1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <stdarg.h>
28 #include <string.h>
29 #include <sys/malloc.h>
30 #include <sys/time.h>
31 #include <sys/dtrace.h>
32 #include <sys/dtrace_impl.h>
33 #include <sys/proc_internal.h>
34 #include <sys/vnode.h>
35 #include <kern/debug.h>
36 #include <kern/sched_prim.h>
37 #include <kern/task.h>
38
39 #if CONFIG_CSR
40 #include <sys/codesign.h>
41 #include <sys/csr.h>
42
43 #if defined(KERNEL_INTEGRITY_KTRR) || defined(KERNEL_INTEGRITY_CTRR)
44 extern bool csr_unsafe_kernel_text;
45 #endif
46 #endif
47
48 /*
49 * APPLE NOTE: Solaris proc_t is the struct.
50 * Darwin's proc_t is a pointer to it.
51 */
52 #define proc_t struct proc /* Steer clear of the Darwin typedef for proc_t */
53
54
55 /* Copied from an arch specific dtrace_subr.c. */
56 int (*dtrace_fasttrap_probe_ptr)(struct regs *);
57
58 /*
59 * Following DTrace hooks are taken from Solaris' dtrace_subr.c
60 * They're assigned in dtrace.c but Darwin never calls them.
61 */
62 void (*dtrace_cpu_init)(processorid_t);
63 int (*dtrace_modload)(struct kmod_info *, uint32_t);
64 int (*dtrace_modunload)(struct kmod_info *);
65 void (*dtrace_helpers_cleanup)(proc_t *);
66 void (*dtrace_helpers_fork)(proc_t *, proc_t *);
67 void (*dtrace_cpustart_init)(void);
68 void (*dtrace_cpustart_fini)(void);
69
70 void (*dtrace_debugger_init)(void);
71 void (*dtrace_debugger_fini)(void);
72
73 dtrace_vtime_state_t dtrace_vtime_active = 0;
74 dtrace_cacheid_t dtrace_predcache_id = DTRACE_CACHEIDNONE + 1;
75
76 void (*dtrace_fasttrap_fork_ptr)(proc_t *, proc_t *);
77 void (*dtrace_fasttrap_exec_ptr)(proc_t *);
78 void (*dtrace_fasttrap_exit_ptr)(proc_t *);
79
80 /*
81 * This function is called by cfork() in the event that it appears that
82 * there may be dtrace tracepoints active in the parent process's address
83 * space. This first confirms the existence of dtrace tracepoints in the
84 * parent process and calls into the fasttrap module to remove the
85 * corresponding tracepoints from the child. By knowing that there are
86 * existing tracepoints, and ensuring they can't be removed, we can rely
87 * on the fasttrap module remaining loaded.
88 */
89 void
dtrace_fasttrap_fork(proc_t * p,proc_t * cp)90 dtrace_fasttrap_fork(proc_t *p, proc_t *cp)
91 {
92 if (dtrace_fasttrap_fork_ptr) {
93 (*dtrace_fasttrap_fork_ptr)(p, cp);
94 }
95 }
96
97
98 /*
99 * DTrace wait for process execution
100 *
101 * This feature is using a list of entries, each entry containing a pointer
102 * on a process description. The description is provided by a client, and it
103 * contains the command we want to wait for along with a reserved space for
104 * the caught process id.
105 *
106 * Once an awaited process has been spawned, it will be suspended before
107 * notifying the client. Once the client has been back to userland, it's its
108 * duty to resume the task.
109 */
110
111 LCK_MTX_DECLARE_ATTR(dtrace_procwaitfor_lock, &dtrace_lck_grp, &dtrace_lck_attr);
112
113 typedef struct dtrace_proc_awaited_entry {
114 struct dtrace_procdesc *pdesc;
115 LIST_ENTRY(dtrace_proc_awaited_entry) entries;
116 } dtrace_proc_awaited_entry_t;
117
118 LIST_HEAD(listhead, dtrace_proc_awaited_entry) dtrace_proc_awaited_head
119 = LIST_HEAD_INITIALIZER(dtrace_proc_awaited_head);
120
121 void (*dtrace_proc_waitfor_exec_ptr)(proc_t*) = NULL;
122
123 static int
dtrace_proc_get_execpath(proc_t * p,char * buffer,int * maxlen)124 dtrace_proc_get_execpath(proc_t *p, char *buffer, int *maxlen)
125 {
126 int err = 0, vid = 0;
127 vnode_t tvp = NULLVP, nvp = NULLVP;
128
129 ASSERT(p);
130 ASSERT(buffer);
131 ASSERT(maxlen);
132
133 if ((tvp = p->p_textvp) == NULLVP)
134 return ESRCH;
135
136 vid = vnode_vid(tvp);
137 if ((err = vnode_getwithvid(tvp, vid)) != 0)
138 return err;
139
140 if ((err = vn_getpath_fsenter(tvp, buffer, maxlen)) != 0)
141 return err;
142 vnode_put(tvp);
143
144 if ((err = vnode_lookup(buffer, 0, &nvp, vfs_context_current())) != 0)
145 return err;
146 if (nvp != NULLVP)
147 vnode_put(nvp);
148
149 return 0;
150 }
151
152
153 static void
dtrace_proc_exec_notification(proc_t * p)154 dtrace_proc_exec_notification(proc_t *p) {
155 dtrace_proc_awaited_entry_t *entry, *tmp;
156 static char execpath[MAXPATHLEN];
157
158 ASSERT(p);
159 ASSERT(proc_getpid(p) != -1);
160 ASSERT(current_task() != proc_task(p));
161
162 lck_mtx_lock(&dtrace_procwaitfor_lock);
163
164 LIST_FOREACH_SAFE(entry, &dtrace_proc_awaited_head, entries, tmp) {
165 /* By default consider we're using p_comm. */
166 char *pname = p->p_comm;
167
168 /* Already matched with another process. */
169 if (((entry->pdesc->p_pid) != -1))
170 continue;
171
172 /* p_comm is too short, use the execpath. */
173 if (entry->pdesc->p_name_length >= MAXCOMLEN) {
174 /*
175 * Retrieve the executable path. After the call, length contains
176 * the length of the string + 1.
177 */
178 int length = sizeof(execpath);
179 if (dtrace_proc_get_execpath(p, execpath, &length) != 0)
180 continue;
181 /* Move the cursor to the position after the last / */
182 pname = &execpath[length - 1];
183 while (pname != execpath && *pname != '/')
184 pname--;
185 pname = (*pname == '/') ? pname + 1 : pname;
186 }
187
188 if (!strcmp(entry->pdesc->p_name, pname)) {
189 entry->pdesc->p_pid = proc_getpid(p);
190 task_pidsuspend(proc_task(p));
191 wakeup(entry);
192 }
193 }
194
195 lck_mtx_unlock(&dtrace_procwaitfor_lock);
196 }
197
198 int
dtrace_proc_waitfor(dtrace_procdesc_t * pdesc)199 dtrace_proc_waitfor(dtrace_procdesc_t* pdesc) {
200 dtrace_proc_awaited_entry_t entry;
201 int res;
202
203 ASSERT(pdesc);
204 ASSERT(pdesc->p_name);
205
206 /*
207 * Never trust user input, compute the length of the process name and ensure the
208 * string is null terminated.
209 */
210 pdesc->p_name_length = (int) strnlen(pdesc->p_name, sizeof(pdesc->p_name));
211 if (pdesc->p_name_length >= (int) sizeof(pdesc->p_name))
212 return -1;
213
214 lck_mtx_lock(&dtrace_procwaitfor_lock);
215
216 /* Initialize and insert the entry, then install the hook. */
217 pdesc->p_pid = -1;
218 entry.pdesc = pdesc;
219 LIST_INSERT_HEAD(&dtrace_proc_awaited_head, &entry, entries);
220 dtrace_proc_waitfor_exec_ptr = &dtrace_proc_exec_notification;
221
222 /* Sleep until the process has been executed */
223 res = msleep(&entry, &dtrace_procwaitfor_lock, PCATCH, "dtrace_proc_waitfor", NULL);
224
225 /* Remove the entry and the hook if it is not needed anymore. */
226 LIST_REMOVE(&entry, entries);
227 if (LIST_EMPTY(&dtrace_proc_awaited_head))
228 dtrace_proc_waitfor_exec_ptr = NULL;
229
230 lck_mtx_unlock(&dtrace_procwaitfor_lock);
231
232 return res;
233 }
234
235
236 typedef struct dtrace_invop_hdlr {
237 int (*dtih_func)(uintptr_t, uintptr_t *, uintptr_t);
238 struct dtrace_invop_hdlr *dtih_next;
239 } dtrace_invop_hdlr_t;
240
241 dtrace_invop_hdlr_t *dtrace_invop_hdlr;
242
243 int
244 dtrace_invop(uintptr_t, uintptr_t *, uintptr_t);
245
246 int
dtrace_invop(uintptr_t addr,uintptr_t * stack,uintptr_t eax)247 dtrace_invop(uintptr_t addr, uintptr_t *stack, uintptr_t eax)
248 {
249 dtrace_invop_hdlr_t *hdlr;
250 int rval;
251
252 for (hdlr = dtrace_invop_hdlr; hdlr != NULL; hdlr = hdlr->dtih_next) {
253 if ((rval = hdlr->dtih_func(addr, stack, eax)) != 0)
254 return (rval);
255 }
256
257 return (0);
258 }
259
260 void
dtrace_invop_add(int (* func)(uintptr_t,uintptr_t *,uintptr_t))261 dtrace_invop_add(int (*func)(uintptr_t, uintptr_t *, uintptr_t))
262 {
263 dtrace_invop_hdlr_t *hdlr;
264
265 hdlr = kmem_alloc(sizeof (dtrace_invop_hdlr_t), KM_SLEEP);
266 hdlr->dtih_func = func;
267 hdlr->dtih_next = dtrace_invop_hdlr;
268 dtrace_invop_hdlr = hdlr;
269 }
270
271 void
dtrace_invop_remove(int (* func)(uintptr_t,uintptr_t *,uintptr_t))272 dtrace_invop_remove(int (*func)(uintptr_t, uintptr_t *, uintptr_t))
273 {
274 dtrace_invop_hdlr_t *hdlr = dtrace_invop_hdlr, *prev = NULL;
275
276 for (;;) {
277 if (hdlr == NULL)
278 panic("attempt to remove non-existent invop handler");
279
280 if (hdlr->dtih_func == func)
281 break;
282
283 prev = hdlr;
284 hdlr = hdlr->dtih_next;
285 }
286
287 if (prev == NULL) {
288 ASSERT(dtrace_invop_hdlr == hdlr);
289 dtrace_invop_hdlr = hdlr->dtih_next;
290 } else {
291 ASSERT(dtrace_invop_hdlr != hdlr);
292 prev->dtih_next = hdlr->dtih_next;
293 }
294
295 kmem_free(hdlr, sizeof (dtrace_invop_hdlr_t));
296 }
297
298 void*
dtrace_ptrauth_strip(void * ptr,uint64_t key)299 dtrace_ptrauth_strip(void *ptr, uint64_t key)
300 {
301 #pragma unused(key)
302 #if __has_feature(ptrauth_calls)
303 /*
304 * The key argument to ptrauth_strip needs to be a compile-time
305 * constant
306 */
307 switch (key) {
308 case ptrauth_key_asia:
309 return ptrauth_strip(ptr, ptrauth_key_asia);
310 case ptrauth_key_asib:
311 return ptrauth_strip(ptr, ptrauth_key_asib);
312 case ptrauth_key_asda:
313 return ptrauth_strip(ptr, ptrauth_key_asda);
314 case ptrauth_key_asdb:
315 return ptrauth_strip(ptr, ptrauth_key_asdb);
316 default:
317 return ptr;
318 }
319 #else
320 return ptr;
321 #endif // __has_feature(ptrauth_calls)
322 }
323
324 int
dtrace_is_valid_ptrauth_key(uint64_t key)325 dtrace_is_valid_ptrauth_key(uint64_t key)
326 {
327 #pragma unused(key)
328 #if __has_feature(ptrauth_calls)
329 return (key == ptrauth_key_asia) || (key == ptrauth_key_asib) ||
330 (key == ptrauth_key_asda) || (key == ptrauth_key_asdb);
331 #else
332 return (1);
333 #endif /* __has_feature(ptrauth_calls) */
334 }
335
336 uint64_t
dtrace_physmem_read(uint64_t addr,size_t size)337 dtrace_physmem_read(uint64_t addr, size_t size)
338 {
339 switch (size) {
340 case 1:
341 return (uint64_t)ml_phys_read_byte_64((addr64_t)addr);
342 case 2:
343 return (uint64_t)ml_phys_read_half_64((addr64_t)addr);
344 case 4:
345 return (uint64_t)ml_phys_read_64((addr64_t)addr);
346 case 8:
347 return (uint64_t)ml_phys_read_double_64((addr64_t)addr);
348 }
349 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
350
351 return (0);
352 }
353
354 void
dtrace_physmem_write(uint64_t addr,uint64_t data,size_t size)355 dtrace_physmem_write(uint64_t addr, uint64_t data, size_t size)
356 {
357 switch (size) {
358 case 1:
359 ml_phys_write_byte_64((addr64_t)addr, (unsigned int)data);
360 break;
361 case 2:
362 ml_phys_write_half_64((addr64_t)addr, (unsigned int)data);
363 break;
364 case 4:
365 ml_phys_write_64((addr64_t)addr, (unsigned int)data);
366 break;
367 case 8:
368 ml_phys_write_double_64((addr64_t)addr, (unsigned long long)data);
369 break;
370 default:
371 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
372 }
373 }
374
375 static minor_t next_minor = 0;
376 static dtrace_state_t* dtrace_clients[DTRACE_NCLIENTS] = {NULL};
377
378
379 minor_t
dtrace_state_reserve(void)380 dtrace_state_reserve(void)
381 {
382 for (int i = 0; i < DTRACE_NCLIENTS; i++) {
383 minor_t minor = os_atomic_inc_orig(&next_minor, relaxed) % DTRACE_NCLIENTS;
384 if (dtrace_clients[minor] == NULL)
385 return minor;
386 }
387 return 0;
388 }
389
390 dtrace_state_t*
dtrace_state_get(minor_t minor)391 dtrace_state_get(minor_t minor)
392 {
393 ASSERT(minor < DTRACE_NCLIENTS);
394 return dtrace_clients[minor];
395 }
396
397 dtrace_state_t*
dtrace_state_allocate(minor_t minor)398 dtrace_state_allocate(minor_t minor)
399 {
400 dtrace_state_t *state = kalloc_type(dtrace_state_t, Z_ZERO | Z_WAITOK);
401 if (dtrace_casptr(&dtrace_clients[minor], NULL, state) != NULL) {
402 // We have been raced by another client for this number, abort
403 kfree_type(dtrace_state_t, state);
404 return NULL;
405 }
406 return state;
407 }
408
409 void
dtrace_state_free(minor_t minor)410 dtrace_state_free(minor_t minor)
411 {
412 dtrace_state_t *state = dtrace_clients[minor];
413 dtrace_clients[minor] = NULL;
414 kfree_type(dtrace_state_t, state);
415 }
416
417
418
419 void
dtrace_restriction_policy_load(void)420 dtrace_restriction_policy_load(void)
421 {
422 }
423
424 /*
425 * Check if DTrace has been restricted by the current security policy.
426 */
427 boolean_t
dtrace_is_restricted(void)428 dtrace_is_restricted(void)
429 {
430 #if CONFIG_CSR
431 if (csr_check(CSR_ALLOW_UNRESTRICTED_DTRACE) != 0)
432 return TRUE;
433 #endif
434
435 return FALSE;
436 }
437
438 boolean_t
dtrace_are_restrictions_relaxed(void)439 dtrace_are_restrictions_relaxed(void)
440 {
441 #if CONFIG_CSR
442 if (csr_check(CSR_ALLOW_APPLE_INTERNAL) == 0)
443 return TRUE;
444 #endif
445
446 return FALSE;
447 }
448
449 boolean_t
dtrace_fbt_probes_restricted(void)450 dtrace_fbt_probes_restricted(void)
451 {
452
453 #if CONFIG_CSR
454 if (dtrace_is_restricted() && !dtrace_are_restrictions_relaxed())
455 return TRUE;
456 #endif
457
458 return FALSE;
459 }
460
461 boolean_t
dtrace_sdt_probes_restricted(void)462 dtrace_sdt_probes_restricted(void)
463 {
464
465 return FALSE;
466 }
467
468 /*
469 * Check if the process can be attached.
470 */
471 boolean_t
dtrace_can_attach_to_proc(proc_t * proc)472 dtrace_can_attach_to_proc(proc_t *proc)
473 {
474 #pragma unused(proc)
475 ASSERT(proc != NULL);
476
477 #if CONFIG_CSR
478 if (cs_restricted(proc))
479 return FALSE;
480 #endif
481
482 return TRUE;
483 }
484
485