#include <kern/assert.h>
#include <kern/debug.h>
#include <kern/kext_alloc.h>
#include <kern/misc_protos.h>
#include <mach/host_priv_server.h>
#include <mach/kern_return.h>
#include <mach/mach_vm.h>
#include <mach/vm_map.h>
#include <mach/vm_types.h>
#include <mach-o/loader.h>
#include <libkern/kernel_mach_header.h>
#include <libkern/prelink.h>
#include <san/kasan.h>
#define KASLR_IOREG_DEBUG 0
vm_map_t g_kext_map = 0;
#if KASLR_IOREG_DEBUG
mach_vm_offset_t kext_alloc_base = 0;
mach_vm_offset_t kext_alloc_max = 0;
#else
static mach_vm_offset_t kext_alloc_base = 0;
static mach_vm_offset_t kext_alloc_max = 0;
#if CONFIG_KEXT_BASEMENT
static mach_vm_offset_t kext_post_boot_base = 0;
#endif
#endif
__startup_func
void
kext_alloc_init(void)
{
#if CONFIG_KEXT_BASEMENT
kern_return_t rval = 0;
kernel_segment_command_t *text = NULL;
kernel_segment_command_t *prelinkTextSegment = NULL;
mach_vm_offset_t text_end, text_start;
mach_vm_size_t text_size;
mach_vm_size_t kext_alloc_size;
text = getsegbyname(SEG_TEXT);
text_start = vm_map_trunc_page(text->vmaddr,
VM_MAP_PAGE_MASK(kernel_map));
text_start &= ~((512ULL * 1024 * 1024 * 1024) - 1);
text_end = vm_map_round_page(text->vmaddr + text->vmsize,
VM_MAP_PAGE_MASK(kernel_map));
text_size = text_end - text_start;
kext_alloc_base = KEXT_ALLOC_BASE(text_end);
kext_alloc_size = KEXT_ALLOC_SIZE(text_size);
kext_alloc_max = kext_alloc_base + kext_alloc_size;
prelinkTextSegment = getsegbyname("__PRELINK_TEXT");
if (prelinkTextSegment) {
kext_post_boot_base =
vm_map_round_page(kext_alloc_base + prelinkTextSegment->vmsize,
VM_MAP_PAGE_MASK(kernel_map));
} else {
kext_post_boot_base = kext_alloc_base;
}
rval = kmem_suballoc(kernel_map, (vm_offset_t *) &kext_alloc_base,
kext_alloc_size, TRUE,
VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
VM_MAP_KERNEL_FLAGS_NONE, VM_KERN_MEMORY_KEXT,
&g_kext_map);
if (rval != KERN_SUCCESS) {
panic("kext_alloc_init: kmem_suballoc failed 0x%x\n", rval);
}
if ((kext_alloc_base + kext_alloc_size) > kext_alloc_max) {
panic("kext_alloc_init: failed to get first 2GB\n");
}
if (kernel_map->min_offset > kext_alloc_base) {
kernel_map->min_offset = kext_alloc_base;
}
printf("kext submap [0x%lx - 0x%lx], kernel text [0x%lx - 0x%lx]\n",
VM_KERNEL_UNSLIDE(kext_alloc_base),
VM_KERNEL_UNSLIDE(kext_alloc_max),
VM_KERNEL_UNSLIDE(text->vmaddr),
VM_KERNEL_UNSLIDE(text->vmaddr + text->vmsize));
#else
g_kext_map = kernel_map;
kext_alloc_base = VM_MIN_KERNEL_ADDRESS;
kext_alloc_max = VM_MAX_KERNEL_ADDRESS;
#endif
}
vm_offset_t
get_address_from_kext_map(vm_size_t fsize)
{
vm_offset_t addr = 0;
kern_return_t ret;
ret = kext_alloc(&addr, fsize, false);
assert(ret == KERN_SUCCESS);
if (ret != KERN_SUCCESS) {
return 0;
}
kext_free(addr, fsize);
addr += VM_MAP_PAGE_SIZE(g_kext_map);
addr = vm_map_trunc_page(addr,
VM_MAP_PAGE_MASK(g_kext_map));
return addr;
}
kern_return_t
kext_alloc(vm_offset_t *_addr, vm_size_t size, boolean_t fixed)
{
kern_return_t rval = 0;
#if CONFIG_KEXT_BASEMENT
mach_vm_offset_t addr = (fixed) ? *_addr : kext_post_boot_base;
#else
mach_vm_offset_t addr = (fixed) ? *_addr : kext_alloc_base;
#endif
int flags = (fixed) ? VM_FLAGS_FIXED : VM_FLAGS_ANYWHERE;
#if CONFIG_KEXT_BASEMENT
kc_format_t kcformat;
if (PE_get_primary_kc_format(&kcformat) && kcformat == KCFormatFileset) {
rval = mach_vm_allocate_kernel(g_kext_map, &addr, size, flags, VM_KERN_MEMORY_KEXT);
if (rval != KERN_SUCCESS) {
printf("vm_allocate failed - %d\n", rval);
goto finish;
}
goto check_reachable;
}
rval = mach_vm_map_kernel(g_kext_map,
&addr,
size,
0,
flags,
VM_MAP_KERNEL_FLAGS_NONE,
VM_KERN_MEMORY_KEXT,
MACH_PORT_NULL,
0,
TRUE,
VM_PROT_DEFAULT,
VM_PROT_ALL,
VM_INHERIT_DEFAULT);
if (rval != KERN_SUCCESS) {
printf("mach_vm_map failed - %d\n", rval);
goto finish;
}
check_reachable:
#else
rval = mach_vm_allocate_kernel(g_kext_map, &addr, size, flags, VM_KERN_MEMORY_KEXT);
if (rval != KERN_SUCCESS) {
printf("vm_allocate failed - %d\n", rval);
goto finish;
}
#endif
if ((addr + size) > kext_alloc_max) {
kext_free((vm_offset_t)addr, size);
rval = KERN_INVALID_ADDRESS;
goto finish;
}
*_addr = (vm_offset_t)addr;
rval = KERN_SUCCESS;
#if KASAN
kasan_notify_address(addr, size);
#endif
finish:
return rval;
}
void
kext_free(vm_offset_t addr, vm_size_t size)
{
kern_return_t rval;
rval = mach_vm_deallocate(g_kext_map, addr, size);
assert(rval == KERN_SUCCESS);
}
kern_return_t
kext_receipt(void **addrp, size_t *sizep)
{
if (addrp == NULL || sizep == NULL) {
return KERN_FAILURE;
}
kernel_mach_header_t *kc = PE_get_kc_header(KCKindAuxiliary);
if (kc == NULL) {
return KERN_FAILURE;
}
size_t size;
void *addr = getsectdatafromheader(kc,
kReceiptInfoSegment, kAuxKCReceiptSection, &size);
if (addr == NULL) {
return KERN_FAILURE;
}
*addrp = addr;
*sizep = size;
return KERN_SUCCESS;
}