#include <mach/exception_types.h>
#include <mach/exc.h>
#include <mach/mach_exc.h>
+
#include <ipc/port.h>
#include <ipc/ipc_entry.h>
#include <ipc/ipc_object.h>
#include <ipc/ipc_space.h>
#include <ipc/ipc_pset.h>
#include <ipc/ipc_machdep.h>
+
#include <kern/counters.h>
#include <kern/ipc_tt.h>
#include <kern/task.h>
#include <kern/sched_prim.h>
#include <kern/host.h>
#include <kern/misc_protos.h>
+#include <kern/ux_handler.h>
+
+#include <security/mac_mach_internal.h>
#include <string.h>
+
#include <pexpert/pexpert.h>
+extern int panic_on_exception_triage;
+
unsigned long c_thr_exc_raise = 0;
unsigned long c_thr_exc_raise_state = 0;
unsigned long c_thr_exc_raise_state_id = 0;
lck_mtx_t *mutex);
static kern_return_t
-check_exc_receiver_dependancy(
+check_exc_receiver_dependency(
exception_type_t exception,
struct exception_action *excp,
lck_mtx_t *mutex);
struct exception_action *excp,
lck_mtx_t *mutex)
{
- ipc_port_t exc_port;
+ ipc_port_t exc_port = IPC_PORT_NULL;
exception_data_type_t small_code[EXCEPTION_CODE_MAX];
int code64;
int behavior;
int flavor;
kern_return_t kr;
+ task_t task;
+ ipc_port_t thread_port = IPC_PORT_NULL, task_port = IPC_PORT_NULL;
/*
* Save work if we are terminating.
* Just go back to our AST handler.
*/
- if (!thread->active)
+ if (!thread->active && !thread->inspection)
return KERN_SUCCESS;
/*
small_code[1] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[1]);
}
+ task = thread->task;
+
+#if CONFIG_MACF
+ /* Now is a reasonably good time to check if the exception action is
+ * permitted for this process, because after this point we will send
+ * the message out almost certainly.
+ * As with other failures, exception_triage_thread will go on
+ * to the next level.
+ */
+
+ /* The global exception-to-signal translation port is safe to be an exception handler. */
+ if (is_ux_handler_port(exc_port) == FALSE &&
+ mac_exc_action_check_exception_send(task, excp) != 0) {
+ kr = KERN_FAILURE;
+ goto out_release_right;
+ }
+#endif
+
+ if (behavior != EXCEPTION_STATE) {
+ if (thread != current_thread() || exception == EXC_CORPSE_NOTIFY) {
+
+ task_reference(task);
+ task_port = convert_task_to_port(task);
+ /* task ref consumed */
+ thread_reference(thread);
+ thread_port = convert_thread_to_port(thread);
+ /* thread ref consumed */
+ }
+ else {
+ task_port = retrieve_task_self_fast(thread->task);
+ thread_port = retrieve_thread_self_fast(thread);
+ }
+ }
switch (behavior) {
case EXCEPTION_STATE: {
c_thr_exc_raise_state++;
state_cnt = _MachineStateCount[flavor];
- kr = thread_getstatus(thread, flavor,
+ kr = thread_getstatus_to_user(thread, flavor,
(thread_state_t)state,
&state_cnt);
if (kr == KERN_SUCCESS) {
state, state_cnt,
state, &state_cnt);
}
- if (kr == MACH_MSG_SUCCESS)
- kr = thread_setstatus(thread, flavor,
- (thread_state_t)state,
- state_cnt);
+ if (kr == KERN_SUCCESS) {
+ if (exception != EXC_CORPSE_NOTIFY)
+ kr = thread_setstatus_from_user(thread, flavor,
+ (thread_state_t)state,
+ state_cnt);
+ goto out_release_right;
+ }
+
}
- return kr;
+ goto out_release_right;
}
case EXCEPTION_DEFAULT:
c_thr_exc_raise++;
if (code64) {
kr = mach_exception_raise(exc_port,
- retrieve_thread_self_fast(thread),
- retrieve_task_self_fast(thread->task),
+ thread_port,
+ task_port,
exception,
code,
codeCnt);
} else {
kr = exception_raise(exc_port,
- retrieve_thread_self_fast(thread),
- retrieve_task_self_fast(thread->task),
+ thread_port,
+ task_port,
exception,
small_code,
codeCnt);
}
- return kr;
+ goto out_release_right;
case EXCEPTION_STATE_IDENTITY: {
mach_msg_type_number_t state_cnt;
c_thr_exc_raise_state_id++;
state_cnt = _MachineStateCount[flavor];
- kr = thread_getstatus(thread, flavor,
+ kr = thread_getstatus_to_user(thread, flavor,
(thread_state_t)state,
&state_cnt);
if (kr == KERN_SUCCESS) {
if (code64) {
kr = mach_exception_raise_state_identity(
exc_port,
- retrieve_thread_self_fast(thread),
- retrieve_task_self_fast(thread->task),
+ thread_port,
+ task_port,
exception,
code,
codeCnt,
state, &state_cnt);
} else {
kr = exception_raise_state_identity(exc_port,
- retrieve_thread_self_fast(thread),
- retrieve_task_self_fast(thread->task),
+ thread_port,
+ task_port,
exception,
small_code,
codeCnt,
state, state_cnt,
state, &state_cnt);
}
- if (kr == MACH_MSG_SUCCESS)
- kr = thread_setstatus(thread, flavor,
- (thread_state_t)state,
- state_cnt);
+
+ if (kr == KERN_SUCCESS) {
+ if (exception != EXC_CORPSE_NOTIFY)
+ kr = thread_setstatus_from_user(thread, flavor,
+ (thread_state_t)state,
+ state_cnt);
+ goto out_release_right;
+ }
+
}
- return kr;
+ goto out_release_right;
}
default:
panic ("bad exception behavior!");
return KERN_FAILURE;
}/* switch */
+
+out_release_right:
+
+ if (task_port) {
+ ipc_port_release_send(task_port);
+ }
+
+ if (thread_port) {
+ ipc_port_release_send(thread_port);
+ }
+
+ if (exc_port) {
+ ipc_port_release_send(exc_port);
+ }
+
+ return kr;
}
/*
- * Routine: check_exc_receiver_dependancy
+ * Routine: check_exc_receiver_dependency
* Purpose:
* Verify that the port destined for receiving this exception is not
* on the current task. This would cause hang in kernel for
* KERN_SUCCESS if its ok to send exception message.
*/
kern_return_t
-check_exc_receiver_dependancy(
+check_exc_receiver_dependency(
exception_type_t exception,
struct exception_action *excp,
lck_mtx_t *mutex)
return retval;
}
+
/*
- * Routine: exception
+ * Routine: exception_triage_thread
* Purpose:
- * The current thread caught an exception.
+ * The thread caught an exception.
* We make an up-call to the thread's exception server.
* Conditions:
* Nothing locked and no resources held.
* thread_exception_return and thread_kdb_return
* are possible.
* Returns:
- * Doesn't return.
+ * KERN_SUCCESS if exception is handled by any of the handlers.
*/
-void
-exception_triage(
+kern_return_t
+exception_triage_thread(
exception_type_t exception,
mach_exception_data_t code,
- mach_msg_type_number_t codeCnt)
+ mach_msg_type_number_t codeCnt,
+ thread_t thread)
{
- thread_t thread;
task_t task;
host_priv_t host_priv;
lck_mtx_t *mutex;
- kern_return_t kr;
+ kern_return_t kr = KERN_FAILURE;
assert(exception != EXC_RPC_ALERT);
- thread = current_thread();
+ /*
+ * If this behavior has been requested by the the kernel
+ * (due to the boot environment), we should panic if we
+ * enter this function. This is intended as a debugging
+ * aid; it should allow us to debug why we caught an
+ * exception in environments where debugging is especially
+ * difficult.
+ */
+ if (panic_on_exception_triage) {
+ panic("called exception_triage when it was forbidden by the boot environment");
+ }
/*
* Try to raise the exception at the activation level.
*/
mutex = &thread->mutex;
- if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, thread->exc_actions, mutex))
+ if (KERN_SUCCESS == check_exc_receiver_dependency(exception, thread->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
/*
* Maybe the task level will handle it.
*/
- task = current_task();
- mutex = &task->lock;
- if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, task->exc_actions, mutex))
+ task = thread->task;
+ mutex = &task->itk_lock_data;
+ if (KERN_SUCCESS == check_exc_receiver_dependency(exception, task->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
*/
host_priv = host_priv_self();
mutex = &host_priv->lock;
-
- if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, host_priv->exc_actions, mutex))
+
+ if (KERN_SUCCESS == check_exc_receiver_dependency(exception, host_priv->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
goto out;
}
- /*
- * Nobody handled it, terminate the task.
- */
-
- (void) task_terminate(task);
-
out:
if ((exception != EXC_CRASH) && (exception != EXC_RESOURCE) &&
- (exception != EXC_GUARD))
+ (exception != EXC_GUARD) && (exception != EXC_CORPSE_NOTIFY))
thread_exception_return();
- return;
+ return kr;
+}
+
+/*
+ * Routine: exception_triage
+ * Purpose:
+ * The current thread caught an exception.
+ * We make an up-call to the thread's exception server.
+ * Conditions:
+ * Nothing locked and no resources held.
+ * Called from an exception context, so
+ * thread_exception_return and thread_kdb_return
+ * are possible.
+ * Returns:
+ * KERN_SUCCESS if exception is handled by any of the handlers.
+ */
+kern_return_t
+exception_triage(
+ exception_type_t exception,
+ mach_exception_data_t code,
+ mach_msg_type_number_t codeCnt)
+{
+ thread_t thread = current_thread();
+ return exception_triage_thread(exception, code, codeCnt, thread);
}
kern_return_t
* Maybe the task level will handle it.
*/
task = current_task();
- mutex = &task->lock;
+ mutex = &task->itk_lock_data;
kr = exception_deliver(self, exception, code, codeCnt, task->exc_actions, mutex);
{
mach_exception_data_type_t code[EXCEPTION_CODE_MAX];
wait_interrupt_t wsave;
+ kern_return_t kr = KERN_SUCCESS;
code[0] = exccode;
code[1] = excsubcode;
wsave = thread_interrupt_level(THREAD_UNINT);
- exception_triage(exception, code, EXCEPTION_CODE_MAX);
+ kr = exception_triage(exception, code, EXCEPTION_CODE_MAX);
(void) thread_interrupt_level(wsave);
- return (KERN_SUCCESS);
+ return kr;
}
projects / apple / xnu.git / blobdiff