static void FreePhysicalMemory( vm_offset_t * range )
{
vm_offset_t virt;
virt = ml_static_ptovirt( range[0] );
if( virt) {
ml_static_mfree( virt, range[1] );
}
}
void
KLDBootstrap::readPrelinkedExtensions(
kernel_section_t * prelinkInfoSect)
{
OSArray * infoDictArray = NULL; // do not release
OSObject * parsedXML = NULL; // must release
OSDictionary * prelinkInfoDict = NULL; // do not release
OSString * errorString = NULL; // must release
OSKext * theKernel = NULL; // must release
kernel_segment_command_t * prelinkTextSegment = NULL; // see code
kernel_segment_command_t * prelinkInfoSegment = NULL; // see code
/* We make some copies of data, but if anything fails we're basically
* going to fail the boot, so these won't be cleaned up on error.
*/
void * prelinkData = NULL; // see code
vm_size_t prelinkLength = 0;
OSDictionary * infoDict = NULL; // do not release
IORegistryEntry * registryRoot = NULL; // do not release
OSNumber * prelinkCountObj = NULL; // must release
u_int i = 0;
#if NO_KEXTD
bool ramDiskBoot;
bool developerDevice;
bool dontLoad;
#endif
OSData * kaslrOffsets = NULL;
unsigned long plk_segSizes[PLK_SEGMENTS];
vm_offset_t plk_segAddrs[PLK_SEGMENTS];
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Starting from prelinked kernel.");
prelinkTextSegment = getsegbyname(kPrelinkTextSegment);
if (!prelinkTextSegment) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Can't find prelinked kexts' text segment.");
goto finish;
}
#if KASLR_KEXT_DEBUG
unsigned long scratchSize;
vm_offset_t scratchAddr;
IOLog("kaslr: prelinked kernel address info: \n");
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__TEXT", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __TEXT \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__DATA", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __DATA \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__LINKEDIT", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __LINKEDIT \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__KLD", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __KLD \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__PRELINK_TEXT", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __PRELINK_TEXT \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
scratchAddr = (vm_offset_t) getsegdatafromheader(&_mh_execute_header, "__PRELINK_INFO", &scratchSize);
IOLog("kaslr: start 0x%lx end 0x%lx length %lu for __PRELINK_INFO \n",
(unsigned long)scratchAddr,
(unsigned long)(scratchAddr + scratchSize),
scratchSize);
#endif
prelinkData = (void *) prelinkTextSegment->vmaddr;
prelinkLength = prelinkTextSegment->vmsize;
/* build arrays of plk info for later use */
const char ** segNamePtr;
for (segNamePtr = &plk_segNames[0], i = 0; *segNamePtr && i < PLK_SEGMENTS; segNamePtr++, i++) {
plk_segSizes[i] = 0;
plk_segAddrs[i] = (vm_offset_t)getsegdatafromheader(&_mh_execute_header, *segNamePtr, &plk_segSizes[i]);
}
/* Unserialize the info dictionary from the prelink info section.
*/
parsedXML = OSUnserializeXML((const char *)prelinkInfoSect->addr,
&errorString);
if (parsedXML) {
prelinkInfoDict = OSDynamicCast(OSDictionary, parsedXML);
}
if (!prelinkInfoDict) {
const char * errorCString = "(unknown error)";
if (errorString && errorString->getCStringNoCopy()) {
errorCString = errorString->getCStringNoCopy();
} else if (parsedXML) {
errorCString = "not a dictionary";
}
OSKextLog(/* kext */ NULL, kOSKextLogErrorLevel | kOSKextLogArchiveFlag,
"Error unserializing prelink plist: %s.", errorCString);
goto finish;
}
#if NO_KEXTD
/* Check if we should keep developer kexts around.
* TODO: Check DeviceTree instead of a boot-arg <rdar://problem/10604201>
*/
developerDevice = true;
PE_parse_boot_argn("developer", &developerDevice, sizeof(developerDevice));
ramDiskBoot = IORamDiskBSDRoot();
#endif /* NO_KEXTD */
infoDictArray = OSDynamicCast(OSArray,
prelinkInfoDict->getObject(kPrelinkInfoDictionaryKey));
if (!infoDictArray) {
OSKextLog(/* kext */ NULL, kOSKextLogErrorLevel | kOSKextLogArchiveFlag,
"The prelinked kernel has no kext info dictionaries");
goto finish;
}
/* kaslrOffsets are available use them to slide local relocations */
kaslrOffsets = OSDynamicCast(OSData,
prelinkInfoDict->getObject(kPrelinkLinkKASLROffsetsKey));
/* Create dictionary of excluded kexts
*/
OSKext::createExcludeListFromPrelinkInfo(infoDictArray);
/* Create OSKext objects for each info dictionary.
*/
for (i = 0; i < infoDictArray->getCount(); ++i) {
infoDict = OSDynamicCast(OSDictionary, infoDictArray->getObject(i));
if (!infoDict) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Can't find info dictionary for prelinked kext #%d.", i);
continue;
}
#if NO_KEXTD
dontLoad = false;
/* If we're not on a developer device, skip and free developer kexts.
*/
if (developerDevice == false) {
OSBoolean *devOnlyBool = OSDynamicCast(OSBoolean,
infoDict->getObject(kOSBundleDeveloperOnlyKey));
if (devOnlyBool == kOSBooleanTrue) {
dontLoad = true;
}
}
/* Skip and free kexts that are only needed when booted from a ram disk.
*/
if (ramDiskBoot == false) {
OSBoolean *ramDiskOnlyBool = OSDynamicCast(OSBoolean,
infoDict->getObject(kOSBundleRamDiskOnlyKey));
if (ramDiskOnlyBool == kOSBooleanTrue) {
dontLoad = true;
}
}
if (dontLoad == true) {
OSString *bundleID = OSDynamicCast(OSString,
infoDict->getObject(kCFBundleIdentifierKey));
if (bundleID) {
OSKextLog(NULL, kOSKextLogWarningLevel | kOSKextLogGeneralFlag,
"Kext %s not loading.", bundleID->getCStringNoCopy());
}
OSNumber *addressNum = OSDynamicCast(OSNumber,
infoDict->getObject(kPrelinkExecutableLoadKey));
OSNumber *lengthNum = OSDynamicCast(OSNumber,
infoDict->getObject(kPrelinkExecutableSizeKey));
if (addressNum && lengthNum) {
#error Pick the right way to free prelinked data on this arch
}
infoDictArray->removeObject(i--);
continue;
}
#endif /* NO_KEXTD */
/* Create the kext for the entry, then release it, because the
* kext system keeps them around until explicitly removed.
* Any creation/registration failures are already logged for us.
*/
OSKext * newKext = OSKext::withPrelinkedInfoDict(infoDict, (kaslrOffsets ? TRUE : FALSE));
OSSafeReleaseNULL(newKext);
}
/* slide kxld relocations */
if (kaslrOffsets && vm_kernel_slide > 0) {
int slidKextAddrCount = 0;
int badSlideAddr = 0;
int badSlideTarget = 0;
kaslrPackedOffsets * myOffsets = NULL;
myOffsets = (kaslrPackedOffsets *) kaslrOffsets->getBytesNoCopy();
for (uint32_t j = 0; j < myOffsets->count; j++) {
uint64_t slideOffset = (uint64_t) myOffsets->offsetsArray[j];
uintptr_t * slideAddr = (uintptr_t *) ((uint64_t)prelinkData + slideOffset);
int slideAddrSegIndex = -1;
int addrToSlideSegIndex = -1;
slideAddrSegIndex = __whereIsAddr( (vm_offset_t)slideAddr, &plk_segSizes[0], &plk_segAddrs[0], PLK_SEGMENTS );
if (slideAddrSegIndex >= 0) {
addrToSlideSegIndex = __whereIsAddr( (vm_offset_t)(*slideAddr + vm_kernel_slide), &plk_segSizes[0], &plk_segAddrs[0], PLK_SEGMENTS );
if (addrToSlideSegIndex < 0) {
badSlideTarget++;
continue;
}
}
else {
badSlideAddr++;
continue;
}
slidKextAddrCount++;
*(slideAddr) += vm_kernel_slide;
} // for ...
/* All kexts are now slid, set VM protections for them */
OSKext::setAllVMAttributes();
}
/* Store the number of prelinked kexts in the registry so we can tell
* when the system has been started from a prelinked kernel.
*/
registryRoot = IORegistryEntry::getRegistryRoot();
assert(registryRoot);
prelinkCountObj = OSNumber::withNumber(
(unsigned long long)infoDictArray->getCount(),
8 * sizeof(uint32_t));
assert(prelinkCountObj);
if (prelinkCountObj) {
registryRoot->setProperty(kOSPrelinkKextCountKey, prelinkCountObj);
}
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
kOSKextLogGeneralFlag | kOSKextLogKextBookkeepingFlag |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"%u prelinked kexts",
infoDictArray->getCount());
#if CONFIG_KEXT_BASEMENT
/* On CONFIG_KEXT_BASEMENT systems, kexts are copied to their own
* special VM region during OSKext init time, so we can free the whole
* segment now.
*/
ml_static_mfree((vm_offset_t) prelinkData, prelinkLength);
#endif /* __x86_64__ */
/* Free the prelink info segment, we're done with it.
*/
prelinkInfoSegment = getsegbyname(kPrelinkInfoSegment);
if (prelinkInfoSegment) {
ml_static_mfree((vm_offset_t)prelinkInfoSegment->vmaddr,
(vm_size_t)prelinkInfoSegment->vmsize);
}
finish:
OSSafeReleaseNULL(errorString);
OSSafeReleaseNULL(parsedXML);
OSSafeReleaseNULL(theKernel);
OSSafeReleaseNULL(prelinkCountObj);
return;
}
void
KLDBootstrap::readPrelinkedExtensions(
kernel_section_t * prelinkInfoSect)
{
OSArray * infoDictArray = NULL; // do not release
OSArray * personalitiesArray = NULL; // do not release
OSObject * parsedXML = NULL; // must release
OSDictionary * prelinkInfoDict = NULL; // do not release
OSString * errorString = NULL; // must release
OSKext * theKernel = NULL; // must release
#if CONFIG_KXLD
kernel_section_t * kernelLinkStateSection = NULL; // see code
#endif
kernel_segment_command_t * prelinkLinkStateSegment = NULL; // see code
kernel_segment_command_t * prelinkTextSegment = NULL; // see code
kernel_segment_command_t * prelinkInfoSegment = NULL; // see code
/* We make some copies of data, but if anything fails we're basically
* going to fail the boot, so these won't be cleaned up on error.
*/
void * prelinkData = NULL; // see code
void * prelinkCopy = NULL; // see code
vm_size_t prelinkLength = 0;
#if !__LP64__ && !defined(__arm__)
vm_map_offset_t prelinkDataMapOffset = 0;
#endif
kern_return_t mem_result = KERN_SUCCESS;
OSDictionary * infoDict = NULL; // do not release
IORegistryEntry * registryRoot = NULL; // do not release
OSNumber * prelinkCountObj = NULL; // must release
u_int i = 0;
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Starting from prelinked kernel.");
/*****
* Wrap the kernel link state in-place in an OSData.
* This is unnecessary (and the link state may not be present) if the kernel
* does not have kxld support because this information is only used for
* runtime linking.
*/
#if CONFIG_KXLD
kernelLinkStateSection = getsectbyname(kPrelinkLinkStateSegment,
kPrelinkKernelLinkStateSection);
if (!kernelLinkStateSection) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogArchiveFlag,
"Can't find prelinked kernel link state.");
goto finish;
}
theKernel = OSKext::lookupKextWithIdentifier(kOSKextKernelIdentifier);
if (!theKernel) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogArchiveFlag,
"Can't find kernel kext object in prelinked kernel.");
goto finish;
}
prelinkData = (void *) kernelLinkStateSection->addr;
prelinkLength = kernelLinkStateSection->size;
mem_result = kmem_alloc_pageable(kernel_map,
(vm_offset_t *) &prelinkCopy, prelinkLength);
if (mem_result != KERN_SUCCESS) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
"Can't copy prelinked kernel link state.");
goto finish;
}
memcpy(prelinkCopy, prelinkData, prelinkLength);
theKernel->linkState = OSData::withBytesNoCopy(prelinkCopy, prelinkLength);
if (!theKernel->linkState) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
"Can't create prelinked kernel link state wrapper.");
goto finish;
}
theKernel->linkState->setDeallocFunction(osdata_kmem_free);
#endif
prelinkTextSegment = getsegbyname(kPrelinkTextSegment);
if (!prelinkTextSegment) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Can't find prelinked kexts' text segment.");
goto finish;
}
prelinkData = (void *) prelinkTextSegment->vmaddr;
prelinkLength = prelinkTextSegment->vmsize;
#if !__LP64__
/* To enable paging and write/execute protections on the kext
* executables, we need to copy them out of the booter-created
* memory, reallocate that space with VM, then prelinkCopy them back in.
* This isn't necessary on LP64 because kexts have their own VM
* region on that architecture model.
*/
mem_result = kmem_alloc(kernel_map, (vm_offset_t *)&prelinkCopy,
prelinkLength);
if (mem_result != KERN_SUCCESS) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
"Can't copy prelinked kexts' text for VM reassign.");
goto finish;
}
/* Copy it out.
*/
memcpy(prelinkCopy, prelinkData, prelinkLength);
/* Dump the booter memory.
*/
ml_static_mfree((vm_offset_t)prelinkData, prelinkLength);
/* Set up the VM region.
*/
prelinkDataMapOffset = (vm_map_offset_t)(uintptr_t)prelinkData;
mem_result = vm_map_enter_mem_object(
kernel_map,
&prelinkDataMapOffset,
prelinkLength, /* mask */ 0,
VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
(ipc_port_t)NULL,
(vm_object_offset_t) 0,
/* copy */ FALSE,
/* cur_protection */ VM_PROT_ALL,
/* max_protection */ VM_PROT_ALL,
/* inheritance */ VM_INHERIT_DEFAULT);
if ((mem_result != KERN_SUCCESS) ||
(prelinkTextSegment->vmaddr != prelinkDataMapOffset))
{
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogGeneralFlag | kOSKextLogArchiveFlag,
"Can't create kexts' text VM entry at 0x%llx, length 0x%x (error 0x%x).",
(unsigned long long) prelinkDataMapOffset, prelinkLength, mem_result);
goto finish;
}
prelinkData = (void *)(uintptr_t)prelinkDataMapOffset;
/* And copy it back.
*/
memcpy(prelinkData, prelinkCopy, prelinkLength);
kmem_free(kernel_map, (vm_offset_t)prelinkCopy, prelinkLength);
#endif /* !__LP64__ */
/* Unserialize the info dictionary from the prelink info section.
*/
parsedXML = OSUnserializeXML((const char *)prelinkInfoSect->addr,
&errorString);
if (parsedXML) {
prelinkInfoDict = OSDynamicCast(OSDictionary, parsedXML);
}
if (!prelinkInfoDict) {
const char * errorCString = "(unknown error)";
if (errorString && errorString->getCStringNoCopy()) {
errorCString = errorString->getCStringNoCopy();
} else if (parsedXML) {
errorCString = "not a dictionary";
}
OSKextLog(/* kext */ NULL, kOSKextLogErrorLevel | kOSKextLogArchiveFlag,
"Error unserializing prelink plist: %s.", errorCString);
goto finish;
}
infoDictArray = OSDynamicCast(OSArray,
prelinkInfoDict->getObject(kPrelinkInfoDictionaryKey));
if (!infoDictArray) {
OSKextLog(/* kext */ NULL, kOSKextLogErrorLevel | kOSKextLogArchiveFlag,
"The prelinked kernel has no kext info dictionaries");
goto finish;
}
/* Create OSKext objects for each info dictionary.
*/
for (i = 0; i < infoDictArray->getCount(); ++i) {
infoDict = OSDynamicCast(OSDictionary, infoDictArray->getObject(i));
if (!infoDict) {
OSKextLog(/* kext */ NULL,
kOSKextLogErrorLevel |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"Can't find info dictionary for prelinked kext #%d.", i);
continue;
}
/* Create the kext for the entry, then release it, because the
* kext system keeps them around until explicitly removed.
* Any creation/registration failures are already logged for us.
*/
OSKext * newKext = OSKext::withPrelinkedInfoDict(infoDict);
OSSafeReleaseNULL(newKext);
}
/* Get all of the personalities for kexts that were not prelinked and
* add them to the catalogue.
*/
personalitiesArray = OSDynamicCast(OSArray,
prelinkInfoDict->getObject(kPrelinkPersonalitiesKey));
if (!personalitiesArray) {
OSKextLog(/* kext */ NULL, kOSKextLogErrorLevel | kOSKextLogArchiveFlag,
"The prelinked kernel has no personalities array");
goto finish;
}
if (personalitiesArray->getCount()) {
OSKext::setPrelinkedPersonalities(personalitiesArray);
}
/* Store the number of prelinked kexts in the registry so we can tell
* when the system has been started from a prelinked kernel.
*/
registryRoot = IORegistryEntry::getRegistryRoot();
assert(registryRoot);
prelinkCountObj = OSNumber::withNumber(
(unsigned long long)infoDictArray->getCount(),
8 * sizeof(uint32_t));
assert(prelinkCountObj);
if (prelinkCountObj) {
registryRoot->setProperty(kOSPrelinkKextCountKey, prelinkCountObj);
}
OSSafeReleaseNULL(prelinkCountObj);
prelinkCountObj = OSNumber::withNumber(
(unsigned long long)personalitiesArray->getCount(),
8 * sizeof(uint32_t));
assert(prelinkCountObj);
if (prelinkCountObj) {
registryRoot->setProperty(kOSPrelinkPersonalityCountKey, prelinkCountObj);
}
OSKextLog(/* kext */ NULL,
kOSKextLogProgressLevel |
kOSKextLogGeneralFlag | kOSKextLogKextBookkeepingFlag |
kOSKextLogDirectoryScanFlag | kOSKextLogArchiveFlag,
"%u prelinked kexts, and %u additional personalities.",
infoDictArray->getCount(), personalitiesArray->getCount());
#if __LP64__
/* On LP64 systems, kexts are copied to their own special VM region
* during OSKext init time, so we can free the whole segment now.
*/
ml_static_mfree((vm_offset_t) prelinkData, prelinkLength);
#endif /* __LP64__ */
/* Free the link state segment, kexts have copied out what they need.
*/
prelinkLinkStateSegment = getsegbyname(kPrelinkLinkStateSegment);
if (prelinkLinkStateSegment) {
ml_static_mfree((vm_offset_t)prelinkLinkStateSegment->vmaddr,
(vm_size_t)prelinkLinkStateSegment->vmsize);
}
/* Free the prelink info segment, we're done with it.
*/
prelinkInfoSegment = getsegbyname(kPrelinkInfoSegment);
if (prelinkInfoSegment) {
ml_static_mfree((vm_offset_t)prelinkInfoSegment->vmaddr,
(vm_size_t)prelinkInfoSegment->vmsize);
}
finish:
OSSafeRelease(errorString);
OSSafeRelease(parsedXML);
OSSafeRelease(theKernel);
OSSafeRelease(prelinkCountObj);
return;
}