xnu-6153.11.26

Imported from https://opensource.apple.com/tarballs/xnu/xnu-6153.11.26.tar.gz
kkpan11 · Jan 11, 2021 · 18c0ee9 · 18c0ee9
1 parent b6dbbb9
commit 18c0ee9
Show file tree

Hide file tree

Showing 1,613 changed files with 138,877 additions and 64,476 deletions.
diff --git a/.gitignore b/.gitignore
@@ -25,6 +25,9 @@ compile_commands.json
 # /libkern/kmod/libkmod.xcodeproj/
 /libkern/kmod/libkmod.xcodeproj/xcuserdata
 
+# /libkdd/kdd.xcodeproj/
+/libkdd/kdd.xcodeproj/xcuserdata
+
 # /libsyscall/Libsyscall.xcodeproj/
 /libsyscall/Libsyscall.xcodeproj/xcuserdata
 /libsyscall/Libsyscall.xcodeproj/project.xcworkspace
@@ -44,14 +47,25 @@ compile_commands.json
 # /tools/tests/testkext/testkext.xcodeproj/
 /tools/tests/testkext/testkext.xcodeproj/xcuserdata
 
+#/tools/tests/unit_tests/cpu_monitor_tests_11646922_src/CatchRN/CatchRN.xcodeproj/
+/tools/tests/unit_tests/cpu_monitor_tests_11646922_src/CatchRN/CatchRN.xcodeproj/xcuserdata
+
 # /tools/tests/unit_tests/cpu_monitor_tests_11646922_src/cpu_hog/cpu_hog.xcodeproj/
 /tools/tests/unit_tests/cpu_monitor_tests_11646922_src/cpu_hog/cpu_hog.xcodeproj/xcuserdata
 
+# /tools/tests/unit_tests/mach_test_15789220_src/mach_test.xcodeproj/
+/tools/tests/unit_tests/mach_test_15789220_src/mach_test.xcodeproj/xcuserdata
+
 # /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/
 /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/xcuserdata
 
 # /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/project.xcworkspace/
 /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/project.xcworkspace/xcuserdata
 
+#/tools/tests/unit_tests/test_14395574/test_14395574.xcodeproj/
+/tools/tests/unit_tests/test_14395574/test_14395574.xcodeproj/xcuserdata
+
 # /tools/tests/zero-to-n
 /tools/tests/zero-to-n/zn*
+
+# do not add *.orig, *.rej, use `git clean` instead
diff --git a/EXTERNAL_HEADERS/Makefile b/EXTERNAL_HEADERS/Makefile
@@ -8,7 +8,8 @@ include $(MakeInc_def)
 
 INSTINC_SUBDIRS =	\
 	architecture	\
-	mach-o
+	mach-o			\
+	sys
 
 INSTINC_SUBDIRS_X86_64 =	\
 	architecture
@@ -32,9 +33,7 @@ KERNEL_FILES = \
 	stdatomic.h	\
 	stdbool.h	\
 	stddef.h	\
-	stdint.h
-
-KERNEL_FILES += \
+	stdint.h	\
 	ptrauth.h
 
 INSTALL_MI_LIST =

diff --git a/EXTERNAL_HEADERS/corecrypto/cc.h b/EXTERNAL_HEADERS/corecrypto/cc.h
@@ -16,12 +16,41 @@
 #include <string.h>
 #include <stdint.h>
 
+#if __has_feature(attribute_availability_with_replacement)
+#if __has_feature(attribute_availability_bridgeos)
+  #ifndef __CC_BRIDGE_OS_DEPRECATED
+    #define __CC_BRIDGEOS_DEPRECATED(_dep, _msg) __attribute__((availability(bridgeos,deprecated=_dep, replacement=_msg)))
+  #endif
+#endif
+
+#ifndef __CC_BRIDGEOS_DEPRECATED
+  #define __CC_BRIDGEOS_DEPRECATED(_dep, _msg)
+#endif
+
+#define cc_deprecate_with_replacement(replacement_message, ios_version, macos_version, tvos_version, watchos_version, bridgeos_version) \
+__attribute__((availability(macos,deprecated=macos_version,       replacement=replacement_message)))\
+__attribute__((availability(ios,deprecated=ios_version,           replacement=replacement_message)))\
+__attribute__((availability(watchos,deprecated=watchos_version,   replacement=replacement_message)))\
+__attribute__((availability(tvos,deprecated=tvos_version,         replacement=replacement_message)))\
+__CC_BRIDGEOS_DEPRECATED(bridgeos_version, replacement_message)
+
+#else /* !__has_feature(attribute_availability_with_replacement) */
+
+#define cc_deprecate_with_replacement(replacement_message, ios_version, macos_version, tvos_version, watchos_version, bridgeos_version)
+
+#endif /* __has_feature(attribute_availability_with_replacement) */
+
 /* Provide a general purpose macro concat method. */
 #define cc_concat_(a, b) a##b
 #define cc_concat(a, b) cc_concat_(a, b)
 
 /* Manage asserts here because a few functions in header public files do use asserts */
+#if CORECRYPTO_DEBUG
 #define cc_assert(x) assert(x)
+#else
+#define cc_assert(x)
+#endif
+
 #if CC_KERNEL
 #include <kern/assert.h>
 #elif CC_USE_S3
@@ -32,7 +61,7 @@
 
 /* Provide a static assert that can be used to create compile-type failures. */
 #define cc_static_assert(e,m)                                               \
-    ;enum { cc_concat(static_assert_, __COUNTER__) = 1/(int)(!!(e)) }
+    enum { cc_concat(static_assert_, __COUNTER__) = 1/(int)(!!(e)) }
 
 /* Declare a struct element with a guarenteed alignment of _alignment_.
    The resulting struct can be used to create arrays that are aligned by
@@ -42,6 +71,15 @@ typedef struct { \
 uint8_t b[_alignment_]; \
 } CC_ALIGNED(_alignment_)
 
+#if defined(__BIGGEST_ALIGNMENT__)
+#define CC_MAX_ALIGNMENT __BIGGEST_ALIGNMENT__
+#else
+#define CC_MAX_ALIGNMENT 16
+#endif
+
+/* pads a given size to be a multiple of the biggest alignment for any type */
+#define cc_pad_align(_size_) ((_size_ + CC_MAX_ALIGNMENT - 1) & (~(CC_MAX_ALIGNMENT - 1)))
+
 /* number of array elements used in a cc_ctx_decl */
 #define cc_ctx_n(_type_, _size_) ((_size_ + sizeof(_type_) - 1) / sizeof(_type_))
 
@@ -55,14 +93,14 @@ uint8_t b[_alignment_]; \
   3. Never use sizeof() operator for the variables declared with cc_ctx_decl(), because it is not be compatible with the _MSC_VER version of cc_ctx_decl().
  */
 #if defined(_MSC_VER)
+#include <malloc.h>
 #define cc_ctx_decl(_type_, _size_, _name_)  _type_ * _name_ = (_type_ *) _alloca(sizeof(_type_) * cc_ctx_n(_type_, _size_) )
 #else
 #define cc_ctx_decl(_type_, _size_, _name_)  _type_ _name_ [cc_ctx_n(_type_, _size_)]
 #endif
 
-/* bzero is deprecated. memset is the way to go */
-/* FWIW, L4, HEXAGON and ARMCC even with gnu compatibility mode don't have bzero */
-#define cc_zero(_size_,_data_) memset((_data_),0 ,(_size_))
+// cc_zero is deprecated, please use cc_clear instead.
+#define cc_zero(_size_,_data_) _Pragma ("corecrypto deprecation warning \"'cc_zero' macro is deprecated. Use 'cc_clear' instead.\"") cc_clear(_size_,_data_)
 
 /*!
  @brief cc_clear(len, dst) zeroizes array dst and it will not be optimized out.
@@ -99,12 +137,16 @@ int cc_cmp_safe (size_t num, const void * ptr1, const void * ptr2);
 /* Exchange S and T of any type.  NOTE: Both and S and T are evaluated
    mutliple times and MUST NOT be expressions. */
 #define CC_SWAP(S,T)  do { \
-    __typeof__(S) _cc_swap_tmp = S; S = T; T = _cc_swap_tmp; \
+    volatile __typeof__(S) _cc_swap_tmp = S; S = T; T = _cc_swap_tmp; \
+    _cc_swap_tmp = 0;\
 } while(0)
 
 /* Return the maximum value between S and T. */
 #define CC_MAX(S, T) ({__typeof__(S) _cc_max_s = S; __typeof__(T) _cc_max_t = T; _cc_max_s > _cc_max_t ? _cc_max_s : _cc_max_t;})
 
+/* Clone of CC_MAX() that evalutes S and T multiple times to allow nesting. */
+#define CC_MAX_EVAL(S, T) ((S) > (T) ? (S) : (T))
+
 /* Return the minimum value between S and T. */
 #define CC_MIN(S, T) ({__typeof__(S) _cc_min_s = S; __typeof__(T) _cc_min_t = T; _cc_min_s <= _cc_min_t ? _cc_min_s : _cc_min_t;})
 

diff --git a/EXTERNAL_HEADERS/corecrypto/cc_config.h b/EXTERNAL_HEADERS/corecrypto/cc_config.h
@@ -258,8 +258,7 @@
  #define CCN_OSX				   1
 #endif
 
-#if CC_USE_L4 || CC_USE_S3
-/* No dynamic linking allowed in L4, e.g. avoid nonlazy symbols */
+#if CC_USE_S3
 /* For corecrypto kext, CC_STATIC should be undefined */
  #define CC_STATIC              1
 #endif
@@ -296,9 +295,9 @@
 
 // see rdar://problem/26636018
 #if (CCN_UNIT_SIZE == 8) && !( defined(_MSC_VER) && defined(__clang__))
-#define CCEC25519_CURVE25519DONNA_64BIT 1
+#define CCEC25519_CURVE25519_64BIT 1
 #else
-#define CCEC25519_CURVE25519DONNA_64BIT 0
+#define CCEC25519_CURVE25519_64BIT 0
 #endif
 
 //- functions implemented in assembly ------------------------------------------
@@ -307,10 +306,15 @@
  #warning "You are using the default corecrypto configuration, assembly optimizations may not be available for your platform"
 #endif
 
+// Enable assembler in Linux if CC_LINUX_ASM is defined
+#if CC_LINUX && defined(CC_LINUX_ASM) && CC_LINUX_ASM
+#define CC_USE_ASM 1
+#endif
+
 // Use this macro to strictly disable assembly regardless of cpu/os/compiler/etc.
 // Our assembly code is not gcc compatible. Clang defines the __GNUC__ macro as well.
 #if !defined(CC_USE_ASM)
- #if defined(_WIN32) || CC_EFI || CC_BASEBAND || CC_XNU_KERNEL_PRIVATE || (defined(__GNUC__) && !defined(__clang__)) || defined(__ANDROID_API__) || CC_RTKIT || CC_RTKITROM
+ #if defined(_WIN32) || CC_EFI || CC_BASEBAND || CC_XNU_KERNEL_PRIVATE || (defined(__GNUC__) && !defined(__clang__)) || defined(__ANDROID_API__) || CC_LINUX
   #define CC_USE_ASM 0
  #else
   #define CC_USE_ASM 1
@@ -327,11 +331,18 @@
  #define CCN_ADDMUL1_ASM        1
  #define CCN_MUL1_ASM           1
  #define CCN_CMP_ASM            1
- #define CCN_ADD1_ASM           0
- #define CCN_SUB1_ASM           0
+ #define CCN_ADD1_ASM           1
+ #define CCN_SUB1_ASM           1
  #define CCN_N_ASM              1
  #define CCN_SET_ASM            1
  #define CCN_SHIFT_RIGHT_ASM    1
+ #if defined(__ARM_NEON__) 
+ #define CCN_SHIFT_LEFT_ASM     1
+ #else
+ #define CCN_SHIFT_LEFT_ASM     0
+ #endif
+ #define CCN_MOD_224_ASM        1
+ #define CCN_MULMOD_256_ASM     1
  #define CCAES_ARM_ASM          1
  #define CCAES_INTEL_ASM        0
  #if CC_KERNEL || CC_USE_L4 || CC_IBOOT || CC_RTKIT || CC_RTKITROM || CC_USE_SEPROM || CC_USE_S3
@@ -344,14 +355,16 @@
  #define CCSHA2_VNG_INTEL       0
 
  #if defined(__ARM_NEON__) || CC_KERNEL
-  #define CCSHA1_VNG_ARMV7NEON   1
-  #define CCSHA2_VNG_ARMV7NEON   1
+  #define CCSHA1_VNG_ARM        1
+  #define CCSHA2_VNG_ARM        1
  #else /* !defined(__ARM_NEON__) */
-  #define CCSHA1_VNG_ARMV7NEON   0
-  #define CCSHA2_VNG_ARMV7NEON   0
+  #define CCSHA1_VNG_ARM        0
+  #define CCSHA2_VNG_ARM        0
  #endif /* !defined(__ARM_NEON__) */
  #define CCSHA256_ARMV6M_ASM 0
 
+ #define CC_ACCELERATECRYPTO    1
+
 //-(2) ARM 64
 #elif defined(__arm64__) && __clang__ && CC_USE_ASM
  #define CCN_DEDICATED_SQR      CC_SMALL_CODE
@@ -367,16 +380,21 @@
  #define CCN_N_ASM              1
  #define CCN_SET_ASM            0
  #define CCN_SHIFT_RIGHT_ASM    1
+ #define CCN_SHIFT_LEFT_ASM     1
+ #define CCN_MOD_224_ASM        0
+ #define CCN_MULMOD_256_ASM     1
  #define CCAES_ARM_ASM          1
  #define CCAES_INTEL_ASM        0
  #define CCAES_MUX              0        // On 64bit SoC, asm is much faster than HW
  #define CCN_USE_BUILTIN_CLZ    1
  #define CCSHA1_VNG_INTEL       0
  #define CCSHA2_VNG_INTEL       0
- #define CCSHA1_VNG_ARMV7NEON   1		// reused this to avoid making change to xcode project, put arm64 assembly code with armv7 code
- #define CCSHA2_VNG_ARMV7NEON   1
+ #define CCSHA1_VNG_ARM         1
+ #define CCSHA2_VNG_ARM         1
  #define CCSHA256_ARMV6M_ASM    0
 
+ #define CC_ACCELERATECRYPTO    1
+
 //-(3) Intel 32/64
 #elif (defined(__x86_64__) || defined(__i386__)) && __clang__ && CC_USE_ASM
  #define CCN_DEDICATED_SQR      1
@@ -396,12 +414,16 @@
   #define CCN_CMP_ASM            1
   #define CCN_N_ASM              1
   #define CCN_SHIFT_RIGHT_ASM    1
+  #define CCN_SHIFT_LEFT_ASM     1
  #else
   #define CCN_CMP_ASM            0
   #define CCN_N_ASM              0
   #define CCN_SHIFT_RIGHT_ASM    0
+  #define CCN_SHIFT_LEFT_ASM     0
  #endif
 
+ #define CCN_MOD_224_ASM        0
+ #define CCN_MULMOD_256_ASM     0
  #define CCN_ADDMUL1_ASM        0
  #define CCN_MUL1_ASM           0
  #define CCN_ADD1_ASM           0
@@ -413,10 +435,12 @@
  #define CCN_USE_BUILTIN_CLZ    0
  #define CCSHA1_VNG_INTEL       1
  #define CCSHA2_VNG_INTEL       1
- #define CCSHA1_VNG_ARMV7NEON   0
- #define CCSHA2_VNG_ARMV7NEON   0
+ #define CCSHA1_VNG_ARM         0
+ #define CCSHA2_VNG_ARM         0
  #define CCSHA256_ARMV6M_ASM    0
 
+ #define CC_ACCELERATECRYPTO    1
+
 //-(4) disable assembly
 #else
  #if CCN_UINT128_SUPPORT_FOR_64BIT_ARCH
@@ -436,16 +460,21 @@
  #define CCN_N_ASM              0
  #define CCN_SET_ASM            0
  #define CCN_SHIFT_RIGHT_ASM    0
+ #define CCN_SHIFT_LEFT_ASM     0
+ #define CCN_MOD_224_ASM        0
+ #define CCN_MULMOD_256_ASM     0
  #define CCAES_ARM_ASM          0
  #define CCAES_INTEL_ASM        0
  #define CCAES_MUX              0
  #define CCN_USE_BUILTIN_CLZ    0
  #define CCSHA1_VNG_INTEL       0
  #define CCSHA2_VNG_INTEL       0
- #define CCSHA1_VNG_ARMV7NEON   0
- #define CCSHA2_VNG_ARMV7NEON   0
+ #define CCSHA1_VNG_ARM         0
+ #define CCSHA2_VNG_ARM         0
  #define CCSHA256_ARMV6M_ASM    0
 
+ #define CC_ACCELERATECRYPTO    0
+
 #endif
 
 #define CC_INLINE static inline
@@ -457,10 +486,12 @@
  #define CC_NONNULL4 CC_NONNULL((4))
  #define CC_NONNULL_ALL __attribute__((__nonnull__))
  #define CC_SENTINEL __attribute__((__sentinel__))
+ // Only apply the `CC_CONST` attribute to functions with no side-effects where the output is a strict function of pass by value input vars with no exterior side-effects.
+ // Specifically, do not apply CC_CONST if the function has any arguments that are pointers (directly, or indirectly)
  #define CC_CONST __attribute__((__const__))
  #define CC_PURE __attribute__((__pure__))
  #define CC_WARN_RESULT __attribute__((__warn_unused_result__))
- #define CC_MALLOC __attribute__((__malloc__))
+ #define CC_MALLOC_CLEAR __attribute__((__malloc__))
  #define CC_UNUSED __attribute__((unused))
 #else /* !__GNUC__ */
 /*! @parseOnly */
@@ -484,9 +515,24 @@
 /*! @parseOnly */
  #define CC_WARN_RESULT
 /*! @parseOnly */
- #define CC_MALLOC
+ #define CC_MALLOC_CLEAR
 #endif /* !__GNUC__ */
 
+
+// Bridge differences between MachO and ELF compiler/assemblers. */
+#if CC_USE_ASM
+#if CC_LINUX
+#define CC_ASM_SECTION_CONST .rodata
+#define CC_ASM_PRIVATE_EXTERN .hidden
+#define CC_C_LABEL(_sym) _sym
+#else /* !CC_LINUX */
+#define CC_ASM_SECTION_CONST .const
+#define CC_ASM_PRIVATE_EXTERN .private_extern
+#define CC_C_LABEL(_sym) _##_sym
+#endif /* !CC_LINUX */
+#endif /* CC_USE_ASM */
+
+
 // Enable FIPSPOST function tracing only when supported. */
 #ifdef CORECRYPTO_POST_TRACE
 #define CC_FIPSPOST_TRACE 1

diff --git a/EXTERNAL_HEADERS/corecrypto/cc_error.h b/EXTERNAL_HEADERS/corecrypto/cc_error.h
@@ -116,6 +116,30 @@ enum {
     CCPOST_INTEGRITY_ERROR = -74,
     // Output of the algo is not as expected
     CCPOST_KAT_FAILURE = -75,
+
+    CCKPRNG_SEEDFILE_OPEN = -76,
+    CCKPRNG_SEEDFILE_READ = -78,
+    CCKPRNG_SEEDFILE_WRITE = -79,
+    CCKPRNG_SEEDFILE_CHMOD = -80,
+    CCKPRNG_SEEDFILE_CHOWN = -81,
+    CCKPRNG_RANDOMDEV_OPEN = -82,
+    CCKPRNG_RANDOMDEV_WRITE = -83,
+    CCKPRNG_GETENTROPY = -84,
+
+    CCSAE_HUNTPECK_EXCEEDED_MAX_TRIALS = -85,
+
+    CCERR_CALL_SEQUENCE = -86,
+
+    CCVRF_POINT_DECODE_FAILURE = -87,
+    CCVRF_POINT_INVALID_PUBLIC_KEY = -88,
+    CCVRF_VERIFY_FAILURE = -89,
+
+    // Error codes for Authenticated Encryption Modes
+    CCMODE_TAG_LENGTH_REQUEST_TOO_LONG = -100,
+    CCMODE_TAG_LENGTH_TOO_SHORT = -101,
+    CCMODE_NONCE_EMPTY = -102,
+    CCMODE_AD_EMPTY = -103,
+    CCMODE_DECRYPTION_OR_VERIFICATION_ERR=-104,
 };
 
 #define CCDRBG_STATUS_OK CCERR_OK