X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/39236c6e673c41db228275375ab7fdb0f837b292..c7d2c2c6ee645e10cbccdd01c6191873ec77239d:/osfmk/kern/exception.c?ds=sidebyside diff --git a/osfmk/kern/exception.c b/osfmk/kern/exception.c index d8128145d..a47544027 100644 --- a/osfmk/kern/exception.c +++ b/osfmk/kern/exception.c @@ -86,6 +86,8 @@ #include #include +extern int panic_on_exception_triage; + unsigned long c_thr_exc_raise = 0; unsigned long c_thr_exc_raise_state = 0; unsigned long c_thr_exc_raise_state_id = 0; @@ -102,6 +104,12 @@ kern_return_t exception_deliver( struct exception_action *excp, lck_mtx_t *mutex); +static kern_return_t +check_exc_receiver_dependency( + exception_type_t exception, + struct exception_action *excp, + lck_mtx_t *mutex); + #ifdef MACH_BSD kern_return_t bsd_exception( exception_type_t exception, @@ -141,7 +149,7 @@ exception_deliver( * Save work if we are terminating. * Just go back to our AST handler. */ - if (!thread->active) + if (!thread->active && !thread->inspection) return KERN_SUCCESS; /* @@ -220,7 +228,7 @@ exception_deliver( state, state_cnt, state, &state_cnt); } - if (kr == MACH_MSG_SUCCESS) + if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY) kr = thread_setstatus(thread, flavor, (thread_state_t)state, state_cnt); @@ -281,7 +289,7 @@ exception_deliver( state, state_cnt, state, &state_cnt); } - if (kr == MACH_MSG_SUCCESS) + if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY) kr = thread_setstatus(thread, flavor, (thread_state_t)state, state_cnt); @@ -297,7 +305,43 @@ exception_deliver( } /* - * Routine: exception + * Routine: check_exc_receiver_dependency + * Purpose: + * Verify that the port destined for receiving this exception is not + * on the current task. This would cause hang in kernel for + * EXC_CRASH primarily. Note: If port is transferred + * between check and delivery then deadlock may happen. + * + * Conditions: + * Nothing locked and no resources held. + * Called from an exception context. + * Returns: + * KERN_SUCCESS if its ok to send exception message. + */ +kern_return_t +check_exc_receiver_dependency( + exception_type_t exception, + struct exception_action *excp, + lck_mtx_t *mutex) +{ + kern_return_t retval = KERN_SUCCESS; + + if (excp == NULL || exception != EXC_CRASH) + return retval; + + task_t task = current_task(); + lck_mtx_lock(mutex); + ipc_port_t xport = excp[exception].port; + if ( IP_VALID(xport) + && ip_active(xport) + && task->itk_space == xport->ip_receiver) + retval = KERN_FAILURE; + lck_mtx_unlock(mutex); + return retval; +} + +/* + * Routine: exception_triage * Purpose: * The current thread caught an exception. * We make an up-call to the thread's exception server. @@ -307,9 +351,9 @@ exception_deliver( * thread_exception_return and thread_kdb_return * are possible. * Returns: - * Doesn't return. + * KERN_SUCCESS if exception is handled by any of the handlers. */ -void +kern_return_t exception_triage( exception_type_t exception, mach_exception_data_t code, @@ -319,49 +363,65 @@ exception_triage( task_t task; host_priv_t host_priv; lck_mtx_t *mutex; - kern_return_t kr; + kern_return_t kr = KERN_FAILURE; assert(exception != EXC_RPC_ALERT); + /* + * If this behavior has been requested by the the kernel + * (due to the boot environment), we should panic if we + * enter this function. This is intended as a debugging + * aid; it should allow us to debug why we caught an + * exception in environments where debugging is especially + * difficult. + */ + if (panic_on_exception_triage) { + panic("called exception_triage when it was forbidden by the boot environment"); + } + thread = current_thread(); /* * Try to raise the exception at the activation level. */ mutex = &thread->mutex; - kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, thread->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; + } /* * Maybe the task level will handle it. */ task = current_task(); mutex = &task->lock; - kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, task->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; + } /* * How about at the host level? */ host_priv = host_priv_self(); mutex = &host_priv->lock; - kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex); - if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) - goto out; - - /* - * Nobody handled it, terminate the task. - */ - - (void) task_terminate(task); + + if (KERN_SUCCESS == check_exc_receiver_dependency(exception, host_priv->exc_actions, mutex)) + { + kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex); + if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED) + goto out; + } out: if ((exception != EXC_CRASH) && (exception != EXC_RESOURCE) && - (exception != EXC_GUARD)) + (exception != EXC_GUARD) && (exception != EXC_CORPSE_NOTIFY)) thread_exception_return(); - return; + return kr; } kern_return_t @@ -398,14 +458,15 @@ kern_return_t task_exception_notify(exception_type_t exception, { mach_exception_data_type_t code[EXCEPTION_CODE_MAX]; wait_interrupt_t wsave; + kern_return_t kr = KERN_SUCCESS; code[0] = exccode; code[1] = excsubcode; wsave = thread_interrupt_level(THREAD_UNINT); - exception_triage(exception, code, EXCEPTION_CODE_MAX); + kr = exception_triage(exception, code, EXCEPTION_CODE_MAX); (void) thread_interrupt_level(wsave); - return (KERN_SUCCESS); + return kr; }