From: Apple Date: Thu, 6 Jan 2011 16:45:42 +0000 (+0000) Subject: xnu-1504.9.26.tar.gz X-Git-Tag: mac-os-x-1066^0 X-Git-Url: https://git.saurik.com/apple/xnu.git/commitdiff_plain/c331a0bec715536613c8dd5f34a4e115d5b15824 xnu-1504.9.26.tar.gz --- diff --git a/bsd/kern/kern_exit.c b/bsd/kern/kern_exit.c index 83f7c60dd..811b4fb7d 100644 --- a/bsd/kern/kern_exit.c +++ b/bsd/kern/kern_exit.c @@ -117,6 +117,8 @@ #include #include #include +#include + #if CONFIG_DTRACE /* Do not include dtrace.h, it redefines kmem_[alloc/free] */ extern void (*dtrace_fasttrap_exit_ptr)(proc_t); @@ -300,7 +302,7 @@ proc_prepareexit(proc_t p, int rv) ut = get_bsdthread_info(self); /* If a core should be generated, notify crash reporter */ - if (hassigprop(WTERMSIG(rv), SA_CORE)) { + if (hassigprop(WTERMSIG(rv), SA_CORE) || ((p->p_csflags & CS_KILLED) != 0)) { /* * Workaround for processes checking up on PT_DENY_ATTACH: * should be backed out post-Leopard (details in 5431025). diff --git a/bsd/kern/kern_fork.c b/bsd/kern/kern_fork.c index 1a164a8c8..a5b1350d3 100644 --- a/bsd/kern/kern_fork.c +++ b/bsd/kern/kern_fork.c @@ -1277,7 +1277,7 @@ retry: TAILQ_INIT(&child_proc->p_aio_doneq); /* Inherit the parent flags for code sign */ - child_proc->p_csflags = parent_proc->p_csflags; + child_proc->p_csflags = (parent_proc->p_csflags & ~CS_KILLED); /* * All processes have work queue locks; cleaned up by diff --git a/bsd/kern/kern_proc.c b/bsd/kern/kern_proc.c index 81c86f484..ba7505008 100644 --- a/bsd/kern/kern_proc.c +++ b/bsd/kern/kern_proc.c @@ -156,6 +156,8 @@ lck_attr_t * lctx_lck_attr; static void lctxinit(void); #endif +int cs_debug; /* declared further down in this file */ + #if DEBUG #define __PROC_INTERNAL_DEBUG 1 #endif @@ -1715,7 +1717,13 @@ csops(__unused proc_t p, struct csops_args *uap, __unused int32_t *retval) if ((pt->p_csflags & CS_VALID) == CS_VALID) { /* is currently valid */ pt->p_csflags &= ~CS_VALID; /* set invalid */ if ((pt->p_csflags & CS_KILL) == CS_KILL) { + pt->p_csflags |= CS_KILLED; proc_unlock(pt); + if (cs_debug) { + printf("CODE SIGNING: marked invalid by pid %d: " + "p=%d[%s] honoring CS_KILL, final status 0x%x\n", + proc_selfpid(), pt->p_pid, pt->p_comm, pt->p_csflags); + } psignal(pt, SIGKILL); } else proc_unlock(pt); @@ -2623,11 +2631,12 @@ cs_invalid_page( /* CS_KILL triggers us to send a kill signal. Nothing else. */ if (p->p_csflags & CS_KILL) { + p->p_csflags |= CS_KILLED; proc_unlock(p); if (cs_debug) { printf("CODE SIGNING: cs_invalid_page(0x%llx): " - "p=%d[%s] honoring CS_KILL\n", - vaddr, p->p_pid, p->p_comm); + "p=%d[%s] honoring CS_KILL, final status 0x%x\n", + vaddr, p->p_pid, p->p_comm, p->p_csflags); } cs_procs_killed++; psignal(p, SIGKILL); diff --git a/bsd/kern/ubc_subr.c b/bsd/kern/ubc_subr.c index 0fb29a31c..473ae0a78 100644 --- a/bsd/kern/ubc_subr.c +++ b/bsd/kern/ubc_subr.c @@ -2470,7 +2470,7 @@ ubc_cs_blob_add( cs_blob_size_max = (UInt32) blob->csb_mem_size; } - if (cs_debug) { + if (cs_debug > 1) { proc_t p; p = current_proc(); diff --git a/bsd/sys/codesign.h b/bsd/sys/codesign.h index 5f36a2c7a..56ae21668 100644 --- a/bsd/sys/codesign.h +++ b/bsd/sys/codesign.h @@ -37,6 +37,7 @@ #define CS_KILL 0x0200 /* kill process if it becomes invalid */ #define CS_EXEC_SET_HARD 0x1000 /* set CS_HARD on any exec'ed process */ #define CS_EXEC_SET_KILL 0x2000 /* set CS_KILL on any exec'ed process */ +#define CS_KILLED 0x10000 /* was killed by kernel for invalidity */ /* csops operations */ #define CS_OPS_STATUS 0 /* return status */ diff --git a/config/MasterVersion b/config/MasterVersion index 15b5f9523..a3aa9069f 100644 --- a/config/MasterVersion +++ b/config/MasterVersion @@ -1,4 +1,4 @@ -10.5.0 +10.6.0 # The first line of this file contains the master version number for the kernel. # All other instances of the kernel version in xnu are derived from this file.