- * Copyright (c) 2000-2007 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* Version 2.0.
- * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 1999 Apple Inc. All rights reserved.
#include <mach/host_priv_server.h>
#include <mach/vm_map.h>
-#include <kern/kalloc.h>
#include <kern/kern_types.h>
#include <kern/thread.h>
#include <vm/vm_kern.h>
-#include <mach-o/mach_header.h>
-#include <mach-o/loader.h>
-#include <mach-o/nlist.h>
- * XXX headers for which prototypes should be in a common include file;
- * XXX see libsa/kext.cpp for why.
- */
-kern_return_t kmod_create_internal(kmod_info_t *info, kmod_t *id);
-kern_return_t kmod_destroy_internal(kmod_t id);
-kern_return_t kmod_start_or_stop(kmod_t id, int start, kmod_args_t *data,
- mach_msg_type_number_t *dataCount);
-kern_return_t kmod_retain(kmod_t id);
-kern_return_t kmod_release(kmod_t id);
-kern_return_t kmod_queue_cmd(vm_address_t data, vm_size_t size);
-kern_return_t kmod_get_info(host_t host, kmod_info_array_t *kmods,
- mach_msg_type_number_t *kmodCount);
-static kern_return_t kmod_get_symbol_data(kmod_args_t * data,
- mach_msg_type_number_t * dataCount);
-static kern_return_t kmod_free_linkedit_data(void);
-static kern_return_t kmod_get_kext_uuid(
- const char * kext_id,
- kmod_args_t * data,
- mach_msg_type_number_t * dataCount);
-extern int IODTGetLoaderInfo(const char * key, void ** infoAddr, vm_size_t * infoSize);
-extern void IODTFreeLoaderInfo(const char * key, void * infoAddr, vm_size_t infoSize);
-/* operates on 32 bit segments */
-extern void OSRuntimeUnloadCPPForSegment(struct segment_command * segment);
-kmod_info_t *kmod;
-static int kmod_index = 1;
-static int kmod_load_disabled = 0;
-mutex_t * kmod_lock = 0;
-static mutex_t * kmod_queue_lock = 0;
-typedef struct cmd_queue_entry {
- queue_chain_t links;
- vm_address_t data;
- vm_size_t size;
-} cmd_queue_entry_t;
-queue_head_t kmod_cmd_queue;
- kmod_lock = mutex_alloc(0);
- kmod_queue_lock = mutex_alloc(0);
- queue_init(&kmod_cmd_queue);
-kmod_info_t *
-kmod_lookupbyid(kmod_t id)
- kmod_info_t *k = NULL;
- k = kmod;
- while (k) {
- if (k->id == id) break;
- k = k->next;
- }
- return k;
-kmod_info_t *
-kmod_lookupbyname(const char * name)
- kmod_info_t *k = NULL;
- k = kmod;
- while (k) {
- if (!strncmp(k->name, name, sizeof(k->name)))
- break;
- k = k->next;
- }
- return k;
-// get the id of a kext in a given range, if the address is not in a kext
-// -1 is returned
-int kmod_lookupidbyaddress_locked(vm_address_t addr)
- kmod_info_t *k = 0;
- mutex_lock(kmod_queue_lock);
- k = kmod;
- if(NULL != k) {
- while (k) {
- if ((k->address <= addr) && ((k->address + k->size) > addr)) {
- break;
- }
- k = k->next;
- }
- mutex_unlock(kmod_queue_lock);
- } else {
- mutex_unlock(kmod_queue_lock);
- return -1;
- }
- if(NULL == k) {
- return -1;
- } else {
- return k->id;
- }
-kmod_info_t *
-kmod_lookupbyaddress(vm_address_t addr)
- kmod_info_t *k = 0;
- k = kmod;
- while (k) {
- if ((k->address <= addr) && ((k->address + k->size) > addr)) break;
- k = k->next;
- }
- return k;
-kmod_info_t *
-kmod_lookupbyid_locked(kmod_t id)
- kmod_info_t *k = NULL;
- kmod_info_t *kc = NULL;
- kc = (kmod_info_t *)kalloc(sizeof(kmod_info_t));
- if (!kc) return kc;
- mutex_lock(kmod_lock);
- k = kmod_lookupbyid(id);
- if (k) {
- bcopy((char*)k, (char *)kc, sizeof(kmod_info_t));
- }
- mutex_unlock(kmod_lock);
- if (k == 0) {
- kfree(kc, sizeof(kmod_info_t));
- kc = NULL;
- }
- return kc;
-kmod_info_t *
-kmod_lookupbyname_locked(const char * name)
- kmod_info_t *k = NULL;
- kmod_info_t *kc = NULL;
- kc = (kmod_info_t *)kalloc(sizeof(kmod_info_t));
- if (!kc) return kc;
- mutex_lock(kmod_lock);
- k = kmod_lookupbyname(name);
- if (k) {
- bcopy((char *)k, (char *)kc, sizeof(kmod_info_t));
- }
- mutex_unlock(kmod_lock);
- if (k == 0) {
- kfree(kc, sizeof(kmod_info_t));
- kc = NULL;
- }
- return kc;
-// XXX add a nocopy flag??
-kmod_queue_cmd(vm_address_t data, vm_size_t size)
- kern_return_t rc;
- cmd_queue_entry_t *e = (cmd_queue_entry_t *)kalloc(sizeof(struct cmd_queue_entry));
- if (!e) return KERN_RESOURCE_SHORTAGE;
- rc = kmem_alloc(kernel_map, &e->data, size);
- if (rc != KERN_SUCCESS) {
- kfree(e, sizeof(struct cmd_queue_entry));
- return rc;
- }
- e->size = size;
- bcopy((void *)data, (void *)e->data, size);
- mutex_lock(kmod_queue_lock);
- enqueue_tail(&kmod_cmd_queue, (queue_entry_t)e);
- mutex_unlock(kmod_queue_lock);
- thread_wakeup_one((event_t)&kmod_cmd_queue);
- return KERN_SUCCESS;
-kmod_load_extension(char *name)
- kmod_load_extension_cmd_t data;
- if (kmod_load_disabled) {
- return KERN_NO_ACCESS;
- }
- strncpy(data.name, name, sizeof(data.name));
- return kmod_queue_cmd((vm_address_t)&data, sizeof(data));
-kmod_load_extension_with_dependencies(char *name, char **dependencies)
- kern_return_t result;
- kmod_load_with_dependencies_cmd_t * data;
- vm_size_t size;
- char **c;
- int i, count = 0;
- if (kmod_load_disabled) {
- return KERN_NO_ACCESS;
- }
- c = dependencies;
- if (c) {
- while (*c) {
- count++; c++;
- }
- }
- size = sizeof(int) + KMOD_MAX_NAME * (count + 1) + 1;
- data = (kmod_load_with_dependencies_cmd_t *)kalloc(size);
- if (!data) return KERN_RESOURCE_SHORTAGE;
- strncpy(data->name, name, KMOD_MAX_NAME);
- c = dependencies;
- for (i=0; i < count; i++) {
- strncpy(data->dependencies[i], *c, KMOD_MAX_NAME);
- c++;
- }
- data->dependencies[count][0] = 0;
- result = kmod_queue_cmd((vm_address_t)data, size);
- kfree(data, size);
- return result;
-kmod_send_generic(int type, void *generic_data, int size)
- kern_return_t result;
- kmod_generic_cmd_t * data;
- vm_size_t cmd_size;
- // add sizeof(int) for the type field
- cmd_size = size + sizeof(int);
- data = (kmod_generic_cmd_t *)kalloc(cmd_size);
- if (!data) return KERN_RESOURCE_SHORTAGE;
- data->type = type;
- bcopy(data->data, generic_data, size);
- result = kmod_queue_cmd((vm_address_t)data, cmd_size);
- kfree(data, cmd_size);
- return result;
-extern vm_offset_t sectPRELINKB;
-extern int sectSizePRELINK;
-extern int kth_started;
- * Operates only on 32 bit mach keaders on behalf of kernel module loader
- * if WRITE_PROTECT_MODULE_TEXT is defined.
- */
-kmod_create_internal(kmod_info_t *info, kmod_t *id)
- kern_return_t rc;
- boolean_t isPrelink;
- if (!info) return KERN_INVALID_ADDRESS;
- // double check for page alignment
- if ((info->address | info->hdr_size) & (PAGE_SIZE - 1)) {
- }
- isPrelink = ((info->address >= sectPRELINKB) && (info->address < (sectPRELINKB + sectSizePRELINK)));
- if (!isPrelink && kth_started) {
- rc = vm_map_wire(kernel_map, info->address + info->hdr_size,
- info->address + info->size, VM_PROT_DEFAULT, FALSE);
- if (rc != KERN_SUCCESS) {
- return rc;
- }
- }
- {
- struct section * sect = getsectbynamefromheader(
- (struct mach_header*) info->address, "__TEXT", "__text");
- if(sect) {
- (void) vm_map_protect(kernel_map, round_page(sect->addr),
- trunc_page(sect->addr + sect->size),
- }
- }
- mutex_lock(kmod_lock);
- // check to see if already loaded
- if (kmod_lookupbyname(info->name)) {
- mutex_unlock(kmod_lock);
- if (!isPrelink) {
- rc = vm_map_unwire(kernel_map, info->address + info->hdr_size,
- info->address + info->size, FALSE);
- assert(rc == KERN_SUCCESS);
- }
- }
- info->id = kmod_index++;
- info->reference_count = 0;
- info->next = kmod;
- kmod = info;
- *id = info->id;
- mutex_unlock(kmod_lock);
-#if DEBUG
- printf("kmod_create: %s (id %d), %d pages loaded at 0x%x, header size 0x%x\n",
- info->name, info->id, info->size / PAGE_SIZE, info->address, info->hdr_size);
-#endif /* DEBUG */
- return KERN_SUCCESS;
-kmod_create(host_priv_t host_priv,
- vm_address_t addr,
- kmod_t *id)
- kmod_info_t *info;
- if (kmod_load_disabled) {
- return KERN_NO_ACCESS;
- }
- info = (kmod_info_t *)addr;
- if (host_priv == HOST_PRIV_NULL) return KERN_INVALID_HOST;
- return kmod_create_internal(info, id);
-kmod_create_fake_with_address(const char *name, const char *version,
- vm_address_t address, vm_size_t size,
- int * return_id)
- kmod_info_t *info;
- if (!name || ! version ||
- (1 + strlen(name) > KMOD_MAX_NAME) ||
- (1 + strlen(version) > KMOD_MAX_NAME)) {
- }
- info = (kmod_info_t *)kalloc(sizeof(kmod_info_t));
- if (!info) {
- }
- // make de fake
- info->info_version = KMOD_INFO_VERSION;
- bcopy(name, info->name, 1 + strlen(name));
- bcopy(version, info->version, 1 + strlen(version)); //NIK fixed this part
- info->reference_count = 1; // keep it from unloading, starting, stopping
- info->reference_list = NULL;
- info->address = address;
- info->size = size;
- info->hdr_size = 0;
- info->start = info->stop = NULL;
- mutex_lock(kmod_lock);
- // check to see if already "loaded"
- if (kmod_lookupbyname(info->name)) {
- mutex_unlock(kmod_lock);
- kfree(info, sizeof(kmod_info_t));
- }
- info->id = kmod_index++;
- if (return_id)
- *return_id = info->id;
- info->next = kmod;
- kmod = info;
- mutex_unlock(kmod_lock);
- return KERN_SUCCESS;
-kmod_create_fake(const char *name, const char *version)
- return kmod_create_fake_with_address(name, version, 0, 0, NULL);
-static kern_return_t
-_kmod_destroy_internal(kmod_t id, boolean_t fake)
- kern_return_t rc;
- kmod_info_t *k;
- kmod_info_t *p;
- mutex_lock(kmod_lock);
- k = p = kmod;
- while (k) {
- if (k->id == id) {
- kmod_reference_t *r, *t;
- if (!fake && (k->reference_count != 0)) {
- mutex_unlock(kmod_lock);
- }
- if (k == p) { // first element
- kmod = k->next;
- } else {
- p->next = k->next;
- }
- mutex_unlock(kmod_lock);
- r = k->reference_list;
- while (r) {
- r->info->reference_count--;
- t = r;
- r = r->next;
- kfree(t, sizeof(struct kmod_reference));
- }
- if (!fake)
- {
-#if DEBUG
- printf("kmod_destroy: %s (id %d), deallocating %d pages starting at 0x%x\n",
- k->name, k->id, k->size / PAGE_SIZE, k->address);
-#endif /* DEBUG */
- if( (k->address >= sectPRELINKB) && (k->address < (sectPRELINKB + sectSizePRELINK)))
- {
- vm_offset_t
- virt = ml_static_ptovirt(k->address);
- if( virt) {
- ml_static_mfree( virt, k->size);
- }
- }
- else
- {
- rc = vm_map_unwire(kernel_map, k->address + k->hdr_size,
- k->address + k->size, FALSE);
- assert(rc == KERN_SUCCESS);
- rc = vm_deallocate(kernel_map, k->address, k->size);
- assert(rc == KERN_SUCCESS);
- }
- }
- return KERN_SUCCESS;
- }
- p = k;
- k = k->next;
- }
- mutex_unlock(kmod_lock);
-kmod_destroy_internal(kmod_t id)
- return _kmod_destroy_internal(id, FALSE);
-kmod_destroy(host_priv_t host_priv,
- kmod_t id)
- if (host_priv == HOST_PRIV_NULL) return KERN_INVALID_HOST;
- return _kmod_destroy_internal(id, FALSE);
-kmod_destroy_fake(kmod_t id)
- return _kmod_destroy_internal(id, TRUE);
- kmod_t id,
- int start,
- kmod_args_t *data,
- mach_msg_type_number_t *dataCount)
- kern_return_t rc = KERN_SUCCESS;
- void * user_data = NULL;
- kern_return_t (*func)(kmod_info_t *, void *);
- kmod_info_t *k;
- if (start && kmod_load_disabled) {
- return KERN_NO_ACCESS;
- }
- mutex_lock(kmod_lock);
- k = kmod_lookupbyid(id);
- if (!k || k->reference_count) {
- mutex_unlock(kmod_lock);
- goto finish;
- }
- if (start) {
- func = (void *)k->start;
- } else {
- func = (void *)k->stop;
- }
- mutex_unlock(kmod_lock);
- //
- // call kmod entry point
- //
- if (data && dataCount && *data && *dataCount) {
- vm_map_offset_t map_addr;
- vm_map_copyout(kernel_map, &map_addr, (vm_map_copy_t)*data);
- user_data = CAST_DOWN(void *, map_addr);
- }
- rc = (*func)(k, user_data);
- if (user_data) {
- (void) vm_deallocate(kernel_map, (vm_offset_t)user_data, *dataCount);
- }
- if (data) *data = NULL;
- if (dataCount) *dataCount = 0;
- return rc;
- * The retain and release calls take no user data, but the caller
- * may have sent some in error (the MIG definition allows it).
- * If this is the case, they will just return that same data
- * right back to the caller (since they never touch the *data and
- * *dataCount fields).
- */
-kmod_retain(kmod_t id)
- kern_return_t rc = KERN_SUCCESS;
- kmod_info_t *t; // reference to
- kmod_info_t *f; // reference from
- kmod_reference_t *r = NULL;
- r = (kmod_reference_t *)kalloc(sizeof(struct kmod_reference));
- if (!r) {
- goto finish;
- }
- mutex_lock(kmod_lock);
- t = kmod_lookupbyid(KMOD_UNPACK_TO_ID(id));
- f = kmod_lookupbyid(KMOD_UNPACK_FROM_ID(id));
- if (!t || !f) {
- mutex_unlock(kmod_lock);
- if (r) kfree(r, sizeof(struct kmod_reference));
- goto finish;
- }
- r->next = f->reference_list;
- r->info = t;
- f->reference_list = r;
- t->reference_count++;
- mutex_unlock(kmod_lock);
- return rc;
-kmod_release(kmod_t id)
- kern_return_t rc = KERN_INVALID_ARGUMENT;
- kmod_info_t *t; // reference to
- kmod_info_t *f; // reference from
- kmod_reference_t *r = NULL;
- kmod_reference_t * p;
- mutex_lock(kmod_lock);
- t = kmod_lookupbyid(KMOD_UNPACK_TO_ID(id));
- f = kmod_lookupbyid(KMOD_UNPACK_FROM_ID(id));
- if (!t || !f) {
- goto finish;
- }
- p = r = f->reference_list;
- while (r) {
- if (r->info == t) {
- if (p == r) { // first element
- f->reference_list = r->next;
- } else {
- p->next = r->next;
- }
- r->info->reference_count--;
- mutex_unlock(kmod_lock);
- kfree(r, sizeof(struct kmod_reference));
- goto finish;
- }
- p = r;
- r = r->next;
- }
- mutex_unlock(kmod_lock);
- return rc;
-kmod_control(host_priv_t host_priv,
- kmod_t id,
- kmod_control_flavor_t flavor,
- kmod_args_t *data,
- mach_msg_type_number_t *dataCount)
- kern_return_t rc = KERN_SUCCESS;
- /* Only allow non-root access to retrieve kernel symbols or UUID.
- */
- flavor != KMOD_CNTL_GET_UUID) {
- if (host_priv == HOST_PRIV_NULL) return KERN_INVALID_HOST;
- }
- switch (flavor) {
- {
- rc = kmod_start_or_stop(id, (flavor == KMOD_CNTL_START),
- data, dataCount);
- break;
- }
- {
- rc = kmod_retain(id);
- break;
- }
- {
- rc = kmod_release(id);
- break;
- }
- {
- cmd_queue_entry_t *e;
- /* Throw away any data the user may have sent in error.
- * We must do this, because we are likely to return to
- * some data for these commands (thus causing a leak of
- * whatever data the user sent us in error).
- */
- if (*data && *dataCount) {
- vm_map_copy_discard(*data);
- *data = NULL;
- *dataCount = 0;
- }
- mutex_lock(kmod_queue_lock);
- if (queue_empty(&kmod_cmd_queue)) {
- wait_result_t res;
- res = thread_sleep_mutex((event_t)&kmod_cmd_queue,
- kmod_queue_lock,
- if (queue_empty(&kmod_cmd_queue)) {
- // we must have been interrupted!
- mutex_unlock(kmod_queue_lock);
- assert(res == THREAD_INTERRUPTED);
- return KERN_ABORTED;
- }
- }
- e = (cmd_queue_entry_t *)dequeue_head(&kmod_cmd_queue);
- mutex_unlock(kmod_queue_lock);
- rc = vm_map_copyin(kernel_map, (vm_map_address_t)e->data,
- (vm_map_size_t)e->size, TRUE, (vm_map_copy_t *)data);
- if (rc) {
- mutex_lock(kmod_queue_lock);
- enqueue_head(&kmod_cmd_queue, (queue_entry_t)e);
- mutex_unlock(kmod_queue_lock);
- *data = NULL;
- *dataCount = 0;
- return rc;
- }
- *dataCount = e->size;
- kfree(e, sizeof(struct cmd_queue_entry));
- break;
- }
- {
- /* Throw away any data the user may have sent in error.
- * We must do this, because we are likely to return to
- * some data for these commands (thus causing a leak of
- * whatever data the user sent us in error).
- */
- if (*data && *dataCount) {
- vm_map_copy_discard(*data);
- *data = NULL;
- *dataCount = 0;
- }
- return kmod_get_symbol_data(data, dataCount);
- break;
- }
- {
- return kmod_free_linkedit_data();
- break;
- }
- {
- uint32_t id_length = *dataCount;
- char * kext_id = NULL;
- vm_map_offset_t map_addr;
- void * user_data;
- kern_return_t result;
- /* Get the bundle id, if provided, and discard the buffer sent down.
- */
- if (*data && *dataCount) {
- (char *)(kmem_alloc(kernel_map, (vm_offset_t *)&kext_id, id_length));
- if (!kext_id) {
- return KERN_FAILURE;
- }
- vm_map_copyout(kernel_map, &map_addr, (vm_map_copy_t)*data);
- user_data = CAST_DOWN(void *, map_addr);
- memcpy(kext_id, user_data, id_length);
- kext_id[id_length-1] = '\0';
- if (user_data) {
- (void)vm_deallocate(kernel_map, (vm_offset_t)user_data, *dataCount);
- }
- *data = NULL;
- *dataCount = 0;
- }
- result = kmod_get_kext_uuid(kext_id, data, dataCount);
- if (kext_id) {
- kmem_free(kernel_map, (vm_offset_t)kext_id, id_length);
- }
- return result;
- break;
- }
- {
- kmod_load_disabled = 1;
- break;
- }
- default:
- }
- return rc;
-* This function creates a dummy symbol file for the running kernel based on data
-* in the run-time image. This allows us to correctly link other executables
-* (drivers, etc) against the kernel when the kernel image on the root filesystem
-* does not match the live kernel, as c can occur during net-booting where the
-* actual kernel image is obtained from the network via tftp rather than the root
-* device.
-* If a symbol table is available, then a link-suitable Mach-O file image is
-* created containing a Mach Header and an LC_SYMTAB load command followed by the
-* the symbol table data for mach_kernel. A UUID load command is also present for
-* identification, so we don't link against the wrong kernel.
-* NOTE: This file supports only 32 bit kernels; adding support for 64 bit
-* kernels is possible, but is not necessary yet.
-extern struct mach_header _mh_execute_header;
-static int _linkedit_segment_freed = 0;
-static kern_return_t
- kmod_args_t * symbol_data,
- mach_msg_type_number_t * data_size)
- kern_return_t result = KERN_FAILURE;
- struct load_command * load_cmd;
- struct mach_header * orig_header = &_mh_execute_header;
- struct segment_command * orig_text = NULL;
- struct segment_command * orig_data = NULL;
- struct segment_command * orig_linkedit = NULL;
- struct uuid_command * orig_uuid = NULL;
- struct symtab_command * orig_symtab = NULL;
- struct section * sect;
- struct section * const_text = NULL;
- vm_size_t header_size = 0;
- vm_offset_t symtab_size;
- vm_offset_t total_size; // copied out to 'data_size'
- char * buffer = 0; // copied out to 'symbol_data'
- struct mach_header * header;
- struct segment_command * seg_cmd = NULL;
- struct symtab_command * symtab;
- unsigned int i;
- caddr_t addr;
- vm_offset_t offset;
- // only want to do these 1st call
- static int syms_marked = 0;
- mutex_lock(kmod_lock);
- /*****
- * Check for empty out parameter pointers, and zero them if ok.
- */
- if (!symbol_data || !data_size) {
- goto finish;
- }
- *symbol_data = NULL;
- *data_size = 0;
- if (_linkedit_segment_freed) {
- goto finish;
- }
- /*****
- * Scan the in-memory kernel's mach header for the parts we need to copy:
- * TEXT (for basic file info + const section), DATA (for basic file info),
- * LINKEDIT (for the symbol table entries), SYMTAB (for the symbol table
- * overall).
- */
- load_cmd = (struct load_command *)&orig_header[1];
- for (i = 0; i < orig_header->ncmds; i++) {
- if (load_cmd->cmd == LC_SEGMENT) {
- struct segment_command * orig_seg_cmd =
- (struct segment_command *)load_cmd;
- if (!strncmp(SEG_TEXT, orig_seg_cmd->segname, strlen(SEG_TEXT))) {
- orig_text = orig_seg_cmd;
- } else if (!strncmp(SEG_DATA, orig_seg_cmd->segname,
- strlen(SEG_DATA))) {
- orig_data = orig_seg_cmd;
- } else if (!strncmp(SEG_LINKEDIT, orig_seg_cmd->segname,
- strlen(SEG_LINKEDIT))) {
- orig_linkedit = orig_seg_cmd;
- }
- } else if (load_cmd->cmd == LC_UUID) {
- orig_uuid = (struct uuid_command *)load_cmd;
- } else if (load_cmd->cmd == LC_SYMTAB) {
- orig_symtab = (struct symtab_command *)load_cmd;
- }
- load_cmd = (struct load_command *)((caddr_t)load_cmd + load_cmd->cmdsize);
- }
- /* Bail if any wasn't found.
- */
- if (!orig_text || !orig_data || !orig_linkedit || !orig_uuid || !orig_symtab) {
- goto finish;
- }
- /* Now seek out the const section of the TEXT segment, bailing if not found.
- */
- sect = (struct section *)&orig_text[1];
- for (i = 0; i < orig_text->nsects; i++, sect++) {
- if (!strncmp("__const", sect->sectname, sizeof("__const"))) {
- const_text = sect;
- break;
- }
- }
- if (!const_text) {
- goto finish;
- }
- /*****
- * Calculate the total size needed and allocate the buffer. In summing the
- * total size, every size before the last must be rounded to a
- * page-size increment.
- */
- header_size = sizeof(struct mach_header) +
- orig_text->cmdsize + orig_data->cmdsize +
- orig_uuid->cmdsize + orig_symtab->cmdsize;
- symtab_size = (orig_symtab->nsyms * sizeof(struct nlist)) +
- orig_symtab->strsize;
- total_size = round_page(header_size) + round_page(const_text->size) +
- symtab_size;
- (void)kmem_alloc(kernel_map, (vm_offset_t *)&buffer, total_size);
- if (!buffer) {
- goto finish;
- }
- bzero((void *)buffer, total_size);
- /*****
- * Set up the Mach-O header in the buffer.
- */
- header = (struct mach_header *)buffer;
- header->magic = orig_header->magic;
- header->cputype = orig_header->cputype;
- header->cpusubtype = orig_header->cpusubtype;
- header->filetype = orig_header->filetype;
- header->ncmds = 4; // TEXT, DATA, UUID, SYMTAB
- header->sizeofcmds = header_size - sizeof(struct mach_header);
- header->flags = orig_header->flags;
- /*****
- * Initialize the current file offset and addr; updated as we go through,
- * but only for fields that need proper info.
- */
- offset = round_page(header_size);
- addr = (caddr_t)const_text->addr;
- /*****
- * Construct a TEXT segment load command. The only content of the TEXT
- * segment that we actually copy is the __TEXT,__const, which contains the
- * kernel vtables. The other sections are just filled with unincremented
- * addr/offset and zero size and number fields.
- */
- seg_cmd = (struct segment_command *)&header[1]; // just past mach header
- memcpy(seg_cmd, orig_text, orig_text->cmdsize);
- seg_cmd->vmaddr = (unsigned long)addr;
- seg_cmd->vmsize = const_text->size;
- seg_cmd->fileoff = 0;
- seg_cmd->filesize = const_text->size + round_page(header_size);
- seg_cmd->maxprot = 0;
- seg_cmd->initprot = 0;
- seg_cmd->flags = 0;
- sect = (struct section *)(seg_cmd + 1);
- for (i = 0; i < seg_cmd->nsects; i++, sect++) {
- sect->addr = (unsigned long)addr; // only valid for __TEXT,__const
- sect->size = 0;
- sect->offset = offset;
- sect->nreloc = 0;
- if (0 == strncmp("__const", sect->sectname, sizeof("__const"))) {
- sect->size = const_text->size;
- addr += const_text->size;
- offset += const_text->size;
- const_text = sect; // retarget to constructed section
- }
- }
- offset = round_page(offset);
- /*****
- * Now copy the __DATA segment load command, but none of its content.
- */
- seg_cmd = (struct segment_command *)((int)seg_cmd + seg_cmd->cmdsize);
- memcpy(seg_cmd, orig_data, orig_data->cmdsize);
- seg_cmd->vmaddr = (unsigned long)addr;
- seg_cmd->vmsize = 0x1000; // Why not just zero? DATA seg is empty.
- seg_cmd->fileoff = offset;
- seg_cmd->filesize = 0;
- seg_cmd->maxprot = 0;
- seg_cmd->initprot = 0;
- seg_cmd->flags = 0;
- sect = (struct section *)(seg_cmd+1);
- for (i = 0; i < seg_cmd->nsects; i++, sect++) {
- sect->addr = (unsigned long)addr;
- sect->size = 0;
- sect->offset = offset;
- sect->nreloc = 0;
- }
- offset = round_page(offset);
- /* Set up LC_UUID command
- */
- seg_cmd = (struct segment_command *)((int)seg_cmd + seg_cmd->cmdsize);
- memcpy(seg_cmd, orig_uuid, orig_uuid->cmdsize);
- /* Set up LC_SYMTAB command
- */
- symtab = (struct symtab_command *)((int)seg_cmd + seg_cmd->cmdsize);
- symtab->cmd = LC_SYMTAB;
- symtab->cmdsize = sizeof(struct symtab_command);
- symtab->symoff = offset;
- symtab->nsyms = orig_symtab->nsyms;
- symtab->strsize = orig_symtab->strsize;
- symtab->stroff = offset + symtab->nsyms * sizeof(struct nlist);
- /* Convert the symbol table in place (yes, in the running kernel)
- * from section references to absolute references.
- */
- if (!syms_marked) {
- struct nlist * sym = (struct nlist *) orig_linkedit->vmaddr;
- for (i = 0; i < orig_symtab->nsyms; i++, sym++) {
- if ((sym->n_type & N_TYPE) == N_SECT) {
- sym->n_sect = NO_SECT;
- sym->n_type = (sym->n_type & ~N_TYPE) | N_ABS;
- }
- }
- syms_marked = 1;
- }
- /*****
- * Copy the contents of the __TEXT,__const section and the linkedit symbol
- * data into the constructed object file buffer. The header has already been
- * filled in.
- */
- memcpy(buffer + const_text->offset, (void *)const_text->addr, const_text->size);
- memcpy(buffer + symtab->symoff, (void *)orig_linkedit->vmaddr, symtab_size);
- result = vm_map_copyin(kernel_map,
- (vm_offset_t)buffer,
- (vm_map_size_t)total_size,
- /* src_destroy */ TRUE,
- (vm_map_copy_t *)symbol_data);
- if (result != KERN_SUCCESS) {
- kmem_free(kernel_map, (vm_offset_t)buffer, total_size);
- *symbol_data = NULL;
- *data_size = 0;
- goto finish;
- } else {
- *data_size = total_size;
- }
- mutex_unlock(kmod_lock);
- return result;
-* Drop the LINKEDIT segment from the running kernel to recover wired memory.
-* This is invoked by kextd after it has successfully determined a file is
-* available in the root filesystem to link against (either a symbol file it
-* wrote, or /mach_kernel).
-// in IOCatalogue.cpp
-extern int kernelLinkerPresent;
-static kern_return_t
- kern_return_t result = KERN_FAILURE;
- const char * dt_kernel_header_name = "Kernel-__HEADER";
- const char * dt_kernel_symtab_name = "Kernel-__SYMTAB";
- struct mach_header_t * dt_mach_header = NULL;
- vm_size_t dt_mach_header_size = 0;
- struct symtab_command *dt_symtab = NULL;
- vm_size_t dt_symtab_size = 0;
- int dt_result;
- struct segment_command * segmentLE;
- boolean_t keepsyms = FALSE;
- const char * segment_name = "__LINKEDIT";
-#if __ppc__ || __arm__
- const char * devtree_segment_name = "Kernel-__LINKEDIT";
- void * segment_paddress;
- vm_size_t segment_size;
- mutex_lock(kmod_lock);
- /* The semantic is "make sure the linkedit segment is freed", so if we
- * previously did it, it's a success.
- */
- if (_linkedit_segment_freed) {
- result = KERN_SUCCESS;
- goto finish;
- } else if (kernelLinkerPresent) {
- // The in-kernel linker requires the linkedit segment to function.
- // Refuse to dump if it's still around.
- // XXX: We need a dedicated error return code for this.
- printf("can't remove kernel __LINKEDIT segment - in-kernel linker needs it\n");
- goto finish;
- }
- /* Dispose of unnecessary stuff that the booter didn't need to load.
- */
- dt_result = IODTGetLoaderInfo(dt_kernel_header_name,
- (void **)&dt_mach_header, &dt_mach_header_size);
- if (dt_result == 0 && dt_mach_header) {
- IODTFreeLoaderInfo(dt_kernel_header_name, (void *)dt_mach_header,
- round_page_32(dt_mach_header_size));
- }
- dt_result = IODTGetLoaderInfo(dt_kernel_symtab_name,
- (void **)&dt_symtab, &dt_symtab_size);
- if (dt_result == 0 && dt_symtab) {
- IODTFreeLoaderInfo(dt_kernel_symtab_name, (void *)dt_symtab,
- round_page_32(dt_symtab_size));
- }
- PE_parse_boot_arg("keepsyms", &keepsyms);
- segmentLE = getsegbyname(segment_name);
- if (!segmentLE) {
- printf("error removing kernel __LINKEDIT segment\n");
- goto finish;
- }
- OSRuntimeUnloadCPPForSegment(segmentLE);
-#if __ppc__ || __arm__
- if (!keepsyms && 0 == IODTGetLoaderInfo(devtree_segment_name,
- &segment_paddress, &segment_size)) {
- IODTFreeLoaderInfo(devtree_segment_name, (void *)segment_paddress,
- (int)segment_size);
- }
-#elif __i386__
- if (!keepsyms && segmentLE->vmaddr && segmentLE->vmsize) {
- ml_static_mfree(segmentLE->vmaddr, segmentLE->vmsize);
- }
-#error arch
- result = KERN_SUCCESS;
- if (!keepsyms && result == KERN_SUCCESS) {
- _linkedit_segment_freed = 1;
- }
- mutex_unlock(kmod_lock);
- return result;
-* Retrieve the UUID load command payload from the running kernel.
-static kern_return_t
- const char * kext_id,
- kmod_args_t * data,
- mach_msg_type_number_t * dataCount)
- kern_return_t result = KERN_FAILURE;
- kmod_info_t * kmod_info = NULL;
- unsigned int i;
- char * uuid_data = 0;
- struct mach_header * header = &_mh_execute_header;
- struct load_command * load_cmd = (struct load_command *)&header[1];
- struct uuid_command * uuid_cmd;
+#include <libkern/kernel_mach_header.h>
+ **********************************************************************
+ **********************************************************************
+ **********************************************************************
+ * Except for kmod_get_info(), which continues to work for K32 with
+ * 32-bit clients, all remaining functions in this module remain
+ * for symbol linkage or MIG support only,
+ * and return KERN_NOT_SUPPORTED.
+ *
+ * Some kernel-internal portions have been moved to
+ * libkern/OSKextLib.cpp and libkern/c++/OSKext.cpp.
+ **********************************************************************/
- /* If given no kext ID, retrieve the kernel UUID.
- */
- if (!kext_id) {
- header = &_mh_execute_header;
- } else {
- kmod_info = kmod_lookupbyname_locked(kext_id);
- if (!kmod_info) {
- goto finish;
- }
- /* If the kmod is build-in, it's part of the kernel, so retrieve the
- * kernel UUID.
- */
- if (!kmod_info->address) {
- header = &_mh_execute_header;
- } else {
- header = (struct mach_header *)kmod_info->address;
- }
- }
+// bsd/sys/proc.h
+extern void proc_selfname(char * buf, int size);
- load_cmd = (struct load_command *)&header[1];
+#define NOT_SUPPORTED_USER64() \
+ do { \
+ char procname[64] = "unknown"; \
+ proc_selfname(procname, sizeof(procname)); \
+ printf("%s is not supported for 64-bit clients (called from %s)\n", \
+ __FUNCTION__, procname); \
+ } while (0)
- for (i = 0; i < header->ncmds; i++) {
- if (load_cmd->cmd == LC_UUID) {
- uuid_cmd = (struct uuid_command *)load_cmd;
+ do { \
+ char procname[64] = "unknown"; \
+ proc_selfname(procname, sizeof(procname)); \
+ printf("%s is not supported on this kernel architecture (called from %s)\n", \
+ __FUNCTION__, procname); \
+ } while (0)
- /* kmem_alloc() a local buffer that's on a boundary known to work
- * with vm_map_copyin().
- */
- result = kmem_alloc(kernel_map, (vm_offset_t *)&uuid_data,
- sizeof(uuid_cmd->uuid));
- if (result != KERN_SUCCESS) {
- goto finish;
- }
- memcpy(uuid_data, uuid_cmd->uuid, sizeof(uuid_cmd->uuid));
- result = vm_map_copyin(kernel_map, (vm_offset_t)uuid_data,
- sizeof(uuid_cmd->uuid), /* src_destroy */ TRUE,
- (vm_map_copy_t *)data);
- if (result == KERN_SUCCESS) {
- *dataCount = sizeof(uuid_cmd->uuid);
- } else {
- kmem_free(kernel_map, (vm_offset_t)uuid_data,
- sizeof(uuid_cmd->uuid));
- }
- goto finish;
- }
- load_cmd = (struct load_command *)((caddr_t)load_cmd + load_cmd->cmdsize);
- }
+#define KMOD_MIG_UNUSED __unused
- return result;
+ * Old MIG routines that are no longer supported.
+ **********************************************************************
+ * We have to keep these around for ppc, i386, and x86_64. A 32-bit
+ * user-space client might call into the 64-bit kernel. Only
+ * kmod_get_info() retains a functional implementation (ppc/i386).
+ **********************************************************************/
-kmod_get_info(__unused host_t host,
- kmod_info_array_t *kmods,
- mach_msg_type_number_t *kmodCount)
- vm_offset_t data;
- kmod_info_t *k, *p1;
- kmod_reference_t *r, *p2;
- int ref_count;
- unsigned size = 0;
- kern_return_t rc = KERN_SUCCESS;
- *kmods = (void *)0;
- *kmodCount = 0;
- mutex_lock(kmod_lock);
- size = 0;
- k = kmod;
- while (k) {
- size += sizeof(kmod_info_t);
- r = k->reference_list;
- while (r) {
- size +=sizeof(kmod_reference_t);
- r = r->next;
- }
- k = k->next;
- }
- mutex_unlock(kmod_lock);
- if (!size) return KERN_SUCCESS;
- rc = kmem_alloc(kernel_map, &data, size);
- if (rc) return rc;
- // copy kmod into data, retry if kmod's size has changed (grown)
- // the copied out data is tweeked to figure what's what at user level
- // change the copied out k->next pointers to point to themselves
- // change the k->reference into a count, tack the references on
- // the end of the data packet in the order they are found
- mutex_lock(kmod_lock);
- k = kmod; p1 = (kmod_info_t *)data;
- while (k) {
- if ((p1 + 1) > (kmod_info_t *)(data + size)) {
- mutex_unlock(kmod_lock);
- kmem_free(kernel_map, data, size);
- goto retry;
- }
- *p1 = *k;
- if (k->next) p1->next = k;
- p1++; k = k->next;
- }
- p2 = (kmod_reference_t *)p1;
- k = kmod; p1 = (kmod_info_t *)data;
- while (k) {
- r = k->reference_list; ref_count = 0;
- while (r) {
- if ((p2 + 1) > (kmod_reference_t *)(data + size)) {
- mutex_unlock(kmod_lock);
- kmem_free(kernel_map, data, size);
- goto retry;
- }
- // note the last 'k' in the chain has its next == 0
- // since there can only be one like that,
- // this case is handled by the caller
- *p2 = *r;
- p2++; r = r->next; ref_count++;
- }
- p1->reference_list = (kmod_reference_t *)ref_count;
- p1++; k = k->next;
- }
- mutex_unlock(kmod_lock);
- rc = vm_map_copyin(kernel_map, data, size, TRUE, (vm_map_copy_t *)kmods);
- if (rc) {
- kmem_free(kernel_map, data, size);
- *kmods = NULL;
- *kmodCount = 0;
- return rc;
- }
- *kmodCount = size;
- return KERN_SUCCESS;
- * Operates only on 32 bit mach keaders on behalf of kernel module loader
- */
-static kern_return_t
-kmod_call_funcs_in_section(struct mach_header *header, const char *sectName)
+ host_priv_t host_priv __unused,
+ vm_address_t addr __unused,
+ kmod_t * id __unused)
- typedef void (*Routine)(void);
- Routine * routines;
- int size, i;
- if (header->magic != MH_MAGIC) {
- }
- routines = (Routine *) getsectdatafromheader(header, SEG_TEXT, /*(char *)*/ sectName, &size);
- if (!routines) return KERN_SUCCESS;
- size /= sizeof(Routine);
- for (i = 0; i < size; i++) {
- (*routines[i])();
- }
- return KERN_SUCCESS;
- * Operates only on 32 bit mach keaders on behalf of kernel module loader
- */
-kmod_initialize_cpp(kmod_info_t *info)
+ host_priv_t host_priv __unused,
+ kmod_t id __unused)
- return kmod_call_funcs_in_section((struct mach_header *)info->address, "__constructor");
- * Operates only on 32 bit mach keaders on behalf of kernel module loader
- */
-kmod_finalize_cpp(kmod_info_t *info)
+ host_priv_t host_priv __unused,
+ kmod_t id __unused,
+ kmod_control_flavor_t flavor __unused,
+ kmod_args_t * data __unused,
+ mach_msg_type_number_t * dataCount __unused)
- return kmod_call_funcs_in_section((struct mach_header *)info->address, "__destructor");
-kmod_default_start(__unused struct kmod_info *ki, __unused void *data)
+ host_t host __unused,
+ kmod_info_array_t * kmod_list KMOD_MIG_UNUSED,
+ mach_msg_type_number_t * kmodCount KMOD_MIG_UNUSED);
-kmod_default_stop(__unused struct kmod_info *ki, __unused void *data)
-static void
-kmod_dump_to(vm_offset_t *addr, unsigned int cnt,
- int (*printf_func)(const char *fmt, ...))
- vm_offset_t * kscan_addr = NULL;
- kmod_info_t * k;
- kmod_reference_t * r;
- unsigned int i;
- int found_kmod = 0;
- kmod_info_t * stop_kmod = NULL;
- for (k = kmod; k; k = k->next) {
- if (pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)k)) == 0) {
- (*printf_func)(" kmod scan stopped due to missing "
- "kmod page: %08x\n", stop_kmod);
- break;
- }
- if (!k->address) {
- continue; // skip fake entries for built-in kernel components
- }
- for (i = 0, kscan_addr = addr; i < cnt; i++, kscan_addr++) {
- if ((*kscan_addr >= k->address) &&
- (*kscan_addr < (k->address + k->size))) {
- if (!found_kmod) {
- (*printf_func)(" Kernel loadable modules in backtrace "
- "(with dependencies):\n");
- }
- found_kmod = 1;
- (*printf_func)(" %s(%s)@0x%x->0x%x\n",
- k->name, k->version, k->address, k->address + k->size - 1);
- for (r = k->reference_list; r; r = r->next) {
- kmod_info_t * rinfo;
- if (pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)r)) == 0) {
- (*printf_func)(" kmod dependency scan stopped "
- "due to missing dependency page: %08x\n", r);
- break;
- }
- rinfo = r->info;
- if (pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)rinfo)) == 0) {
- (*printf_func)(" kmod dependency scan stopped "
- "due to missing kmod page: %08x\n", rinfo);
- break;
- }
- if (!rinfo->address) {
- continue; // skip fake entries for built-ins
- }
- (*printf_func)(" dependency: %s(%s)@0x%x\n",
- rinfo->name, rinfo->version, rinfo->address);
- }
- break; // only report this kmod for one backtrace address
- }
- }
- }
- return;
-kmod_dump(vm_offset_t *addr, unsigned int cnt)
- kmod_dump_to(addr, cnt, &kdb_printf);
-void kmod_dump_log(vm_offset_t *, unsigned); /* gcc 4 warn fix */
-kmod_dump_log(vm_offset_t *addr, unsigned int cnt)
+ host_t host __unused,
+ kmod_info_array_t * kmod_list KMOD_MIG_UNUSED,
+ mach_msg_type_number_t * kmodCount KMOD_MIG_UNUSED)
- kmod_dump_to(addr, cnt, &printf);