xnu-3789.21.4

Imported from https://opensource.apple.com/tarballs/xnu/xnu-3789.21.4.tar.gz
kkpan11 · Jun 4, 2017 · cc0ca6d · cc0ca6d
1 parent 0ddccd8
commit cc0ca6d
Show file tree

Hide file tree

Showing 90 changed files with 2,135 additions and 1,793 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,54 @@
+# Any level
+BUILD/
+build/
+.DS_Store
+
+# vim turds
+*~
+*.swp
+
+# /
+/.remotebuild_credential
+/cscope.*
+/TAGS
+/tags
+
+# /libkern/c++/Tests/TestSerialization/test1/test1.xcodeproj/
+/libkern/c++/Tests/TestSerialization/test1/test1.xcodeproj/xcuserdata
+
+# /libkern/c++/Tests/TestSerialization/test2/test2.xcodeproj/
+/libkern/c++/Tests/TestSerialization/test2/test2.xcodeproj/xcuserdata
+
+# /libkern/kmod/libkmod.xcodeproj/
+/libkern/kmod/libkmod.xcodeproj/xcuserdata
+
+# /libsyscall/Libsyscall.xcodeproj/
+/libsyscall/Libsyscall.xcodeproj/xcuserdata
+/libsyscall/Libsyscall.xcodeproj/project.xcworkspace
+
+# /tools/lldbmacros/
+/tools/lldbmacros/*.pyc
+
+# /tools/lldbmacros/core/
+/tools/lldbmacros/core/*.pyc
+
+# /tools/lldbmacros/plugins/
+/tools/lldbmacros/plugins/*.pyc
+
+# /tools/tests/perf_index/PerfIndex_COPS_Module/PerfIndex.xcodeproj/
+/tools/tests/perf_index/PerfIndex_COPS_Module/PerfIndex.xcodeproj/xcuserdata
+
+# /tools/tests/testkext/testkext.xcodeproj/
+/tools/tests/testkext/testkext.xcodeproj/xcuserdata
+
+# /tools/tests/unit_tests/cpu_monitor_tests_11646922_src/cpu_hog/cpu_hog.xcodeproj/
+/tools/tests/unit_tests/cpu_monitor_tests_11646922_src/cpu_hog/cpu_hog.xcodeproj/xcuserdata
+
+# /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/
+/tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/xcuserdata
+
+# /tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/project.xcworkspace/
+/tools/tests/unit_tests/monitor_stress_12901965_src/monitor_stress.xcodeproj/project.xcworkspace/xcuserdata
+
+# /tools/tests/zero-to-n
+/tools/tests/zero-to-n/zn*
diff --git a/EXTERNAL_HEADERS/corecrypto/cc_config.h b/EXTERNAL_HEADERS/corecrypto/cc_config.h
@@ -237,6 +237,14 @@
 #endif /* __has_include(<TargetConditionals.h>) */
 #endif /* defined(__has_include) */
 
+// Disable FIPS key gen algorithm on userland and kext so that related POST
+// is skipped and boot time is reduced
+#if defined(TARGET_OS_BRIDGE) && TARGET_OS_BRIDGE && CC_KERNEL
+#define CC_DISABLE_RSAKEYGEN 1 /* for iBridge */
+#else
+#define CC_DISABLE_RSAKEYGEN 0 /* default */
+#endif
+
 //- functions implemented in assembly ------------------------------------------
 //this the list of corecrypto clients that use assembly and the clang compiler
 #if !(CC_XNU_KERNEL_AVAILABLE || CC_KERNEL || CC_USE_L4 || CC_IBOOT || CC_USE_SEPROM || CC_USE_S3) && !defined(_WIN32) && CORECRYPTO_DEBUG

diff --git a/bsd/dev/i386/systemcalls.c b/bsd/dev/i386/systemcalls.c
@@ -95,6 +95,7 @@ unix_syscall(x86_saved_state_t *state)
 	struct uthread		*uthread;
 	x86_saved_state32_t	*regs;
 	boolean_t		is_vfork;
+	pid_t			pid;
 
 	assert(is_saved_state32(state));
 	regs = saved_state32(state);
@@ -180,6 +181,7 @@ unix_syscall(x86_saved_state_t *state)
 	uthread->uu_rval[1] = 0;
 	uthread->uu_flag |= UT_NOTCANCELPT;
 	uthread->syscall_code = code;
+	pid = proc_pid(p);
 
 #ifdef JOE_DEBUG
         uthread->uu_iocount = 0;
@@ -242,7 +244,7 @@ unix_syscall(x86_saved_state_t *state)
 	if (__probable(!code_is_kdebug_trace(code)))
 		KERNEL_DEBUG_CONSTANT_IST(KDEBUG_TRACE, 
 			BSDDBG_CODE(DBG_BSD_EXCP_SC, code) | DBG_FUNC_END,
-			error, uthread->uu_rval[0], uthread->uu_rval[1], p->p_pid, 0);
+			error, uthread->uu_rval[0], uthread->uu_rval[1], pid, 0);
 
 	if (__improbable(!is_vfork && callp->sy_call == (sy_call_t *)execve && !error)) {
 		pal_execve_return(thread);
@@ -272,6 +274,7 @@ unix_syscall64(x86_saved_state_t *state)
 	struct proc	*p;
 	struct uthread	*uthread;
 	x86_saved_state64_t *regs;
+	pid_t		pid;
 
 	assert(is_saved_state64(state));
 	regs = saved_state64(state);
@@ -366,6 +369,7 @@ unix_syscall64(x86_saved_state_t *state)
 	uthread->uu_rval[1] = 0;
 	uthread->uu_flag |= UT_NOTCANCELPT;
 	uthread->syscall_code = code;
+	pid = proc_pid(p);
 
 #ifdef JOE_DEBUG
         uthread->uu_iocount = 0;
@@ -445,7 +449,7 @@ unix_syscall64(x86_saved_state_t *state)
 	if (__probable(!code_is_kdebug_trace(code)))
 		KERNEL_DEBUG_CONSTANT_IST(KDEBUG_TRACE, 
 			BSDDBG_CODE(DBG_BSD_EXCP_SC, code) | DBG_FUNC_END,
-			error, uthread->uu_rval[0], uthread->uu_rval[1], p->p_pid, 0);
+			error, uthread->uu_rval[0], uthread->uu_rval[1], pid, 0);
 
 #if PROC_REF_DEBUG
 	if (__improbable(uthread_get_proc_refcount(uthread))) {

diff --git a/bsd/kern/bsd_init.c b/bsd/kern/bsd_init.c
@@ -1140,7 +1140,7 @@ bsd_utaskbootstrap(void)
 	ut = (struct uthread *)get_bsdthread_info(thread);
 	ut->uu_sigmask = 0;
 	act_set_astbsd(thread);
-	proc_clear_return_wait(initproc, thread);
+	task_clear_return_wait(get_threadtask(thread));
 }
 
 static void

diff --git a/bsd/kern/kern_cs.c b/bsd/kern/kern_cs.c
@@ -534,6 +534,20 @@ csproc_get_platform_path(struct proc *p)
 	return (csblob == NULL) ? 0 : csblob->csb_platform_path;
 }
 
+/*
+ * Function: csproc_get_prod_signed
+ *
+ * Description: Returns 1 if process is not signed with a developer identity.
+ *		Note the inverted meaning from the cs_flag to make the error case safer.
+ *		Will go away with rdar://problem/28322552.
+ */
+int
+csproc_get_prod_signed(struct proc *p)
+{
+	return ((p->p_csflags & CS_DEV_CODE) == 0);
+}
+
+
 /*
  * Function: csfg_get_platform_binary
  *
@@ -637,6 +651,48 @@ csfg_get_teamid(struct fileglob *fg)
 	return str;
 }
 
+/*
+ * Function: csfg_get_prod_signed
+ *
+ * Description: Returns 1 if code is not signed with a developer identity.
+ *		Note the inverted meaning from the cs_flag to make the error case safer.
+ *		Will go away with rdar://problem/28322552.
+ */
+int
+csfg_get_prod_signed(struct fileglob *fg)
+{
+	struct ubc_info *uip;
+	vnode_t vp;
+	int prod_signed = 0;
+
+	if (FILEGLOB_DTYPE(fg) != DTYPE_VNODE)
+		return NULL;
+
+	vp = (struct vnode *)fg->fg_data;
+	if (vp == NULL)
+		return NULL;
+
+	vnode_lock(vp);
+	if (!UBCINFOEXISTS(vp))
+		goto out;
+
+	uip = vp->v_ubcinfo;
+	if (uip == NULL)
+		goto out;
+
+	if (uip->cs_blobs == NULL)
+		goto out;
+
+	/* It is OK to extract the flag from the first blob
+	   because all blobs of a vnode must have the same cs_flags */	
+	prod_signed = (uip->cs_blobs->csb_flags & CS_DEV_CODE) == 0;
+out:
+	vnode_unlock(vp);
+
+	return prod_signed;
+}
+
+
 uint32_t
 cs_entitlement_flags(struct proc *p)
 {

diff --git a/bsd/kern/kern_descrip.c b/bsd/kern/kern_descrip.c
@@ -2904,7 +2904,8 @@ fstat1(proc_t p, int fd, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsec
 			 * going to let them get the basic stat information.
 			 */
 			if (xsecurity == USER_ADDR_NULL) {
-				error = vn_stat_noauth((vnode_t)data, sbptr, NULL, isstat64, ctx);
+				error = vn_stat_noauth((vnode_t)data, sbptr, NULL, isstat64, ctx,
+						       fp->f_fglob->fg_cred);
 			} else {
 				error = vn_stat((vnode_t)data, sbptr, &fsec, isstat64, ctx);
 			}

diff --git a/bsd/kern/kern_event.c b/bsd/kern/kern_event.c
@@ -94,8 +94,6 @@
 #include <kern/kalloc.h>
 #include <kern/assert.h>
 
-#include <machine/spl.h>
-
 #include <libkern/libkern.h>
 #include "net/net_str_id.h"
 
@@ -4825,9 +4823,6 @@ knote_fdfind(struct kqueue *kq,
  *
  * The knote may have already been detached from
  * (or not yet attached to) its source object.
- *
- * should be called at spl == 0, since we don't want to hold spl
- * while calling fdrop and free.
  */
 static void
 knote_drop(struct knote *kn, __unused struct proc *ctxp)