X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/4452a7af2eac33dbad800bcc91f2399d62c18f53..HEAD:/bsd/kern/mach_fat.c?ds=inline

diff --git a/bsd/kern/mach_fat.c b/bsd/kern/mach_fat.c
index 677ae0008..a2aaaef24 100644
--- a/bsd/kern/mach_fat.c
+++ b/bsd/kern/mach_fat.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 1991-2015 Apple Computer, Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,18 +22,9 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/* Copyright (c) 1991 NeXT Computer, Inc.  All rights reserved.
- *
- *	File:	kern/mach_fat.c
- *	Author:	Peter King
- *
- *	Fat file support routines.
  *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
-
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/uio.h>
@@ -44,110 +35,83 @@
 #include <kern/cpu_number.h>
 #include <mach-o/fat.h>
 #include <kern/mach_loader.h>
+#include <kern/mach_fat.h>
 #include <libkern/OSByteOrder.h>
 #include <machine/exec.h>
 
 /**********************************************************************
- * Routine:	fatfile_getarch2()
- *
- * Function:	Locate the architecture-dependant contents of a fat
- *		file that match this CPU.
- *
- * Args:	vp:		The vnode for the fat file.
- *		header:		A pointer to the fat file header.
- *		req_cpu_type:	The required cpu type.
- *		mask_bits:	Bits to mask from the sub-image type when
- *				grading it vs. the req_cpu_type
- *		archret (out):	Pointer to fat_arch structure to hold
- *				the results.
- *
- * Returns:	KERN_SUCCESS:	Valid architecture found.
- *		KERN_FAILURE:	No valid architecture found.
- **********************************************************************/
+* Routine:	fatfile_getarch()
+*
+* Function:	Locate the architecture-dependant contents of a fat
+*		file that match this CPU.
+*
+* Args: header:		A pointer to the fat file header.
+*		size:			How large the fat file header is (including fat_arch array)
+*		req_cpu_type:	The required cpu type.
+*		mask_bits:	Bits to mask from the sub-image type when
+*				grading it vs. the req_cpu_type
+*		imgp:		Image params
+*		archret (out):	Pointer to fat_arch structure to hold
+*				the results.
+*
+* Returns:	KERN_SUCCESS:	Valid architecture found.
+*		KERN_FAILURE:	No valid architecture found.
+**********************************************************************/
 static load_return_t
-fatfile_getarch2(
-#if 0
-	struct vnode	*vp,
-#else
-	__unused struct vnode	*vp,
-#endif
-	vm_offset_t	data_ptr,
-	cpu_type_t	req_cpu_type,
-	cpu_type_t	mask_bits,
-	struct fat_arch	*archret)
+fatfile_getarch(
+	vm_offset_t              data_ptr,
+	vm_size_t                data_size,
+	cpu_type_t               req_cpu_type,
+	cpu_type_t               mask_bits,
+	cpu_subtype_t            req_subcpu_type,
+	struct image_params      *imgp,
+	struct fat_arch          *archret)
 {
-	/* vm_pager_t		pager; */
-	vm_offset_t		addr;
-	vm_size_t		size;
-	load_return_t		lret;
-	struct fat_arch		*arch;
-	struct fat_arch		*best_arch;
-	int			grade;
-	int			best_grade;
-	int			nfat_arch;
-	off_t		end_of_archs;
-	struct fat_header	*header;
-#if 0
-	off_t filesize;
-#endif
+	load_return_t           lret;
+	struct fat_arch         *arch;
+	struct fat_arch         *best_arch;
+	int                     grade;
+	int                     best_grade;
+	size_t                  nfat_arch, max_nfat_arch;
+	cpu_type_t              testtype;
+	cpu_subtype_t           testsubtype;
+	cpu_subtype_t           testfeatures;
+	struct fat_header       *header;
 
-	/*
-	 * 	Get the pager for the file.
-	 */
+	if (sizeof(struct fat_header) > data_size) {
+		return LOAD_FAILURE;
+	}
 
 	header = (struct fat_header *)data_ptr;
-
-	/*
-	 *	Map portion that must be accessible directly into
-	 *	kernel's map.
-	 */
 	nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
 
-	end_of_archs = (off_t)nfat_arch * sizeof(struct fat_arch) + 
-		sizeof(struct fat_header);
-#if 0
-	filesize = ubc_getsize(vp);
-	if (end_of_archs > (int)filesize) {
-		return(LOAD_BADMACHO);
+	max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
+	if (nfat_arch > max_nfat_arch) {
+		/* nfat_arch would cause us to read off end of buffer */
+		return LOAD_BADMACHO;
 	}
-#endif
 
 	/*
-	 * This check is limited on the top end because we are reading
-	 * only PAGE_SIZE bytes
-	 */
-	if (end_of_archs > PAGE_SIZE ||
-		end_of_archs < (sizeof(struct fat_header)+sizeof(struct fat_arch)))
-		return(LOAD_BADMACHO);
-
-	/*
-	 * 	Round size of fat_arch structures up to page boundry.
-	 */
-	size = round_page_32(end_of_archs);
-	if (size == 0)
-		return(LOAD_BADMACHO);
-
-	/*
-	 * Scan the fat_arch's looking for the best one.
-	 */
-	addr = data_ptr;
+	 * Scan the fat_arch's looking for the best one.  */
 	best_arch = NULL;
 	best_grade = 0;
-	arch = (struct fat_arch *) (addr + sizeof(struct fat_header));
+	arch = (struct fat_arch *) (data_ptr + sizeof(struct fat_header));
 	for (; nfat_arch-- > 0; arch++) {
+		testtype = OSSwapBigToHostInt32(arch->cputype);
+		testsubtype = OSSwapBigToHostInt32(arch->cpusubtype) & ~CPU_SUBTYPE_MASK;
+		testfeatures = OSSwapBigToHostInt32(arch->cpusubtype) & CPU_SUBTYPE_MASK;
 
 		/*
-		 *	Check to see if right cpu type.
+		 *	Check to see if right cpu/subcpu type.
 		 */
-		if(((cpu_type_t)OSSwapBigToHostInt32(arch->cputype) & ~mask_bits) != req_cpu_type)
+		if (!binary_match(mask_bits, req_cpu_type, req_subcpu_type, testtype, testsubtype)) {
 			continue;
+		}
 
 		/*
-		 * 	Get the grade of the cpu subtype.
+		 *      Get the grade of the cpu subtype
 		 */
-		grade = grade_binary(
-			    OSSwapBigToHostInt32(arch->cputype),
-			    OSSwapBigToHostInt32(arch->cpusubtype));
+		grade = grade_binary(testtype, testsubtype, testfeatures, TRUE);
 
 		/*
 		 *	Remember it if it's the best we've seen.
@@ -158,22 +122,34 @@ fatfile_getarch2(
 		}
 	}
 
+	/* On X86_64, allow 32 bit exec only for simulator binaries.
+	 * Failing here without re-running the grading algorithm is safe because i386
+	 * has the lowest possible grade value (so there can't be a lower best grade
+	 * that would be allowed if this check denied the i386 slice). */
+	if (best_arch != NULL &&
+	    validate_potential_simulator_binary(OSSwapBigToHostInt32(best_arch->cputype),
+	    imgp, OSSwapBigToHostInt32(best_arch->offset),
+	    OSSwapBigToHostInt32(best_arch->size)) != LOAD_SUCCESS) {
+		best_arch = NULL;
+		best_grade = 0;
+	}
+
 	/*
 	 *	Return our results.
 	 */
 	if (best_arch == NULL) {
 		lret = LOAD_BADARCH;
 	} else {
-		archret->cputype	=
-			    OSSwapBigToHostInt32(best_arch->cputype);
-		archret->cpusubtype	=
-			    OSSwapBigToHostInt32(best_arch->cpusubtype);
-		archret->offset		=
-			    OSSwapBigToHostInt32(best_arch->offset);
-		archret->size		=
-			    OSSwapBigToHostInt32(best_arch->size);
-		archret->align		=
-			    OSSwapBigToHostInt32(best_arch->align);
+		archret->cputype        =
+		    OSSwapBigToHostInt32(best_arch->cputype);
+		archret->cpusubtype     =
+		    OSSwapBigToHostInt32(best_arch->cpusubtype);
+		archret->offset         =
+		    OSSwapBigToHostInt32(best_arch->offset);
+		archret->size           =
+		    OSSwapBigToHostInt32(best_arch->size);
+		archret->align          =
+		    OSSwapBigToHostInt32(best_arch->align);
 
 		lret = LOAD_SUCCESS;
 	}
@@ -181,84 +157,165 @@ fatfile_getarch2(
 	/*
 	 * Free the memory we allocated and return.
 	 */
-	return(lret);
+	return lret;
 }
 
 load_return_t
-fatfile_getarch_affinity(
-		struct vnode		*vp,
-		vm_offset_t		data_ptr,
-		struct fat_arch	*archret,
-		int 				affinity)
+fatfile_getbestarch(
+	vm_offset_t             data_ptr,
+	vm_size_t               data_size,
+	struct image_params     *imgp,
+	struct fat_arch *archret,
+	__unused bool affinity)
 {
-		load_return_t lret;
-		int handler = (exec_archhandler_ppc.path[0] != 0);
-		cpu_type_t primary_type, fallback_type;
-
-		if (handler && affinity) {
-				primary_type = CPU_TYPE_POWERPC;
-				fallback_type = cpu_type();
-		} else {
-				primary_type = cpu_type();
-				fallback_type = CPU_TYPE_POWERPC;
-		}
-		/*
-		 * Ignore the architectural bits when determining if an image
-		 * in a fat file should be skipped or graded.
-		 */
-		lret = fatfile_getarch2(vp, data_ptr, primary_type, CPU_ARCH_MASK, archret);
-		if ((lret != 0) && handler) {
-			lret = fatfile_getarch2(vp, data_ptr, fallback_type,
-						0, archret);
-		}
-		return lret;
+	int primary_type = cpu_type();
+
+
+	/*
+	 * Ignore all architectural bits when determining if an image
+	 * in a fat file should be skipped or graded.
+	 */
+	load_return_t ret = fatfile_getarch(data_ptr, data_size, primary_type, CPU_ARCH_MASK, CPU_SUBTYPE_ANY, imgp, archret);
+	return ret;
 }
 
-/**********************************************************************
- * Routine:	fatfile_getarch()
- *
- * Function:	Locate the architecture-dependant contents of a fat
- *		file that match this CPU.
- *
- * Args:	vp:		The vnode for the fat file.
- *		header:		A pointer to the fat file header.
- *		archret (out):	Pointer to fat_arch structure to hold
- *				the results.
- *
- * Returns:	KERN_SUCCESS:	Valid architecture found.
- *		KERN_FAILURE:	No valid architecture found.
- **********************************************************************/
 load_return_t
-fatfile_getarch(
-	struct vnode		*vp,
-	vm_offset_t 	data_ptr,
-	struct fat_arch		*archret)
+fatfile_getbestarch_for_cputype(
+	cpu_type_t cputype,
+	cpu_subtype_t cpusubtype,
+	vm_offset_t data_ptr,
+	vm_size_t data_size,
+	struct image_params *imgp,
+	struct fat_arch *archret)
 {
-	return fatfile_getarch2(vp, data_ptr, cpu_type(), 0, archret);
+	/*
+	 * Scan the fat_arch array for exact matches for this cpu_type_t only
+	 */
+	return fatfile_getarch(data_ptr, data_size, cputype, 0, cpusubtype, imgp, archret);
 }
 
 /**********************************************************************
- * Routine:	fatfile_getarch_with_bits()
- *
- * Function:	Locate the architecture-dependant contents of a fat
- *		file that match this CPU.
- *
- * Args:	vp:		The vnode for the fat file.
- *		archbits:	Architecture specific feature bits
- *		header:		A pointer to the fat file header.
- *		archret (out):	Pointer to fat_arch structure to hold
- *				the results.
- *
- * Returns:	KERN_SUCCESS:	Valid architecture found.
- *		KERN_FAILURE:	No valid architecture found.
- **********************************************************************/
+* Routine:	fatfile_getarch_with_bits()
+*
+* Function:	Locate the architecture-dependant contents of a fat
+*		file that match this CPU.
+*
+* Args:	vp:		The vnode for the fat file.
+*		archbits:	Architecture specific feature bits
+*		header:		A pointer to the fat file header.
+*		archret (out):	Pointer to fat_arch structure to hold
+*				the results.
+*
+* Returns:	KERN_SUCCESS:	Valid architecture found.
+*		KERN_FAILURE:	No valid architecture found.
+**********************************************************************/
 load_return_t
 fatfile_getarch_with_bits(
-	struct vnode		*vp,
-	integer_t		archbits,
-	vm_offset_t 	data_ptr,
-	struct fat_arch		*archret)
+	integer_t               archbits,
+	vm_offset_t             data_ptr,
+	vm_size_t               data_size,
+	struct fat_arch         *archret)
 {
-	return fatfile_getarch2(vp, data_ptr, archbits | cpu_type(), 0, archret);
+	/*
+	 * Scan the fat_arch array for matches with the requested
+	 * architectural bits set, and for the current hardware cpu CPU.
+	 */
+	return fatfile_getarch(data_ptr, data_size, (archbits & CPU_ARCH_MASK) | (cpu_type() & ~CPU_ARCH_MASK), 0, CPU_SUBTYPE_ANY, NULL, archret);
 }
 
+/*
+ * Validate the fat_header and fat_arch array in memory. We check that:
+ *
+ * 1) arch count would not exceed the data buffer
+ * 2) arch list does not contain duplicate cputype/cpusubtype tuples
+ * 3) arch list does not have two overlapping slices. The area
+ *    at the front of the file containing the fat headers is implicitly
+ *    a range that a slice should also not try to cover
+ */
+load_return_t
+fatfile_validate_fatarches(vm_offset_t data_ptr, vm_size_t data_size)
+{
+	uint32_t magic;
+	size_t nfat_arch, max_nfat_arch, i, j;
+	size_t fat_header_size;
+
+	struct fat_arch         *arches;
+	struct fat_header       *header;
+
+	if (sizeof(struct fat_header) > data_size) {
+		return LOAD_FAILURE;
+	}
+
+	header = (struct fat_header *)data_ptr;
+	magic = OSSwapBigToHostInt32(header->magic);
+	nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
+
+	if (magic != FAT_MAGIC) {
+		/* must be FAT_MAGIC big endian */
+		return LOAD_FAILURE;
+	}
+
+	max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
+	if (nfat_arch > max_nfat_arch) {
+		/* nfat_arch would cause us to read off end of buffer */
+		return LOAD_BADMACHO;
+	}
+
+	/* now that we know the fat_arch list fits in the buffer, how much does it use? */
+	fat_header_size = sizeof(struct fat_header) + nfat_arch * sizeof(struct fat_arch);
+	arches = (struct fat_arch *)(data_ptr + sizeof(struct fat_header));
+
+	for (i = 0; i < nfat_arch; i++) {
+		uint32_t i_begin = OSSwapBigToHostInt32(arches[i].offset);
+		uint32_t i_size = OSSwapBigToHostInt32(arches[i].size);
+		uint32_t i_cputype = OSSwapBigToHostInt32(arches[i].cputype);
+		uint32_t i_cpusubtype = OSSwapBigToHostInt32(arches[i].cpusubtype);
+
+		if (i_begin < fat_header_size) {
+			/* slice is trying to claim part of the file used by fat headers themselves */
+			return LOAD_BADMACHO;
+		}
+
+		if ((UINT32_MAX - i_size) < i_begin) {
+			/* start + size would overflow */
+			return LOAD_BADMACHO;
+		}
+		uint32_t i_end = i_begin + i_size;
+
+		for (j = i + 1; j < nfat_arch; j++) {
+			uint32_t j_begin = OSSwapBigToHostInt32(arches[j].offset);
+			uint32_t j_size = OSSwapBigToHostInt32(arches[j].size);
+			uint32_t j_cputype = OSSwapBigToHostInt32(arches[j].cputype);
+			uint32_t j_cpusubtype = OSSwapBigToHostInt32(arches[j].cpusubtype);
+
+			if ((i_cputype == j_cputype) && (i_cpusubtype == j_cpusubtype)) {
+				/* duplicate cputype/cpusubtype, results in ambiguous references */
+				return LOAD_BADMACHO;
+			}
+
+			if ((UINT32_MAX - j_size) < j_begin) {
+				/* start + size would overflow */
+				return LOAD_BADMACHO;
+			}
+			uint32_t j_end = j_begin + j_size;
+
+			if (i_begin <= j_begin) {
+				if (i_end <= j_begin) {
+					/* I completely precedes J */
+				} else {
+					/* I started before J, but ends somewhere in or after J */
+					return LOAD_BADMACHO;
+				}
+			} else {
+				if (i_begin >= j_end) {
+					/* I started after J started but also after J ended */
+				} else {
+					/* I started after J started but before it ended, so there is overlap */
+					return LOAD_BADMACHO;
+				}
+			}
+		}
+	}
+
+	return LOAD_SUCCESS;
+}