X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/fe8ab488e9161c46dd9885d58fc52996dc0249ff..3903760236c30e3b5ace7a4eefac3a269d68957c:/osfmk/kern/exception.c

diff --git a/osfmk/kern/exception.c b/osfmk/kern/exception.c
index 7d9cb9342..a93f38ca5 100644
--- a/osfmk/kern/exception.c
+++ b/osfmk/kern/exception.c
@@ -83,9 +83,12 @@
 #include <kern/sched_prim.h>
 #include <kern/host.h>
 #include <kern/misc_protos.h>
+#include <security/mac_mach_internal.h>
 #include <string.h>
 #include <pexpert/pexpert.h>
 
+extern int panic_on_exception_triage;
+
 unsigned long c_thr_exc_raise = 0;
 unsigned long c_thr_exc_raise_state = 0;
 unsigned long c_thr_exc_raise_state_id = 0;
@@ -103,7 +106,7 @@ kern_return_t exception_deliver(
 	lck_mtx_t			*mutex);
 
 static kern_return_t
-check_exc_receiver_dependancy(
+check_exc_receiver_dependency(
 	exception_type_t exception, 
 	struct exception_action *excp, 
 	lck_mtx_t *mutex);
@@ -142,12 +145,15 @@ exception_deliver(
 	int			behavior;
 	int			flavor;
 	kern_return_t		kr;
+	int use_fast_retrieve = TRUE;
+	task_t task;
+	ipc_port_t thread_port = NULL, task_port = NULL;
 
 	/*
 	 *  Save work if we are terminating.
 	 *  Just go back to our AST handler.
 	 */
-	if (!thread->active)
+	if (!thread->active && !thread->inspection)
 		return KERN_SUCCESS;
 
 	/*
@@ -198,6 +204,32 @@ exception_deliver(
 		small_code[1] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[1]);
 	}
 
+	task = thread->task;
+
+#if CONFIG_MACF
+	/* Now is a reasonably good time to check if the exception action is
+	 * permitted for this process, because after this point we will send
+	 * the message out almost certainly.
+	 * As with other failures, exception_triage_thread will go on
+	 * to the next level.
+	 */
+	if (mac_exc_action_check_exception_send(task, excp) != 0) {
+		return KERN_FAILURE;
+	}
+#endif
+
+	if ((thread != current_thread() || exception == EXC_CORPSE_NOTIFY)
+			&& behavior != EXCEPTION_STATE) {
+		use_fast_retrieve = FALSE;
+
+		task_reference(task);
+		task_port = convert_task_to_port(task);
+		/* task ref consumed */
+		thread_reference(thread);
+		thread_port = convert_thread_to_port(thread);
+		/* thread ref consumed */
+
+	}
 
 	switch (behavior) {
 	case EXCEPTION_STATE: {
@@ -226,7 +258,7 @@ exception_deliver(
 						state, state_cnt,
 						state, &state_cnt);
 			}
-			if (kr == MACH_MSG_SUCCESS)
+			if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY)
 				kr = thread_setstatus(thread, flavor, 
 						(thread_state_t)state,
 						state_cnt);
@@ -239,15 +271,19 @@ exception_deliver(
 		c_thr_exc_raise++;
 		if (code64) {
 			kr = mach_exception_raise(exc_port,
-					retrieve_thread_self_fast(thread),
-					retrieve_task_self_fast(thread->task),
+					use_fast_retrieve ? retrieve_thread_self_fast(thread) :
+						thread_port,
+					use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
+						task_port,
 					exception,
 					code, 
 					codeCnt);
 		} else {
 			kr = exception_raise(exc_port,
-					retrieve_thread_self_fast(thread),
-					retrieve_task_self_fast(thread->task),
+					use_fast_retrieve ? retrieve_thread_self_fast(thread) :
+						thread_port,
+					use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
+						task_port,
 					exception,
 					small_code, 
 					codeCnt);
@@ -268,8 +304,10 @@ exception_deliver(
 			if (code64) {
 				kr = mach_exception_raise_state_identity(
 						exc_port,
-						retrieve_thread_self_fast(thread),
-						retrieve_task_self_fast(thread->task),
+						use_fast_retrieve ? retrieve_thread_self_fast(thread) :
+							thread_port,
+						use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
+							task_port,
 						exception,
 						code, 
 						codeCnt,
@@ -278,8 +316,10 @@ exception_deliver(
 						state, &state_cnt);
 			} else {
 				kr = exception_raise_state_identity(exc_port,
-						retrieve_thread_self_fast(thread),
-						retrieve_task_self_fast(thread->task),
+						use_fast_retrieve ? retrieve_thread_self_fast(thread) :
+							thread_port,
+						use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
+							task_port,
 						exception,
 						small_code, 
 						codeCnt,
@@ -287,7 +327,7 @@ exception_deliver(
 						state, state_cnt,
 						state, &state_cnt);
 			}
-			if (kr == MACH_MSG_SUCCESS)
+			if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY)
 				kr = thread_setstatus(thread, flavor,
 						(thread_state_t)state,
 						state_cnt);
@@ -303,7 +343,7 @@ exception_deliver(
 }
 
 /*
- * Routine: check_exc_receiver_dependancy
+ * Routine: check_exc_receiver_dependency
  * Purpose:
  *      Verify that the port destined for receiving this exception is not
  *      on the current task. This would cause hang in kernel for
@@ -317,7 +357,7 @@ exception_deliver(
  *      KERN_SUCCESS if its ok to send exception message.
  */
 kern_return_t
-check_exc_receiver_dependancy(
+check_exc_receiver_dependency(
 	exception_type_t exception,
 	struct exception_action *excp,
 	lck_mtx_t *mutex)
@@ -338,10 +378,11 @@ check_exc_receiver_dependancy(
 	return retval;
 }
 
+
 /*
- *	Routine:	exception
+ *	Routine:	exception_triage_thread
  *	Purpose:
- *		The current thread caught an exception.
+ *		The thread caught an exception.
  *		We make an up-call to the thread's exception server.
  *	Conditions:
  *		Nothing locked and no resources held.
@@ -349,29 +390,39 @@ check_exc_receiver_dependancy(
  *		thread_exception_return and thread_kdb_return
  *		are possible.
  *	Returns:
- *		Doesn't return.
+ *		KERN_SUCCESS if exception is handled by any of the handlers.
  */
-void
-exception_triage(
+kern_return_t
+exception_triage_thread(
 	exception_type_t	exception,
 	mach_exception_data_t	code,
-	mach_msg_type_number_t  codeCnt)
+	mach_msg_type_number_t  codeCnt,
+	thread_t 		thread)
 {
-	thread_t		thread;
 	task_t			task;
 	host_priv_t		host_priv;
 	lck_mtx_t		*mutex;
-	kern_return_t	kr;
+	kern_return_t	kr = KERN_FAILURE;
 
 	assert(exception != EXC_RPC_ALERT);
 
-	thread = current_thread();
+	/*
+	 * If this behavior has been requested by the the kernel
+	 * (due to the boot environment), we should panic if we
+	 * enter this function.  This is intended as a debugging
+	 * aid; it should allow us to debug why we caught an
+	 * exception in environments where debugging is especially
+	 * difficult.
+	 */
+	if (panic_on_exception_triage) {
+		panic("called exception_triage when it was forbidden by the boot environment");
+	}
 
 	/*
 	 * Try to raise the exception at the activation level.
 	 */
 	mutex = &thread->mutex;
-	if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, thread->exc_actions, mutex))
+	if (KERN_SUCCESS == check_exc_receiver_dependency(exception, thread->exc_actions, mutex))
 	{
 		kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex);
 		if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
@@ -381,9 +432,9 @@ exception_triage(
 	/*
 	 * Maybe the task level will handle it.
 	 */
-	task = current_task();
-	mutex = &task->lock;
-	if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, task->exc_actions, mutex))
+	task = thread->task;
+	mutex = &task->itk_lock_data;
+	if (KERN_SUCCESS == check_exc_receiver_dependency(exception, task->exc_actions, mutex))
 	{
 		kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex);
 		if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
@@ -396,24 +447,41 @@ exception_triage(
 	host_priv = host_priv_self();
 	mutex = &host_priv->lock;
 	
-	if (KERN_SUCCESS == check_exc_receiver_dependancy(exception, host_priv->exc_actions, mutex))
+	if (KERN_SUCCESS == check_exc_receiver_dependency(exception, host_priv->exc_actions, mutex))
 	{
 		kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex);
 		if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
 			goto out;
 	}
 
-	/*
-	 * Nobody handled it, terminate the task.
-	 */
-
-	(void) task_terminate(task);
-
 out:
 	if ((exception != EXC_CRASH) && (exception != EXC_RESOURCE) &&
-	    (exception != EXC_GUARD))
+	    (exception != EXC_GUARD) && (exception != EXC_CORPSE_NOTIFY))
 		thread_exception_return();
-	return;
+	return kr;
+}
+
+/*
+ *	Routine:	exception_triage
+ *	Purpose:
+ *		The current thread caught an exception.
+ *		We make an up-call to the thread's exception server.
+ *	Conditions:
+ *		Nothing locked and no resources held.
+ *		Called from an exception context, so
+ *		thread_exception_return and thread_kdb_return
+ *		are possible.
+ *	Returns:
+ *		KERN_SUCCESS if exception is handled by any of the handlers.
+ */
+kern_return_t
+exception_triage(
+	exception_type_t	exception,
+	mach_exception_data_t	code,
+	mach_msg_type_number_t  codeCnt)
+{
+	thread_t thread = current_thread();
+	return exception_triage_thread(exception, code, codeCnt, thread);
 }
 
 kern_return_t
@@ -431,7 +499,7 @@ bsd_exception(
 	 * Maybe the task level will handle it.
 	 */
 	task = current_task();
-	mutex = &task->lock;
+	mutex = &task->itk_lock_data;
 
 	kr = exception_deliver(self, exception, code, codeCnt, task->exc_actions, mutex);
 
@@ -450,14 +518,15 @@ kern_return_t task_exception_notify(exception_type_t exception,
 {
 	mach_exception_data_type_t	code[EXCEPTION_CODE_MAX];
 	wait_interrupt_t		wsave;
+	kern_return_t kr = KERN_SUCCESS;
 
 	code[0] = exccode;
 	code[1] = excsubcode;
 
 	wsave = thread_interrupt_level(THREAD_UNINT);
-	exception_triage(exception, code, EXCEPTION_CODE_MAX);
+	kr = exception_triage(exception, code, EXCEPTION_CODE_MAX);
 	(void) thread_interrupt_level(wsave);
-	return (KERN_SUCCESS);
+	return kr;
 }