X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..cc8bc92ae4a8e9f1a1ab61bf83d34ad8150b3405:/osfmk/kern/exception.c diff --git a/osfmk/kern/exception.c b/osfmk/kern/exception.c index 0122c44b1..4042b91b3 100644 --- a/osfmk/kern/exception.c +++ b/osfmk/kern/exception.c @@ -56,8 +56,6 @@ /* */ -#include - #include #include #include @@ -85,23 +83,11 @@ #include #include #include +#include #include +#include -#if MACH_KDB -#include -#endif /* MACH_KDB */ - -#if MACH_KDB - -#include - -#if iPSC386 || iPSC860 -boolean_t debug_user_with_kdb = TRUE; -#else -boolean_t debug_user_with_kdb = FALSE; -#endif - -#endif /* MACH_KDB */ +extern int panic_on_exception_triage; unsigned long c_thr_exc_raise = 0; unsigned long c_thr_exc_raise_state = 0; @@ -117,7 +103,13 @@ kern_return_t exception_deliver( mach_exception_data_t code, mach_msg_type_number_t codeCnt, struct exception_action *excp, - mutex_t *mutex); + lck_mtx_t *mutex); + +static kern_return_t +check_exc_receiver_dependency( + exception_type_t exception, + struct exception_action *excp, + lck_mtx_t *mutex); #ifdef MACH_BSD kern_return_t bsd_exception( @@ -145,22 +137,37 @@ exception_deliver( mach_exception_data_t code, mach_msg_type_number_t codeCnt, struct exception_action *excp, - mutex_t *mutex) + lck_mtx_t *mutex) { - ipc_port_t exc_port; + ipc_port_t exc_port = IPC_PORT_NULL; exception_data_type_t small_code[EXCEPTION_CODE_MAX]; int code64; int behavior; int flavor; kern_return_t kr; + task_t task; + ipc_port_t thread_port = IPC_PORT_NULL, task_port = IPC_PORT_NULL; /* * Save work if we are terminating. * Just go back to our AST handler. */ - if (!thread->active) + if (!thread->active && !thread->inspection) return KERN_SUCCESS; + /* + * If there are no exception actions defined for this entity, + * we can't deliver here. + */ + if (excp == NULL) + return KERN_FAILURE; + + assert(exception < EXC_TYPES_COUNT); + if (exception >= EXC_TYPES_COUNT) + return KERN_FAILURE; + + excp = &excp[exception]; + /* * Snapshot the exception action data under lock for consistency. * Hold a reference to the port over the exception_raise_* calls @@ -168,16 +175,16 @@ exception_deliver( * the port from disappearing between now and when * ipc_object_copyin_from_kernel is finally called. */ - mutex_lock(mutex); + lck_mtx_lock(mutex); exc_port = excp->port; if (!IP_VALID(exc_port)) { - mutex_unlock(mutex); + lck_mtx_unlock(mutex); return KERN_FAILURE; } ip_lock(exc_port); if (!ip_active(exc_port)) { ip_unlock(exc_port); - mutex_unlock(mutex); + lck_mtx_unlock(mutex); return KERN_FAILURE; } ip_reference(exc_port); @@ -186,16 +193,46 @@ exception_deliver( flavor = excp->flavor; behavior = excp->behavior; - mutex_unlock(mutex); + lck_mtx_unlock(mutex); code64 = (behavior & MACH_EXCEPTION_CODES); behavior &= ~MACH_EXCEPTION_CODES; if (!code64) { - small_code[0] = CAST_DOWN(exception_data_type_t, code[0]); - small_code[1] = CAST_DOWN(exception_data_type_t, code[1]); + small_code[0] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[0]); + small_code[1] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[1]); + } + + task = thread->task; + +#if CONFIG_MACF + /* Now is a reasonably good time to check if the exception action is + * permitted for this process, because after this point we will send + * the message out almost certainly. + * As with other failures, exception_triage_thread will go on + * to the next level. + */ + if (mac_exc_action_check_exception_send(task, excp) != 0) { + kr = KERN_FAILURE; + goto out_release_right; } +#endif + if (behavior != EXCEPTION_STATE) { + if (thread != current_thread() || exception == EXC_CORPSE_NOTIFY) { + + task_reference(task); + task_port = convert_task_to_port(task); + /* task ref consumed */ + thread_reference(thread); + thread_port = convert_thread_to_port(thread); + /* thread ref consumed */ + } + else { + task_port = retrieve_task_self_fast(thread->task); + thread_port = retrieve_thread_self_fast(thread); + } + } switch (behavior) { case EXCEPTION_STATE: { @@ -224,34 +261,38 @@ exception_deliver( state, state_cnt, state, &state_cnt); } - if (kr == MACH_MSG_SUCCESS) - kr = thread_setstatus(thread, flavor, - (thread_state_t)state, - state_cnt); + if (kr == KERN_SUCCESS) { + if (exception != EXC_CORPSE_NOTIFY) + kr = thread_setstatus(thread, flavor, + (thread_state_t)state, + state_cnt); + goto out_release_right; + } + } - return kr; + goto out_release_right; } case EXCEPTION_DEFAULT: c_thr_exc_raise++; if (code64) { kr = mach_exception_raise(exc_port, - retrieve_thread_self_fast(thread), - retrieve_task_self_fast(thread->task), + thread_port, + task_port, exception, code, codeCnt); } else { kr = exception_raise(exc_port, - retrieve_thread_self_fast(thread), - retrieve_task_self_fast(thread->task), + thread_port, + task_port, exception, small_code, codeCnt); } - return kr; + goto out_release_right; case EXCEPTION_STATE_IDENTITY: { mach_msg_type_number_t state_cnt; @@ -266,8 +307,8 @@ exception_deliver( if (code64) { kr = mach_exception_raise_state_identity( exc_port, - retrieve_thread_self_fast(thread), - retrieve_task_self_fast(thread->task), + thread_port, + task_port, exception, code, codeCnt, @@ -276,8 +317,8 @@ exception_deliver( state, &state_cnt); } else { kr = exception_raise_state_identity(exc_port, - retrieve_thread_self_fast(thread), - retrieve_task_self_fast(thread->task), + thread_port, + task_port, exception, small_code, codeCnt, @@ -285,25 +326,83 @@ exception_deliver( state, state_cnt, state, &state_cnt); } - if (kr == MACH_MSG_SUCCESS) - kr = thread_setstatus(thread, flavor, - (thread_state_t)state, - state_cnt); + + if (kr == KERN_SUCCESS) { + if (exception != EXC_CORPSE_NOTIFY) + kr = thread_setstatus(thread, flavor, + (thread_state_t)state, + state_cnt); + goto out_release_right; + } + } - return kr; + goto out_release_right; } default: panic ("bad exception behavior!"); return KERN_FAILURE; }/* switch */ + +out_release_right: + + if (task_port) { + ipc_port_release_send(task_port); + } + + if (thread_port) { + ipc_port_release_send(thread_port); + } + + if (exc_port) { + ipc_port_release_send(exc_port); + } + + return kr; +} + +/* + * Routine: check_exc_receiver_dependency + * Purpose: + * Verify that the port destined for receiving this exception is not + * on the current task. This would cause hang in kernel for + * EXC_CRASH primarily. Note: If port is transferred + * between check and delivery then deadlock may happen. + * + * Conditions: + * Nothing locked and no resources held. + * Called from an exception context. + * Returns: + * KERN_SUCCESS if its ok to send exception message. + */ +kern_return_t +check_exc_receiver_dependency( + exception_type_t exception, + struct exception_action *excp, + lck_mtx_t *mutex) +{ + kern_return_t retval = KERN_SUCCESS; + + if (excp == NULL || exception != EXC_CRASH) + return retval; + + task_t task = current_task(); + lck_mtx_lock(mutex); + ipc_port_t xport = excp[exception].port; + if ( IP_VALID(xport) + && ip_active(xport) + && task->itk_space == xport->ip_receiver) + retval = KERN_FAILURE; + lck_mtx_unlock(mutex); + return retval; } + /* - * Routine: exception + * Routine: exception_triage_thread * Purpose: - * The current thread caught an exception. + * The thread caught an exception. * We make an up-call to the thread's exception server. * Conditions: * Nothing locked and no resources held. @@ -311,78 +410,98 @@ exception_deliver( * thread_exception_return and thread_kdb_return * are possible. * Returns: - * Doesn't return. + * KERN_SUCCESS if exception is handled by any of the handlers. */ -void -exception_triage( +kern_return_t +exception_triage_thread( exception_type_t exception, mach_exception_data_t code, - mach_msg_type_number_t codeCnt) + mach_msg_type_number_t codeCnt, + thread_t thread) { - thread_t thread; task_t task; host_priv_t host_priv; - struct exception_action *excp; - mutex_t *mutex; - kern_return_t kr; + lck_mtx_t *mutex; + kern_return_t kr = KERN_FAILURE; assert(exception != EXC_RPC_ALERT); - if (exception == KERN_SUCCESS) - panic("exception"); + /* + * If this behavior has been requested by the the kernel + * (due to the boot environment), we should panic if we + * enter this function. This is intended as a debugging + * aid; it should allow us to debug why we caught an + * exception in environments where debugging is especially + * difficult. + */ + if (panic_on_exception_triage) { + panic("called exception_triage when it was forbidden by the boot environment"); + } /* * Try to raise the exception at the activation level. */ - thread = current_thread(); - mutex = mutex_addr(thread->mutex); - excp = &thread->exc_actions[exception]; - kr = exception_deliver(thread, exception, code, codeCnt, excp, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; + mutex = &thread->mutex; + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, thread->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; + } /* * Maybe the task level will handle it. */ - task = current_task(); - mutex = mutex_addr(task->lock); - excp = &task->exc_actions[exception]; - kr = exception_deliver(thread, exception, code, codeCnt, excp, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; + task = thread->task; + mutex = &task->itk_lock_data; + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, task->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; + } /* * How about at the host level? */ host_priv = host_priv_self(); - mutex = mutex_addr(host_priv->lock); - excp = &host_priv->exc_actions[exception]; - kr = exception_deliver(thread, exception, code, codeCnt, excp, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; - - /* - * Nobody handled it, terminate the task. - */ + mutex = &host_priv->lock; -#if MACH_KDB - if (debug_user_with_kdb) { - /* - * Debug the exception with kdb. - * If kdb handles the exception, - * then thread_kdb_return won't return. - */ - db_printf("No exception server, calling kdb...\n"); - thread_kdb_return(); + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, host_priv->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; } -#endif /* MACH_KDB */ - - (void) task_terminate(task); out: - if (exception != EXC_CRASH) + if ((exception != EXC_CRASH) && (exception != EXC_RESOURCE) && + (exception != EXC_GUARD) && (exception != EXC_CORPSE_NOTIFY)) thread_exception_return(); - return; + return kr; +} + +/* + * Routine: exception_triage + * Purpose: + * The current thread caught an exception. + * We make an up-call to the thread's exception server. + * Conditions: + * Nothing locked and no resources held. + * Called from an exception context, so + * thread_exception_return and thread_kdb_return + * are possible. + * Returns: + * KERN_SUCCESS if exception is handled by any of the handlers. + */ +kern_return_t +exception_triage( + exception_type_t exception, + mach_exception_data_t code, + mach_msg_type_number_t codeCnt) +{ + thread_t thread = current_thread(); + return exception_triage_thread(exception, code, codeCnt, thread); } kern_return_t @@ -392,8 +511,7 @@ bsd_exception( mach_msg_type_number_t codeCnt) { task_t task; - struct exception_action *excp; - mutex_t *mutex; + lck_mtx_t *mutex; thread_t self = current_thread(); kern_return_t kr; @@ -401,10 +519,9 @@ bsd_exception( * Maybe the task level will handle it. */ task = current_task(); - mutex = mutex_addr(task->lock); - excp = &task->exc_actions[exception]; + mutex = &task->itk_lock_data; - kr = exception_deliver(self, exception, code, codeCnt, excp, mutex); + kr = exception_deliver(self, exception, code, codeCnt, task->exc_actions, mutex); if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) return(KERN_SUCCESS); @@ -413,22 +530,23 @@ bsd_exception( /* - * Raise an EXC_CRASH exception on the dying task. + * Raise an exception on a task. * This should tell launchd to launch Crash Reporter for this task. */ -kern_return_t abnormal_exit_notify(mach_exception_data_type_t exccode, - mach_exception_data_type_t excsubcode) +kern_return_t task_exception_notify(exception_type_t exception, + mach_exception_data_type_t exccode, mach_exception_data_type_t excsubcode) { mach_exception_data_type_t code[EXCEPTION_CODE_MAX]; wait_interrupt_t wsave; + kern_return_t kr = KERN_SUCCESS; code[0] = exccode; code[1] = excsubcode; wsave = thread_interrupt_level(THREAD_UNINT); - exception_triage(EXC_CRASH, code, EXCEPTION_CODE_MAX); + kr = exception_triage(exception, code, EXCEPTION_CODE_MAX); (void) thread_interrupt_level(wsave); - return (KERN_SUCCESS); + return kr; } @@ -439,7 +557,6 @@ kern_return_t abnormal_exit_notify(mach_exception_data_type_t exccode, kern_return_t sys_perf_notify(thread_t thread, int pid) { host_priv_t hostp; - struct exception_action *excp; ipc_port_t xport; wait_interrupt_t wsave; kern_return_t ret; @@ -450,8 +567,7 @@ kern_return_t sys_perf_notify(thread_t thread, int pid) code[1] = pid; /* Pass out the pid */ struct task *task = thread->task; - excp = &hostp->exc_actions[EXC_RPC_ALERT]; - xport = excp->port; + xport = hostp->exc_actions[EXC_RPC_ALERT].port; /* Make sure we're not catching our own exception */ if (!IP_VALID(xport) || @@ -467,7 +583,7 @@ kern_return_t sys_perf_notify(thread_t thread, int pid) EXC_RPC_ALERT, code, 2, - excp, + hostp->exc_actions, &hostp->lock); (void)thread_interrupt_level(wsave);