#include <mach/mach_types.h>
#include <mach/boolean.h>
#include <mach/kern_return.h>
#include <mach/message.h>
#include <mach/port.h>
#include <mach/mig_errors.h>
#include <mach/task.h>
#include <mach/thread_status.h>
#include <mach/exception_types.h>
#include <mach/exc.h>
#include <mach/mach_exc.h>
#include <ipc/port.h>
#include <ipc/ipc_entry.h>
#include <ipc/ipc_object.h>
#include <ipc/ipc_notify.h>
#include <ipc/ipc_space.h>
#include <ipc/ipc_pset.h>
#include <ipc/ipc_machdep.h>
#include <kern/counters.h>
#include <kern/ipc_tt.h>
#include <kern/task.h>
#include <kern/thread.h>
#include <kern/processor.h>
#include <kern/sched.h>
#include <kern/sched_prim.h>
#include <kern/host.h>
#include <kern/misc_protos.h>
#include <security/mac_mach_internal.h>
#include <string.h>
#include <pexpert/pexpert.h>
extern int panic_on_exception_triage;
unsigned long c_thr_exc_raise = 0;
unsigned long c_thr_exc_raise_state = 0;
unsigned long c_thr_exc_raise_state_id = 0;
unsigned long c_tsk_exc_raise = 0;
unsigned long c_tsk_exc_raise_state = 0;
unsigned long c_tsk_exc_raise_state_id = 0;
kern_return_t exception_deliver(
thread_t thread,
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt,
struct exception_action *excp,
lck_mtx_t *mutex);
static kern_return_t
check_exc_receiver_dependency(
exception_type_t exception,
struct exception_action *excp,
lck_mtx_t *mutex);
#ifdef MACH_BSD
kern_return_t bsd_exception(
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt);
#endif
kern_return_t
exception_deliver(
thread_t thread,
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt,
struct exception_action *excp,
lck_mtx_t *mutex)
{
ipc_port_t exc_port;
exception_data_type_t small_code[EXCEPTION_CODE_MAX];
int code64;
int behavior;
int flavor;
kern_return_t kr;
int use_fast_retrieve = TRUE;
task_t task;
ipc_port_t thread_port = NULL, task_port = NULL;
if (!thread->active && !thread->inspection)
return KERN_SUCCESS;
if (excp == NULL)
return KERN_FAILURE;
assert(exception < EXC_TYPES_COUNT);
if (exception >= EXC_TYPES_COUNT)
return KERN_FAILURE;
excp = &excp[exception];
lck_mtx_lock(mutex);
exc_port = excp->port;
if (!IP_VALID(exc_port)) {
lck_mtx_unlock(mutex);
return KERN_FAILURE;
}
ip_lock(exc_port);
if (!ip_active(exc_port)) {
ip_unlock(exc_port);
lck_mtx_unlock(mutex);
return KERN_FAILURE;
}
ip_reference(exc_port);
exc_port->ip_srights++;
ip_unlock(exc_port);
flavor = excp->flavor;
behavior = excp->behavior;
lck_mtx_unlock(mutex);
code64 = (behavior & MACH_EXCEPTION_CODES);
behavior &= ~MACH_EXCEPTION_CODES;
if (!code64) {
small_code[0] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[0]);
small_code[1] = CAST_DOWN_EXPLICIT(exception_data_type_t, code[1]);
}
task = thread->task;
#if CONFIG_MACF
if (mac_exc_action_check_exception_send(task, excp) != 0) {
return KERN_FAILURE;
}
#endif
if ((thread != current_thread() || exception == EXC_CORPSE_NOTIFY)
&& behavior != EXCEPTION_STATE) {
use_fast_retrieve = FALSE;
task_reference(task);
task_port = convert_task_to_port(task);
thread_reference(thread);
thread_port = convert_thread_to_port(thread);
}
switch (behavior) {
case EXCEPTION_STATE: {
mach_msg_type_number_t state_cnt;
thread_state_data_t state;
c_thr_exc_raise_state++;
state_cnt = _MachineStateCount[flavor];
kr = thread_getstatus(thread, flavor,
(thread_state_t)state,
&state_cnt);
if (kr == KERN_SUCCESS) {
if (code64) {
kr = mach_exception_raise_state(exc_port,
exception,
code,
codeCnt,
&flavor,
state, state_cnt,
state, &state_cnt);
} else {
kr = exception_raise_state(exc_port, exception,
small_code,
codeCnt,
&flavor,
state, state_cnt,
state, &state_cnt);
}
if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY)
kr = thread_setstatus(thread, flavor,
(thread_state_t)state,
state_cnt);
}
return kr;
}
case EXCEPTION_DEFAULT:
c_thr_exc_raise++;
if (code64) {
kr = mach_exception_raise(exc_port,
use_fast_retrieve ? retrieve_thread_self_fast(thread) :
thread_port,
use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
task_port,
exception,
code,
codeCnt);
} else {
kr = exception_raise(exc_port,
use_fast_retrieve ? retrieve_thread_self_fast(thread) :
thread_port,
use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
task_port,
exception,
small_code,
codeCnt);
}
return kr;
case EXCEPTION_STATE_IDENTITY: {
mach_msg_type_number_t state_cnt;
thread_state_data_t state;
c_thr_exc_raise_state_id++;
state_cnt = _MachineStateCount[flavor];
kr = thread_getstatus(thread, flavor,
(thread_state_t)state,
&state_cnt);
if (kr == KERN_SUCCESS) {
if (code64) {
kr = mach_exception_raise_state_identity(
exc_port,
use_fast_retrieve ? retrieve_thread_self_fast(thread) :
thread_port,
use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
task_port,
exception,
code,
codeCnt,
&flavor,
state, state_cnt,
state, &state_cnt);
} else {
kr = exception_raise_state_identity(exc_port,
use_fast_retrieve ? retrieve_thread_self_fast(thread) :
thread_port,
use_fast_retrieve ? retrieve_task_self_fast(thread->task) :
task_port,
exception,
small_code,
codeCnt,
&flavor,
state, state_cnt,
state, &state_cnt);
}
if (kr == MACH_MSG_SUCCESS && exception != EXC_CORPSE_NOTIFY)
kr = thread_setstatus(thread, flavor,
(thread_state_t)state,
state_cnt);
}
return kr;
}
default:
panic ("bad exception behavior!");
return KERN_FAILURE;
}
}
kern_return_t
check_exc_receiver_dependency(
exception_type_t exception,
struct exception_action *excp,
lck_mtx_t *mutex)
{
kern_return_t retval = KERN_SUCCESS;
if (excp == NULL || exception != EXC_CRASH)
return retval;
task_t task = current_task();
lck_mtx_lock(mutex);
ipc_port_t xport = excp[exception].port;
if ( IP_VALID(xport)
&& ip_active(xport)
&& task->itk_space == xport->ip_receiver)
retval = KERN_FAILURE;
lck_mtx_unlock(mutex);
return retval;
}
kern_return_t
exception_triage_thread(
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt,
thread_t thread)
{
task_t task;
host_priv_t host_priv;
lck_mtx_t *mutex;
kern_return_t kr = KERN_FAILURE;
assert(exception != EXC_RPC_ALERT);
if (panic_on_exception_triage) {
panic("called exception_triage when it was forbidden by the boot environment");
}
mutex = &thread->mutex;
if (KERN_SUCCESS == check_exc_receiver_dependency(exception, thread->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, thread->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
goto out;
}
task = thread->task;
mutex = &task->itk_lock_data;
if (KERN_SUCCESS == check_exc_receiver_dependency(exception, task->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, task->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
goto out;
}
host_priv = host_priv_self();
mutex = &host_priv->lock;
if (KERN_SUCCESS == check_exc_receiver_dependency(exception, host_priv->exc_actions, mutex))
{
kr = exception_deliver(thread, exception, code, codeCnt, host_priv->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
goto out;
}
out:
if ((exception != EXC_CRASH) && (exception != EXC_RESOURCE) &&
(exception != EXC_GUARD) && (exception != EXC_CORPSE_NOTIFY))
thread_exception_return();
return kr;
}
kern_return_t
exception_triage(
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt)
{
thread_t thread = current_thread();
return exception_triage_thread(exception, code, codeCnt, thread);
}
kern_return_t
bsd_exception(
exception_type_t exception,
mach_exception_data_t code,
mach_msg_type_number_t codeCnt)
{
task_t task;
lck_mtx_t *mutex;
thread_t self = current_thread();
kern_return_t kr;
task = current_task();
mutex = &task->itk_lock_data;
kr = exception_deliver(self, exception, code, codeCnt, task->exc_actions, mutex);
if (kr == KERN_SUCCESS || kr == MACH_RCV_PORT_DIED)
return(KERN_SUCCESS);
return(KERN_FAILURE);
}
kern_return_t task_exception_notify(exception_type_t exception,
mach_exception_data_type_t exccode, mach_exception_data_type_t excsubcode)
{
mach_exception_data_type_t code[EXCEPTION_CODE_MAX];
wait_interrupt_t wsave;
kern_return_t kr = KERN_SUCCESS;
code[0] = exccode;
code[1] = excsubcode;
wsave = thread_interrupt_level(THREAD_UNINT);
kr = exception_triage(exception, code, EXCEPTION_CODE_MAX);
(void) thread_interrupt_level(wsave);
return kr;
}
kern_return_t sys_perf_notify(thread_t thread, int pid)
{
host_priv_t hostp;
ipc_port_t xport;
wait_interrupt_t wsave;
kern_return_t ret;
hostp = host_priv_self();
mach_exception_data_type_t code[EXCEPTION_CODE_MAX];
code[0] = 0xFF000001;
code[1] = pid;
struct task *task = thread->task;
xport = hostp->exc_actions[EXC_RPC_ALERT].port;
if (!IP_VALID(xport) ||
!ip_active(xport) ||
task->itk_space == xport->data.receiver) {
return(KERN_FAILURE);
}
wsave = thread_interrupt_level(THREAD_UNINT);
ret = exception_deliver(
thread,
EXC_RPC_ALERT,
code,
2,
hostp->exc_actions,
&hostp->lock);
(void)thread_interrupt_level(wsave);
return(ret);
}