Loading...
--- xnu/xnu-3248.50.21/libsa/bootstrap.cpp
+++ xnu/xnu-1699.26.8/libsa/bootstrap.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
+ * Copyright (c) 2000 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
@@ -40,10 +40,6 @@
#include <IOKit/IODeviceTreeSupport.h>
#include <IOKit/IOCatalogue.h>
-#if __x86_64__
-#define KASLR_KEXT_DEBUG 0
-#endif
-
#if PRAGMA_MARK
#pragma mark Bootstrap Declarations
#endif
@@ -70,10 +66,6 @@
static void bootstrapRecordStartupExtensions(void);
static void bootstrapLoadSecurityExtensions(void);
-
-#if NO_KEXTD
-extern "C" bool IORamDiskBSDRoot(void);
-#endif
#if PRAGMA_MARK
#pragma mark Macros
@@ -108,6 +100,20 @@
"com.apple.driver.AppleNMI",
"com.apple.iokit.IOSystemManagementFamily",
"com.apple.iokit.ApplePlatformFamily",
+
+#if defined(__i386__) || defined(__arm__)
+ /* These ones are not supported on x86_64 or any newer platforms.
+ * They must be version 7.9.9; check by "com.apple.kernel.", with
+ * the trailing period; "com.apple.kernel" always represents the
+ * current kernel version.
+ */
+ "com.apple.kernel.6.0",
+ "com.apple.kernel.bsd",
+ "com.apple.kernel.iokit",
+ "com.apple.kernel.libkern",
+ "com.apple.kernel.mach",
+#endif
+
NULL
};
@@ -131,9 +137,11 @@
void readPrelinkedExtensions(
kernel_section_t * prelinkInfoSect);
void readBooterExtensions(void);
+ OSReturn readMkextExtensions(
+ OSString * deviceTreeName,
+ OSData * deviceTreeData);
OSReturn loadKernelComponentKexts(void);
- void loadKernelExternalComponents(void);
void readBuiltinPersonalities(void);
void loadSecurityExtensions(void);
@@ -199,7 +207,6 @@
}
loadKernelComponentKexts();
- loadKernelExternalComponents();
readBuiltinPersonalities();
OSKext::sendAllKextPersonalitiesToCatalog();
@@ -227,6 +234,11 @@
void * prelinkData = NULL; // see code
vm_size_t prelinkLength = 0;
+#if !__LP64__ && !defined(__arm__)
+ vm_map_offset_t prelinkDataMapOffset = 0;
+ void * prelinkCopy = NULL; // see code
+ kern_return_t mem_result = KERN_SUCCESS;
+#endif
OSDictionary * infoDict = NULL; // do not release
@@ -234,11 +246,6 @@
OSNumber * prelinkCountObj = NULL; // must release
u_int i = 0;
-#if NO_KEXTD
- bool ramDiskBoot;
- bool developerDevice;
- bool dontLoad;
-#endif
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
@@ -254,52 +261,69 @@
goto finish;
}
-#if KASLR_KEXT_DEBUG
- unsigned long scratchSize;
- vm_offset_t scratchAddr;
-
- IOLog("kaslr: prelinked kernel address info: \n");
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__TEXT", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __TEXT \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__DATA", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __DATA \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__LINKEDIT", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __LINKEDIT \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__KLD", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __KLD \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__PRELINK_TEXT", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __PRELINK_TEXT \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-
- scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__PRELINK_INFO", &scratchSize);
- IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __PRELINK_INFO \n",
- (unsigned long)scratchAddr,
- (unsigned long)(scratchAddr + scratchSize),
- scratchSize);
-#endif
-
prelinkData = (void *) prelinkTextSegment->vmaddr;
prelinkLength = prelinkTextSegment->vmsize;
+#if !__LP64__ && !__arm__
+ /* XXX: arm's pmap implementation doesn't seem to let us do this */
+
+ /* To enable paging and write/execute protections on the kext
+ * executables, we need to copy them out of the booter-created
+ * memory, reallocate that space with VM, then prelinkCopy them back in.
+ * This isn't necessary on LP64 because kexts have their own VM
+ * region on that architecture model.
+ */
+
+ mem_result = kmem_alloc(kernel_map, (vm_offset_t *)&prelinkCopy,
+ prelinkLength);
+ if (mem_result != KERN_SUCCESS) {
+ OSKextLog(/* kext */ NULL,
+ kOSKextLogErrorLevel |
+ kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
+ "Can't copy prelinked kexts' text for VM reassign.");
+ goto finish;
+ }
+
+ /* Copy it out.
+ */
+ memcpy(prelinkCopy, prelinkData, prelinkLength);
+
+ /* Dump the booter memory.
+ */
+ ml_static_mfree((vm_offset_t)prelinkData, prelinkLength);
+
+ /* Set up the VM region.
+ */
+ prelinkDataMapOffset = (vm_map_offset_t)(uintptr_t)prelinkData;
+ mem_result = vm_map_enter_mem_object(
+ kernel_map,
+ &prelinkDataMapOffset,
+ prelinkLength, /* mask */ 0,
+ VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
+ (ipc_port_t)NULL,
+ (vm_object_offset_t) 0,
+ /* copy */ FALSE,
+ /* cur_protection */ VM_PROT_ALL,
+ /* max_protection */ VM_PROT_ALL,
+ /* inheritance */ VM_INHERIT_DEFAULT);
+ if ((mem_result != KERN_SUCCESS) ||
+ (prelinkTextSegment->vmaddr != prelinkDataMapOffset))
+ {
+ OSKextLog(/* kext */ NULL,
+ kOSKextLogErrorLevel |
+ kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
+ "Can't create kexts' text VM entry at 0x%llx, length 0x%x (error 0x%x).",
+ (unsigned long long) prelinkDataMapOffset, prelinkLength, mem_result);
+ goto finish;
+ }
+ prelinkData = (void *)(uintptr_t)prelinkDataMapOffset;
+
+ /* And copy it back.
+ */
+ memcpy(prelinkData, prelinkCopy, prelinkLength);
+
+ kmem_free(kernel_map, (vm_offset_t)prelinkCopy, prelinkLength);
+#endif /* !__LP64__ && !__arm__*/
/* Unserialize the info dictionary from the prelink info section.
*/
@@ -320,16 +344,6 @@
"Error unserializing prelink plist: %s.", errorCString);
goto finish;
}
-
-#if NO_KEXTD
- /* Check if we should keep developer kexts around.
- * TODO: Check DeviceTree instead of a boot-arg <rdar://problem/10604201>
- */
- developerDevice = true;
- PE_parse_boot_argn("developer", &developerDevice, sizeof(developerDevice));
-
- ramDiskBoot = IORamDiskBSDRoot();
-#endif /* NO_KEXTD */
infoDictArray = OSDynamicCast(OSArray,
prelinkInfoDict->getObject(kPrelinkInfoDictionaryKey));
@@ -338,13 +352,9 @@
"The prelinked kernel has no kext info dictionaries");
goto finish;
}
-
- /* Create dictionary of excluded kexts
- */
- OSKext::createExcludeListFromPrelinkInfo(infoDictArray);
-
- /* Create OSKext objects for each info dictionary.
- */
+
+ /* Create OSKext objects for each info dictionary.
+ */
for (i = 0; i < infoDictArray->getCount(); ++i) {
infoDict = OSDynamicCast(OSDictionary, infoDictArray->getObject(i));
if (!infoDict) {
@@ -355,50 +365,6 @@
continue;
}
-#if NO_KEXTD
- dontLoad = false;
-
- /* If we're not on a developer device, skip and free developer kexts.
- */
- if (developerDevice == false) {
- OSBoolean *devOnlyBool = OSDynamicCast(OSBoolean,
- infoDict->getObject(kOSBundleDeveloperOnlyKey));
- if (devOnlyBool == kOSBooleanTrue) {
- dontLoad = true;
- }
- }
-
- /* Skip and free kexts that are only needed when booted from a ram disk.
- */
- if (ramDiskBoot == false) {
- OSBoolean *ramDiskOnlyBool = OSDynamicCast(OSBoolean,
- infoDict->getObject(kOSBundleRamDiskOnlyKey));
- if (ramDiskOnlyBool == kOSBooleanTrue) {
- dontLoad = true;
- }
- }
-
- if (dontLoad == true) {
- OSString *bundleID = OSDynamicCast(OSString,
- infoDict->getObject(kCFBundleIdentifierKey));
- if (bundleID) {
- OSKextLog(NULL, kOSKextLogWarningLevel | kOSKextLogGeneralFlag,
- "Kext %s not loading.", bundleID->getCStringNoCopy());
- }
-
- OSNumber *addressNum = OSDynamicCast(OSNumber,
- infoDict->getObject(kPrelinkExecutableLoadKey));
- OSNumber *lengthNum = OSDynamicCast(OSNumber,
- infoDict->getObject(kPrelinkExecutableSizeKey));
- if (addressNum && lengthNum) {
-#error Pick the right way to free prelinked data on this arch
- }
-
- infoDictArray->removeObject(i--);
- continue;
- }
-#endif /* NO_KEXTD */
-
/* Create the kext for the entry, then release it, because the
* kext system keeps them around until explicitly removed.
* Any creation/registration failures are already logged for us.
@@ -428,13 +394,12 @@
"%u prelinked kexts",
infoDictArray->getCount());
-#if CONFIG_KEXT_BASEMENT
- /* On CONFIG_KEXT_BASEMENT systems, kexts are copied to their own
- * special VM region during OSKext init time, so we can free the whole
- * segment now.
+#if __LP64__
+ /* On LP64 systems, kexts are copied to their own special VM region
+ * during OSKext init time, so we can free the whole segment now.
*/
ml_static_mfree((vm_offset_t) prelinkData, prelinkLength);
-#endif /* __x86_64__ */
+#endif /* __LP64__ */
/* Free the prelink info segment, we're done with it.
*/
@@ -455,6 +420,7 @@
/*********************************************************************
*********************************************************************/
#define BOOTER_KEXT_PREFIX "Driver-"
+#define BOOTER_MKEXT_PREFIX "DriversPackage-"
typedef struct _DeviceTreeBuffer {
uint32_t paddr;
@@ -478,7 +444,7 @@
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogKextBookkeepingFlag,
- "Reading startup extensions from booter memory.");
+ "Reading startup extensions/mkexts from booter memory.");
booterMemoryMap = IORegistryEntry::fromPath( "/chosen/memory-map", gIODTPlane);
@@ -508,14 +474,10 @@
goto finish;
}
- /* Create dictionary of excluded kexts
- */
- OSKext::createExcludeListFromBooterData(propertyDict, keyIterator);
- keyIterator->reset();
-
while ( ( deviceTreeName =
OSDynamicCast(OSString, keyIterator->getNextObject() ))) {
+ boolean_t isMkext = FALSE;
const char * devTreeNameCString = deviceTreeName->getCStringNoCopy();
OSData * deviceTreeEntry = OSDynamicCast(OSData,
propertyDict->getObject(deviceTreeName));
@@ -529,10 +491,18 @@
continue;
}
- /* Make sure it is a kext */
- if (strncmp(devTreeNameCString,
- BOOTER_KEXT_PREFIX,
- CONST_STRLEN(BOOTER_KEXT_PREFIX))) {
+ /* Make sure it is either a kext or an mkext */
+ if (!strncmp(devTreeNameCString, BOOTER_KEXT_PREFIX,
+ CONST_STRLEN(BOOTER_KEXT_PREFIX))) {
+
+ isMkext = FALSE;
+
+ } else if (!strncmp(devTreeNameCString, BOOTER_MKEXT_PREFIX,
+ CONST_STRLEN(BOOTER_MKEXT_PREFIX))) {
+
+ isMkext = TRUE;
+
+ } else {
continue;
}
@@ -555,7 +525,7 @@
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogDirectoryScanFlag,
- "Can't get virtual address for device tree entry %s.",
+ "Can't get virtual address for device tree mkext entry %s.",
devTreeNameCString);
goto finish;
}
@@ -577,12 +547,16 @@
}
booterData->setDeallocFunction(osdata_phys_free);
- /* Create the kext for the entry, then release it, because the
- * kext system keeps them around until explicitly removed.
- * Any creation/registration failures are already logged for us.
- */
- OSKext * newKext = OSKext::withBooterData(deviceTreeName, booterData);
- OSSafeRelease(newKext);
+ if (isMkext) {
+ readMkextExtensions(deviceTreeName, booterData);
+ } else {
+ /* Create the kext for the entry, then release it, because the
+ * kext system keeps them around until explicitly removed.
+ * Any creation/registration failures are already logged for us.
+ */
+ OSKext * newKext = OSKext::withBooterData(deviceTreeName, booterData);
+ OSSafeRelease(newKext);
+ }
booterMemoryMap->removeProperty(deviceTreeName);
@@ -600,6 +574,49 @@
/*********************************************************************
*********************************************************************/
+OSReturn
+KLDBootstrap::readMkextExtensions(
+ OSString * deviceTreeName,
+ OSData * booterData)
+{
+ OSReturn result = kOSReturnError;
+
+ uint32_t checksum;
+ IORegistryEntry * registryRoot = NULL; // do not release
+ OSData * checksumObj = NULL; // must release
+
+ OSKextLog(/* kext */ NULL,
+ kOSKextLogStepLevel |
+ kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
+ "Reading startup mkext archive from device tree entry %s.",
+ deviceTreeName->getCStringNoCopy());
+
+ /* If we successfully read the archive,
+ * then save the mkext's checksum in the IORegistry.
+ * assumes we'll only ever have one mkext to boot
+ */
+ result = OSKext::readMkextArchive(booterData, &checksum);
+ if (result == kOSReturnSuccess) {
+
+ OSKextLog(/* kext */ NULL,
+ kOSKextLogProgressLevel |
+ kOSKextLogArchiveFlag,
+ "Startup mkext archive has checksum 0x%x.", (int)checksum);
+
+ registryRoot = IORegistryEntry::getRegistryRoot();
+ assert(registryRoot);
+ checksumObj = OSData::withBytes((void *)&checksum, sizeof(checksum));
+ assert(checksumObj);
+ if (checksumObj) {
+ registryRoot->setProperty(kOSStartupMkextCRC, checksumObj);
+ }
+ }
+
+ return result;
+}
+
+/*********************************************************************
+*********************************************************************/
#define COM_APPLE "com.apple."
void
@@ -648,7 +665,7 @@
}
isSecurityKext = OSDynamicCast(OSBoolean,
- theKext->getPropertyForHostArch(kAppleSecurityExtensionKey));
+ theKext->getPropertyForHostArch("AppleSecurityExtension"));
if (isSecurityKext && isSecurityKext->isTrue()) {
OSKextLog(/* kext */ NULL,
kOSKextLogStepLevel |
@@ -705,80 +722,6 @@
OSSafeRelease(theKext);
return result;
-}
-
-/*********************************************************************
-* Ensure that Kernel External Components are loaded early in boot,
-* before other kext personalities get sent to the IOCatalogue. These
-* kexts are treated specially because they may provide the implementation
-* for kernel-vended KPI, so they must register themselves before
-* general purpose IOKit probing begins.
-*********************************************************************/
-
-#define COM_APPLE_KEC "com.apple.kec."
-
-void
-KLDBootstrap::loadKernelExternalComponents(void)
-{
- OSDictionary * extensionsDict = NULL; // must release
- OSCollectionIterator * keyIterator = NULL; // must release
- OSString * bundleID = NULL; // don't release
- OSKext * theKext = NULL; // don't release
- OSBoolean * isKernelExternalComponent = NULL; // don't release
-
- OSKextLog(/* kext */ NULL,
- kOSKextLogStepLevel |
- kOSKextLogLoadFlag,
- "Loading Kernel External Components.");
-
- extensionsDict = OSKext::copyKexts();
- if (!extensionsDict) {
- return;
- }
-
- keyIterator = OSCollectionIterator::withCollection(extensionsDict);
- if (!keyIterator) {
- OSKextLog(/* kext */ NULL,
- kOSKextLogErrorLevel |
- kOSKextLogGeneralFlag,
- "Failed to allocate iterator for Kernel External Components.");
- goto finish;
- }
-
- while ((bundleID = OSDynamicCast(OSString, keyIterator->getNextObject()))) {
-
- const char * bundle_id = bundleID->getCStringNoCopy();
-
- /* Skip extensions whose bundle IDs don't start with "com.apple.kec.".
- */
- if (!bundle_id ||
- (strncmp(bundle_id, COM_APPLE_KEC, CONST_STRLEN(COM_APPLE_KEC)) != 0)) {
-
- continue;
- }
-
- theKext = OSDynamicCast(OSKext, extensionsDict->getObject(bundleID));
- if (!theKext) {
- continue;
- }
-
- isKernelExternalComponent = OSDynamicCast(OSBoolean,
- theKext->getPropertyForHostArch(kAppleKernelExternalComponentKey));
- if (isKernelExternalComponent && isKernelExternalComponent->isTrue()) {
- OSKextLog(/* kext */ NULL,
- kOSKextLogStepLevel |
- kOSKextLogLoadFlag,
- "Loading kernel external component %s.", bundleID->getCStringNoCopy());
- OSKext::loadKextWithIdentifier(bundleID->getCStringNoCopy(),
- /* allowDefer */ false);
- }
- }
-
-finish:
- OSSafeRelease(keyIterator);
- OSSafeRelease(extensionsDict);
-
- return;
}
/*********************************************************************