X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/91447636331957f3d9b5ca5b508f07c526b0074d..3903760236c30e3b5ace7a4eefac3a269d68957c:/bsd/kern/mach_fat.c?ds=sidebyside

diff --git a/bsd/kern/mach_fat.c b/bsd/kern/mach_fat.c
index 408d2ecb2..7af7c6580 100644
--- a/bsd/kern/mach_fat.c
+++ b/bsd/kern/mach_fat.c
@@ -1,33 +1,30 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 1991-2015 Apple Computer, Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
- */
-/* Copyright (c) 1991 NeXT Computer, Inc.  All rights reserved.
- *
- *	File:	kern/mach_fat.c
- *	Author:	Peter King
- *
- *	Fat file support routines.
- *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
-
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/uio.h>
@@ -38,22 +35,18 @@
 #include <kern/cpu_number.h>
 #include <mach-o/fat.h>
 #include <kern/mach_loader.h>
-#include <architecture/byte_order.h>
-
-/* XXX should be in common header */
-extern int grade_binary(cpu_type_t exectype, cpu_subtype_t execsubtype);
-
-#define CPU_TYPE_NATIVE		(cpu_type())
-#define CPU_TYPE_CLASSIC	CPU_TYPE_POWERPC
+#include <kern/mach_fat.h>
+#include <libkern/OSByteOrder.h>
+#include <machine/exec.h>
 
 /**********************************************************************
- * Routine:	fatfile_getarch2()
+ * Routine:	fatfile_getarch()
  *
  * Function:	Locate the architecture-dependant contents of a fat
  *		file that match this CPU.
  *
- * Args:	vp:		The vnode for the fat file.
- *		header:		A pointer to the fat file header.
+ * Args: header:		A pointer to the fat file header.
+ *		size:			How large the fat file header is (including fat_arch array)
  *		req_cpu_type:	The required cpu type.
  *		mask_bits:	Bits to mask from the sub-image type when
  *				grading it vs. the req_cpu_type
@@ -64,85 +57,56 @@ extern int grade_binary(cpu_type_t exectype, cpu_subtype_t execsubtype);
  *		KERN_FAILURE:	No valid architecture found.
  **********************************************************************/
 static load_return_t
-fatfile_getarch2(
-#if 0
-	struct vnode	*vp,
-#else
-	__unused struct vnode	*vp,
-#endif
+fatfile_getarch(
 	vm_offset_t	data_ptr,
+	vm_size_t	data_size,
 	cpu_type_t	req_cpu_type,
 	cpu_type_t	mask_bits,
 	struct fat_arch	*archret)
 {
-	/* vm_pager_t		pager; */
-	vm_offset_t		addr;
-	vm_size_t		size;
 	load_return_t		lret;
 	struct fat_arch		*arch;
 	struct fat_arch		*best_arch;
 	int			grade;
 	int			best_grade;
-	int			nfat_arch;
-	int			end_of_archs;
+	uint32_t		nfat_arch, max_nfat_arch;
+	cpu_type_t		testtype;
+	cpu_type_t		testsubtype;
 	struct fat_header	*header;
-#if 0
-	off_t filesize;
-#endif
 
-	/*
-	 * 	Get the pager for the file.
-	 */
+	if (sizeof(struct fat_header) > data_size) {
+		return (LOAD_FAILURE);
+	}
 
 	header = (struct fat_header *)data_ptr;
+	nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
 
-	/*
-	 *	Map portion that must be accessible directly into
-	 *	kernel's map.
-	 */
-	nfat_arch = NXSwapBigLongToHost(header->nfat_arch);
-
-	end_of_archs = sizeof(struct fat_header)
-		+ nfat_arch * sizeof(struct fat_arch);
-#if 0
-	filesize = ubc_getsize(vp);
-	if (end_of_archs > (int)filesize) {
-		return(LOAD_BADMACHO);
+	max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
+	if (nfat_arch > max_nfat_arch) {
+		/* nfat_arch would cause us to read off end of buffer */
+		return (LOAD_BADMACHO);
 	}
-#endif
-
-	/* This is beacuse we are reading only 512 bytes */
 
-	if (end_of_archs > 512)
-		return(LOAD_BADMACHO);
 	/*
-	 * 	Round size of fat_arch structures up to page boundry.
-	 */
-	size = round_page_32(end_of_archs);
-	if (size == 0)
-		return(LOAD_BADMACHO);
-
-	/*
-	 * Scan the fat_arch's looking for the best one.
-	 */
-	addr = data_ptr;
+	 * Scan the fat_arch's looking for the best one.  */
 	best_arch = NULL;
 	best_grade = 0;
-	arch = (struct fat_arch *) (addr + sizeof(struct fat_header));
+	arch = (struct fat_arch *) (data_ptr + sizeof(struct fat_header));
 	for (; nfat_arch-- > 0; arch++) {
+ 		testtype = OSSwapBigToHostInt32(arch->cputype);
+ 		testsubtype = OSSwapBigToHostInt32(arch->cpusubtype) & ~CPU_SUBTYPE_MASK;
 
 		/*
 		 *	Check to see if right cpu type.
 		 */
-		if(((cpu_type_t)NXSwapBigIntToHost(arch->cputype) & ~mask_bits) != req_cpu_type)
+ 		if((testtype & ~mask_bits) != (req_cpu_type & ~mask_bits)) {
 			continue;
+		}
 
 		/*
-		 * 	Get the grade of the cpu subtype.
+		 * 	Get the grade of the cpu subtype (without feature flags)
 		 */
-		grade = grade_binary(
-			    NXSwapBigIntToHost(arch->cputype),
-			    NXSwapBigIntToHost(arch->cpusubtype));
+ 		grade = grade_binary(testtype, testsubtype);
 
 		/*
 		 *	Remember it if it's the best we've seen.
@@ -160,15 +124,15 @@ fatfile_getarch2(
 		lret = LOAD_BADARCH;
 	} else {
 		archret->cputype	=
-			    NXSwapBigIntToHost(best_arch->cputype);
+			    OSSwapBigToHostInt32(best_arch->cputype);
 		archret->cpusubtype	=
-			    NXSwapBigIntToHost(best_arch->cpusubtype);
+			    OSSwapBigToHostInt32(best_arch->cpusubtype);
 		archret->offset		=
-			    NXSwapBigLongToHost(best_arch->offset);
+			    OSSwapBigToHostInt32(best_arch->offset);
 		archret->size		=
-			    NXSwapBigLongToHost(best_arch->size);
+			    OSSwapBigToHostInt32(best_arch->size);
 		archret->align		=
-			    NXSwapBigLongToHost(best_arch->align);
+			    OSSwapBigToHostInt32(best_arch->align);
 
 		lret = LOAD_SUCCESS;
 	}
@@ -179,59 +143,30 @@ fatfile_getarch2(
 	return(lret);
 }
 
-extern char classichandler[];
-
 load_return_t
-fatfile_getarch_affinity(
-		struct vnode		*vp,
+fatfile_getbestarch(
 		vm_offset_t		data_ptr,
-		struct fat_arch	*archret,
-		int 				affinity)
+		vm_size_t		data_size,
+		struct fat_arch	*archret)
 {
-		load_return_t lret;
-		int handler = (classichandler[0] != 0);
-		cpu_type_t primary_type, fallback_type;
-
-		if (handler && affinity) {
-				primary_type = CPU_TYPE_CLASSIC;
-				fallback_type = CPU_TYPE_NATIVE;
-		} else {
-				primary_type = CPU_TYPE_NATIVE;
-				fallback_type = CPU_TYPE_CLASSIC;
-		}
-		/*
-		 * Ignore the architectural bits when determining if an image
-		 * in a fat file should be skipped or graded.
-		 */
-		lret = fatfile_getarch2(vp, data_ptr, primary_type, CPU_ARCH_MASK, archret);
-		if ((lret != 0) && handler) {
-			lret = fatfile_getarch2(vp, data_ptr, fallback_type,
-						0, archret);
-		}
-		return lret;
+	/*
+	 * Ignore all architectural bits when determining if an image
+	 * in a fat file should be skipped or graded.
+	 */
+	return fatfile_getarch(data_ptr, data_size, cpu_type(), CPU_ARCH_MASK, archret);
 }
 
-/**********************************************************************
- * Routine:	fatfile_getarch()
- *
- * Function:	Locate the architecture-dependant contents of a fat
- *		file that match this CPU.
- *
- * Args:	vp:		The vnode for the fat file.
- *		header:		A pointer to the fat file header.
- *		archret (out):	Pointer to fat_arch structure to hold
- *				the results.
- *
- * Returns:	KERN_SUCCESS:	Valid architecture found.
- *		KERN_FAILURE:	No valid architecture found.
- **********************************************************************/
 load_return_t
-fatfile_getarch(
-	struct vnode		*vp,
-	vm_offset_t 	data_ptr,
-	struct fat_arch		*archret)
+fatfile_getbestarch_for_cputype(
+	cpu_type_t cputype,
+	vm_offset_t data_ptr,
+	vm_size_t data_size,
+	struct fat_arch *archret)
 {
-	return fatfile_getarch2(vp, data_ptr, CPU_TYPE_NATIVE, 0, archret);
+	/*
+	 * Scan the fat_arch array for exact matches for this cpu_type_t only
+	 */
+	return fatfile_getarch(data_ptr, data_size, cputype, 0, archret);
 }
 
 /**********************************************************************
@@ -251,11 +186,111 @@ fatfile_getarch(
  **********************************************************************/
 load_return_t
 fatfile_getarch_with_bits(
-	struct vnode		*vp,
 	integer_t		archbits,
 	vm_offset_t 	data_ptr,
+	vm_size_t		data_size,
 	struct fat_arch		*archret)
 {
-	return fatfile_getarch2(vp, data_ptr, archbits | CPU_TYPE_NATIVE, 0, archret);
+	/*
+	 * Scan the fat_arch array for matches with the requested
+	 * architectural bits set, and for the current hardware cpu CPU.
+	 */
+	return fatfile_getarch(data_ptr, data_size, (archbits & CPU_ARCH_MASK) | (cpu_type() & ~CPU_ARCH_MASK), 0, archret);
 }
 
+/*
+ * Validate the fat_header and fat_arch array in memory. We check that:
+ *
+ * 1) arch count would not exceed the data buffer
+ * 2) arch list does not contain duplicate cputype/cpusubtype tuples
+ * 3) arch list does not have two overlapping slices. The area
+ *    at the front of the file containing the fat headers is implicitly
+ *    a range that a slice should also not try to cover
+ */
+load_return_t
+fatfile_validate_fatarches(vm_offset_t data_ptr, vm_size_t data_size)
+{
+	uint32_t magic, nfat_arch;
+	uint32_t max_nfat_arch, i, j;
+	uint32_t fat_header_size;
+
+	struct fat_arch		*arches;
+	struct fat_header	*header;
+
+	if (sizeof(struct fat_header) > data_size) {
+		return (LOAD_FAILURE);
+	}
+
+	header = (struct fat_header *)data_ptr;
+	magic = OSSwapBigToHostInt32(header->magic);
+	nfat_arch = OSSwapBigToHostInt32(header->nfat_arch);
+
+	if (magic != FAT_MAGIC) {
+		/* must be FAT_MAGIC big endian */
+		return (LOAD_FAILURE);
+	}
+
+	max_nfat_arch = (data_size - sizeof(struct fat_header)) / sizeof(struct fat_arch);
+	if (nfat_arch > max_nfat_arch) {
+		/* nfat_arch would cause us to read off end of buffer */
+		return (LOAD_BADMACHO);
+	}
+
+	/* now that we know the fat_arch list fits in the buffer, how much does it use? */
+	fat_header_size = sizeof(struct fat_header) + nfat_arch * sizeof(struct fat_arch);
+	arches = (struct fat_arch *)(data_ptr + sizeof(struct fat_header));
+
+	for (i=0; i < nfat_arch; i++) {
+		uint32_t i_begin = OSSwapBigToHostInt32(arches[i].offset);
+		uint32_t i_size = OSSwapBigToHostInt32(arches[i].size);
+		uint32_t i_cputype = OSSwapBigToHostInt32(arches[i].cputype);
+		uint32_t i_cpusubtype = OSSwapBigToHostInt32(arches[i].cpusubtype);
+
+		if (i_begin < fat_header_size) {
+			/* slice is trying to claim part of the file used by fat headers themselves */
+			return (LOAD_BADMACHO);
+		}
+
+		if ((UINT32_MAX - i_size) < i_begin) {
+			/* start + size would overflow */
+			return (LOAD_BADMACHO);
+		}
+		uint32_t i_end = i_begin + i_size;
+
+		for (j=i+1; j < nfat_arch; j++) {
+			uint32_t j_begin = OSSwapBigToHostInt32(arches[j].offset);
+			uint32_t j_size = OSSwapBigToHostInt32(arches[j].size);
+			uint32_t j_cputype = OSSwapBigToHostInt32(arches[j].cputype);
+			uint32_t j_cpusubtype = OSSwapBigToHostInt32(arches[j].cpusubtype);
+
+			if ((i_cputype == j_cputype) && (i_cpusubtype == j_cpusubtype)) {
+				/* duplicate cputype/cpusubtype, results in ambiguous references */
+				return (LOAD_BADMACHO);
+			}
+
+			if ((UINT32_MAX - j_size) < j_begin) {
+				/* start + size would overflow */
+				return (LOAD_BADMACHO);
+			}
+			uint32_t j_end = j_begin + j_size;
+
+			if (i_begin <= j_begin) {
+				if (i_end <= j_begin) {
+					/* I completely precedes J */
+				} else {
+					/* I started before J, but ends somewhere in or after J */
+					return (LOAD_BADMACHO);
+				}
+			} else {
+				if (i_begin >= j_end) {
+					/* I started after J started but also after J ended */
+				} else {
+					/* I started after J started but before it ended, so there is overlap */
+					return (LOAD_BADMACHO);
+				}
+			}
+		}
+	}
+
+	return (LOAD_SUCCESS);
+}