be nicer */
903 vc_progress_set(FALSE, 0);
904 for (i=1; 1; i*=2) {
905 printf("bsd_init: failed to mount network root, error %d, %s\n",
906 err, PE_boot_args());
907 printf("We are hanging here...\n");
908 IOSleep(i*60*1000);
909 }
910 /*NOTREACHED*/
911 }
912 #endif
913 printf("cannot mount root, errno = %d\n", err);
914 boothowto |= RB_ASKNAME;
915 }
916
917 IOSecureBSDRoot(rootdevice);
918
919 context.vc_thread = current_thread();
920 context.vc_ucred = kernproc->p_ucred;
921 mountlist.tqh_first->mnt_flag |= MNT_ROOTFS;
922
923 bsd_init_kprintf("calling VFS_ROOT\n");
924 /* Get the vnode for '/'. Set fdp->fd_fd.fd_cdir to reference it. */
925 if (VFS_ROOT(mountlist.tqh_first, &rootvnode, &context))
926 panic("bsd_init: cannot find root vnode: %s", PE_boot_args());
927 rootvnode->v_flag |= VROOT;
928 (void)vnode_ref(rootvnode);
929 (void)vnode_put(rootvnode);
930 filedesc0.fd_cdir = rootvnode;
931
932 #if NFSCLIENT
933 if (netboot) {
934 int err;
935
936 netboot = TRUE;
937 /* post mount setup */
938 if ((err = netboot_setup()) != 0) {
939 PE_display_icon( 0, "noroot"); /* XXX a netboot-specific icon would be nicer */
940 vc_progress_set(FALSE, 0);
941 for (i=1; 1; i*=2) {
942 printf("bsd_init: NetBoot could not find root, error %d: %s\n",
943 err, PE_boot_args());
944 printf("We are hanging here...\n");
945 IOSleep(i*60*1000);
946 }
947 /*NOTREACHED*/
948 }
949 }
950 #endif
951
952
953 #if CONFIG_IMAGEBOOT
954 /*
955 * See if a system disk image is present. If so, mount it and
956 * switch the root vnode to point to it
957 */
958 if (netboot == FALSE && imageboot_needed()) {
959 /*
960 * An image was found. No turning back: we're booted
961 * with a kernel from the disk image.
962 */
963 imageboot_setup();
964 }
965 #endif /* CONFIG_IMAGEBOOT */
966
967 /* set initial time; all other resource data is already zero'ed */
968 microtime_with_abstime(&kernproc->p_start, &kernproc->p_stats->ps_start);
969
970 #if DEVFS
971 {
972 char mounthere[] = "/dev"; /* !const because of internal casting */
973
974 bsd_init_kprintf("calling devfs_kernel_mount\n");
975 devfs_kernel_mount(mounthere);
976 }
977 #endif /* DEVFS */
978
979 /* Initialize signal state for process 0. */
980 bsd_init_kprintf("calling siginit\n");
981 siginit(kernproc);
982
983 bsd_init_kprintf("calling bsd_utaskbootstrap\n");
984 bsd_utaskbootstrap();
985
986 #if defined(__LP64__)
987 kernproc->p_flag |= P_LP64;
988 #endif
989
990 pal_kernel_announce();
991
992 bsd_init_kprintf("calling mountroot_post_hook\n");
993
994 /* invoke post-root-mount hook */
995 if (mountroot_post_hook != NULL)
996 mountroot_post_hook();
997
998 #if 0 /* not yet */
999 consider_zone_gc(FALSE);
1000 #endif
1001
1002
1003 bsd_init_kprintf("done\n");
1004 }
1005
1006 void
1007 bsdinit_task(void)
1008 {
1009 proc_t p = current_proc();
1010 struct uthread *ut;
1011 thread_t thread;
1012
1013 process_name("init", p);
1014
1015 ux_handler_init();
1016
1017 thread = current_thread();
1018 (void) host_set_exception_ports(host_priv_self(),
1019 EXC_MASK_ALL & ~(EXC_MASK_RPC_ALERT),//pilotfish (shark) needs this port
1020 (mach_port_t) ux_exception_port,
1021 EXCEPTION_DEFAULT| MACH_EXCEPTION_CODES,
1022 0);
1023
1024 ut = (uthread_t)get_bsdthread_info(thread);
1025
1026 bsd_init_task = get_threadtask(thread);
1027 init_task_died = FALSE;
1028
1029 #if CONFIG_MACF
1030 mac_cred_label_associate_user(p->p_ucred);
1031 #endif
1032 load_init_program(p);
1033 lock_trace = 1;
1034 }
1035
1036 kern_return_t
1037 bsd_autoconf(void)
1038 {
1039 kprintf("bsd_autoconf: calling kminit\n");
1040 kminit();
1041
1042 /*
1043 * Early startup for bsd pseudodevices.
1044 */
1045 {
1046 struct pseudo_init *pi;
1047
1048 for (pi = pseudo_inits; pi->ps_func; pi++)
1049 (*pi->ps_func) (pi->ps_count);
1050 }
1051
1052 return( IOKitBSDInit());
1053 }
1054
1055
1056 #include <sys/disklabel.h> /* for MAXPARTITIONS */
1057
1058 static void
1059 setconf(void)
1060 {
1061 u_int32_t flags;
1062 kern_return_t err;
1063
1064 err = IOFindBSDRoot(rootdevice, sizeof(rootdevice), &rootdev, &flags);
1065 if( err) {
1066 printf("setconf: IOFindBSDRoot returned an error (%d);"
1067 "setting rootdevice to 'sd0a'.\n", err); /* XXX DEBUG TEMP */
1068 rootdev = makedev( 6, 0 );
1069 strlcpy(rootdevice, "sd0a", sizeof(rootdevice));
1070 flags = 0;
1071 }
1072
1073 #if NFSCLIENT
1074 if( flags & 1 ) {
1075 /* network device */
1076 mountroot = netboot_mountroot;
1077 } else {
1078 #endif
1079 /* otherwise have vfs determine root filesystem */
1080 mountroot = NULL;
1081 #if NFSCLIENT
1082 }
1083 #endif
1084
1085 }
1086
1087 void
1088 bsd_utaskbootstrap(void)
1089 {
1090 thread_t thread;
1091 struct uthread *ut;
1092
1093 /*
1094 * Clone the bootstrap process from the kernel process, without
1095 * inheriting either task characteristics or memory from the kernel;
1096 */
1097 thread = cloneproc(TASK_NULL, COALITION_NULL, kernproc, FALSE, TRUE);
1098
1099 /* Hold the reference as it will be dropped during shutdown */
1100 initproc = proc_find(1);
1101 #if __PROC_INTERNAL_DEBUG
1102 if (initproc == PROC_NULL)
1103 panic("bsd_utaskbootstrap: initproc not set\n");
1104 #endif
1105 /*
1106 * Since we aren't going back out the normal way to our parent,
1107 * we have to drop the transition locks explicitly.
1108 */
1109 proc_signalend(initproc, 0);
1110 proc_transend(initproc, 0);
1111
1112 ut = (struct uthread *)get_bsdthread_info(thread);
1113 ut->uu_sigmask = 0;
1114 act_set_astbsd(thread);
1115 proc_clear_return_wait(initproc, thread);
1116 }
1117
1118 static void
1119 parse_bsd_args(void)
1120 {
1121 char namep[16];
1122 int msgbuf;
1123
1124 if ( PE_parse_boot_argn("-s", namep, sizeof (namep)))
1125 boothowto |= RB_SINGLE;
1126
1127 if (PE_parse_boot_argn("-b", namep, sizeof (namep)))
1128 boothowto |= RB_NOBOOTRC;
1129
1130 if (PE_parse_boot_argn("-x", namep, sizeof (namep))) /* safe boot */
1131 boothowto |= RB_SAFEBOOT;
1132
1133 if (PE_parse_boot_argn("-minimalboot", namep, sizeof(namep))) {
1134 /*
1135 * -minimalboot indicates that we want userspace to be bootstrapped to a
1136 * minimal environment. What constitutes minimal is up to the bootstrap
1137 * process.
1138 */
1139 minimalboot = 1;
1140 }
1141
1142
1143 /* disable vnode_cache_is_authorized() by setting vnode_cache_defeat */
1144 if (PE_parse_boot_argn("-vnode_cache_defeat", namep, sizeof (namep)))
1145 bootarg_vnode_cache_defeat = 1;
1146
1147 #if DEVELOPMENT || DEBUG
1148 if (PE_parse_boot_argn("-disable_aslr", namep, sizeof (namep)))
1149 bootarg_disable_aslr = 1;
1150 #endif
1151
1152 PE_parse_boot_argn("ncl", &ncl, sizeof (ncl));
1153 if (PE_parse_boot_argn("nbuf", &max_nbuf_headers,
1154 sizeof (max_nbuf_headers))) {
1155 customnbuf = 1;
1156 }
1157
1158 #if CONFIG_MACF
1159 #if defined (__i386__) || defined (__x86_64__)
1160 PE_parse_boot_argn("policy_check", &policy_check_flags, sizeof (policy_check_flags));
1161 #endif
1162 #endif /* CONFIG_MACF */
1163
1164 if (PE_parse_boot_argn("msgbuf", &msgbuf, sizeof (msgbuf))) {
1165 log_setsize(msgbuf);
1166 }
1167
1168 if (PE_parse_boot_argn("-novfscache", namep, sizeof(namep))) {
1169 nc_disabled = 1;
1170 }
1171
1172 #if CONFIG_JETSAM && (DEVELOPMENT || DEBUG)
1173 if (PE_parse_boot_argn("-no_vnode_jetsam", namep, sizeof(namep)))
1174 bootarg_no_vnode_jetsam = 1;
1175 #endif /* CONFIG_JETSAM && (DEVELOPMENT || DEBUG) */
1176
1177
1178
1179 #if PROC_REF_DEBUG
1180 if (PE_parse_boot_argn("-disable_procref_tracking", namep, sizeof(namep))) {
1181 proc_ref_tracking_disabled = 1;
1182 }
1183 #endif
1184
1185 PE_parse_boot_argn("sigrestrict", &sigrestrict_arg, sizeof(sigrestrict_arg));
1186 }
1187
1188 void
1189 bsd_exec_setup(int scale)
1190 {
1191
1192 switch (scale) {
1193 case 0:
1194 case 1:
1195 bsd_simul_execs = BSD_SIMUL_EXECS;
1196 break;
1197 case 2:
1198 case 3:
1199 bsd_simul_execs = 65;
1200 break;
1201 case 4:
1202 case 5:
1203 bsd_simul_execs = 129;
1204 break;
1205 case 6:
1206 case 7:
1207 bsd_simul_execs = 257;
1208 break;
1209 default:
1210 bsd_simul_execs = 513;
1211 break;
1212
1213 }
1214 bsd_pageable_map_size = (bsd_simul_execs * BSD_PAGEABLE_SIZE_PER_EXEC);
1215 }
1216
1217 #if !NFSCLIENT
1218 int
1219 netboot_root(void);
1220
1221 int
1222 netboot_root(void)
1223 {
1224 return(0);
1225 }
1226 #endif
mirror of XNU