xnu-6153.61.1

Imported from https://opensource.apple.com/tarballs/xnu/xnu-6153.61.1.tar.gz
yeshuibo · Jan 11, 2021 · d4420a4 · d4420a4
1 parent 84185d2
commit d4420a4
Show file tree

Hide file tree

Showing 89 changed files with 2,768 additions and 1,332 deletions.
diff --git a/EXTERNAL_HEADERS/img4/api.h b/EXTERNAL_HEADERS/img4/api.h
@@ -40,7 +40,7 @@
  * individual preprocessor macros in this header that declare new behavior as
  * required.
  */
-#define IMG4_API_VERSION (20190125u)
+#define IMG4_API_VERSION (20191001u)
 
 #if !defined(KERNEL) && !IMG4_PROJECT_BUILD
 #define IMG4_API_AVAILABLE_20180112 \
@@ -54,11 +54,14 @@
 		API_AVAILABLE(ios(12.2), tvos(12.2), watchos(5.2))
 #define IMG4_API_AVAILABLE_20190125 \
 		API_AVAILABLE(macos(10.15), ios(13.0), tvos(13.0), watchos(6.0))
+#define IMG4_API_AVAILABLE_20191001 \
+		API_AVAILABLE(macos(10.15.2), ios(13.3), tvos(13.3), watchos(6.1.1))
 #else
 #define IMG4_API_AVAILABLE_20180112
 #define IMG4_API_AVAILABLE_20181004
 #define IMG4_API_AVAILABLE_20181106
 #define IMG4_API_AVAILABLE_20190125
+#define IMG4_API_AVAILABLE_20191001
 #endif // !defined(KERNEL) && !IMG4_PROJECT_BUILD
 
 #if !defined(OS_CLOSED_ENUM)

diff --git a/EXTERNAL_HEADERS/img4/environment.h b/EXTERNAL_HEADERS/img4/environment.h
@@ -13,12 +13,96 @@
 #include "tapi.h"
 #endif
 
+/*!
+ * @const IMG4_IDENTITY_VERSION
+ * The version of the {@link img4_identity_t} supported by the implementation.
+ */
+#define IMG4_IDENTITY_VERSION (0u)
+
+/*!
+ * @const IMG4_ENVIRONMENT_LENGTH
+ * The minimum length for an allocation which can accommodate an
+ * img4_environment_t structure. This is the minimum length which must be given
+ * to {@link img4_environment_init_identity}.
+ */
+#define IMG4_ENVIRONMENT_LENGTH (160ul)
+
+/*!
+ * @const IMG4_IDENTITY_CRYPTO_SHA1
+ * The device-tree string indicating that the identity requires SHA1.
+ */
+#define IMG4_IDENTITY_CRYPTO_SHA1 "sha1"
+
+/*!
+ * @const IMG4_IDENTITY_CRYPTO_SHA2_384
+ * The device-tree string indicating that the identity requires SHA2-384.
+ */
+#define IMG4_IDENTITY_CRYPTO_SHA2_384 "sha2-384"
+
 /*!
  * @typedef img4_environment_t
  * An opaque type describing an Image4 environment.
  */
 typedef struct _img4_environment img4_environment_t;
 
+/*!
+ * @typedef img4_identity_t
+ * A structure describing a specific Image4 identity comprised of user-supplied
+ * identifiers.
+ *
+ * @field i4id_version
+ * The version of the identity structure; initialize to
+ * {@link IMG4_IDENTITY_VERSION}
+ *
+ * @field i4id_algo
+ * A string identifying the chosen crypto algorithm as represented in the device
+ * tree. Currently valid values are:
+ *
+ *     - {@link IMG4_IDENTITY_CRYPTO_SHA1}
+ *     - {@link IMG4_IDENTITY_CRYPTO_SHA2_384}
+ *
+ * @field i4id_cepo
+ * The minimum certificate epoch required,
+ *
+ * @field i4id_bord
+ * The board identifier.
+ *
+ * @field i4id_chip
+ * The chip identifier.
+ *
+ * @field i4id_ecid
+ * The unique chip identifier.
+ *
+ * @field i4id_sdom
+ * The security domain.
+ *
+ * @field i4id_cpro
+ * The certificate production status.
+ *
+ * @field i4id_csec
+ * The certificate security mode.
+ *
+ * @field i4id_epro
+ * The effective production status.
+ *
+ * @field i4id_esec
+ * The effective security mode.
+ */
+IMG4_API_AVAILABLE_20191001
+typedef struct _img4_identity {
+	img4_struct_version_t i4id_version;
+	char i4id_algo[12];
+	uint32_t i4id_cepo;
+	uint32_t i4id_bord;
+	uint32_t i4id_chip;
+	uint64_t i4id_ecid;
+	uint32_t i4id_sdom;
+	bool i4id_cpro;
+	bool i4id_csec;
+	bool i4id_epro;
+	bool i4id_esec;
+} img4_identity_t;
+
 /*!
  * @const IMG4_ENVIRONMENT_PLATFORM
  * The environment for the host that uses the default platform implementation to
@@ -50,4 +134,47 @@ const struct _img4_environment _img4_environment_trust_cache;
 #define IMG4_ENVIRONMENT_TRUST_CACHE (img4if->i4if_environment_trust_cache)
 #endif
 
+/*!
+ * @function img4_environment_init_identity
+ * Initializes a caller-supplied environment with custom identity information.
+ * This may be used for performing test evaluations or evaluations against
+ * environments not yet supported by the implementation.
+ *
+ * @param i4e
+ * A pointer to the storage which will hold the custom environment.
+ *
+ * @param len
+ * The length of the storage referenced by {@link i4e}. This must be at least
+ * {@link IMG4_ENVIRONMENT_LENGTH} bytes.
+ *
+ * @param i4id
+ * The identity with which to initialize the environment. The resulting
+ * environment object will provide these identitifers to the evaluator.
+ *
+ * @result
+ * Upon success, zero is returned. The implementation may also return one of the
+ * following error codes directly:
+ *
+ *     [EOVERFLOW]    The length provided is insufficient to initialize an
+ *                    environment structure
+ *
+ * @discussion
+ * When the resulting environment is given to {@link img4_get_trusted_payload}
+ * or {@link img4_get_trusted_external_payload}, the trust evaluation proceeds
+ * as though it were creating a new chain of trust and therefore acts as though
+ * {@link I4F_FIRST_STAGE} was given to {@link img4_init}. No prior stage of
+ * secure boot will be consulted for evaluation, and mix-n-match will be
+ * presumed to be permitted.
+ */
+#if !XNU_KERNEL_PRIVATE
+IMG4_API_AVAILABLE_20191001
+OS_EXPORT OS_WARN_RESULT OS_NONNULL1 OS_NONNULL3
+errno_t
+img4_environment_init_identity(img4_environment_t *i4e, size_t len,
+		const img4_identity_t *i4id);
+#else
+#define img4_environment_init_identity(...) \
+		(img4if->i4if_v4.environment_init_identity(__VA_ARGS__))
+#endif
+
 #endif // __IMG4_ENVIRONMENT_H
diff --git a/EXTERNAL_HEADERS/img4/img4.h b/EXTERNAL_HEADERS/img4/img4.h
@@ -453,9 +453,6 @@ img4_set_nonce_domain(img4_t *i4, const img4_nonce_domain_t *nd);
  *                  in the manifest
  *     [EIO]        The payload could not be fetched
  *
- * Additionally, errors from the routines specified in the
- * {@link img4_environment_t} may be returned.
- *
  * @discussion
  * This routine will perform the following validation:
  *
@@ -543,7 +540,7 @@ img4_get_trusted_payload(img4_t *i4, img4_tag_t tag,
  *
  * @discussion
  * This routine performs the same validation steps as
- * {@link img4_get_trusted_payload}.
+ * {@link img4_get_trusted_payload} and has the same caveats.
  */
 #if !XNU_KERNEL_PRIVATE
 IMG4_API_AVAILABLE_20180112

diff --git a/bsd/dev/dtrace/dtrace.c b/bsd/dev/dtrace/dtrace.c
@@ -10634,18 +10634,35 @@ dtrace_difo_release(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
 /*
  * DTrace Format Functions
  */
+
+static dtrace_format_t*
+dtrace_format_new(char *str)
+{
+	dtrace_format_t *fmt = NULL;
+	size_t bufsize = strlen(str) + 1;
+
+	fmt = kmem_zalloc(sizeof(*fmt) + bufsize, KM_SLEEP);
+
+	fmt->dtf_refcount = 1;
+	(void) strlcpy(fmt->dtf_str, str, bufsize);
+
+	return fmt;
+}
+
 static uint16_t
 dtrace_format_add(dtrace_state_t *state, char *str)
 {
-	char *fmt, **new;
-	uint16_t ndx, len = strlen(str) + 1;
-
-	fmt = kmem_zalloc(len, KM_SLEEP);
-	bcopy(str, fmt, len);
+	dtrace_format_t **new;
+	uint16_t ndx;
 
 	for (ndx = 0; ndx < state->dts_nformats; ndx++) {
 		if (state->dts_formats[ndx] == NULL) {
-			state->dts_formats[ndx] = fmt;
+			state->dts_formats[ndx] = dtrace_format_new(str);
+			return (ndx + 1);
+		}
+		else if (strcmp(state->dts_formats[ndx]->dtf_str, str) == 0) {
+			VERIFY(state->dts_formats[ndx]->dtf_refcount < UINT64_MAX);
+			state->dts_formats[ndx]->dtf_refcount++;
 			return (ndx + 1);
 		}
 	}
@@ -10655,7 +10672,6 @@ dtrace_format_add(dtrace_state_t *state, char *str)
 		 * This is only likely if a denial-of-service attack is being
 		 * attempted.  As such, it's okay to fail silently here.
 		 */
-		kmem_free(fmt, len);
 		return (0);
 	}
 
@@ -10664,32 +10680,39 @@ dtrace_format_add(dtrace_state_t *state, char *str)
 	 * number of formats.
 	 */
 	ndx = state->dts_nformats++;
-	new = kmem_alloc((ndx + 1) * sizeof (char *), KM_SLEEP);
+	new = kmem_alloc((ndx + 1) * sizeof (*state->dts_formats), KM_SLEEP);
 
 	if (state->dts_formats != NULL) {
 		ASSERT(ndx != 0);
-		bcopy(state->dts_formats, new, ndx * sizeof (char *));
-		kmem_free(state->dts_formats, ndx * sizeof (char *));
+		bcopy(state->dts_formats, new, ndx * sizeof (*state->dts_formats));
+		kmem_free(state->dts_formats, ndx * sizeof (*state->dts_formats));
 	}
 
 	state->dts_formats = new;
-	state->dts_formats[ndx] = fmt;
+	state->dts_formats[ndx] = dtrace_format_new(str);
 
 	return (ndx + 1);
 }
 
 static void
 dtrace_format_remove(dtrace_state_t *state, uint16_t format)
 {
-	char *fmt;
+	dtrace_format_t *fmt;
 
 	ASSERT(state->dts_formats != NULL);
 	ASSERT(format <= state->dts_nformats);
-	ASSERT(state->dts_formats[format - 1] != NULL);
 
 	fmt = state->dts_formats[format - 1];
-	kmem_free(fmt, strlen(fmt) + 1);
-	state->dts_formats[format - 1] = NULL;
+
+	ASSERT(fmt != NULL);
+	VERIFY(fmt->dtf_refcount > 0);
+
+	fmt->dtf_refcount--;
+
+	if (fmt->dtf_refcount == 0) {
+		kmem_free(fmt, DTRACE_FORMAT_SIZE(fmt));
+		state->dts_formats[format - 1] = NULL;
+	}
 }
 
 static void
@@ -10705,15 +10728,15 @@ dtrace_format_destroy(dtrace_state_t *state)
 	ASSERT(state->dts_formats != NULL);
 
 	for (i = 0; i < state->dts_nformats; i++) {
-		char *fmt = state->dts_formats[i];
+		dtrace_format_t *fmt = state->dts_formats[i];
 
 		if (fmt == NULL)
 			continue;
 
-		kmem_free(fmt, strlen(fmt) + 1);
+		kmem_free(fmt, DTRACE_FORMAT_SIZE(fmt));
 	}
 
-	kmem_free(state->dts_formats, state->dts_nformats * sizeof (char *));
+	kmem_free(state->dts_formats, state->dts_nformats * sizeof (*state->dts_formats));
 	state->dts_nformats = 0;
 	state->dts_formats = NULL;
 }
@@ -18428,7 +18451,7 @@ dtrace_ioctl(dev_t dev, u_long cmd, user_addr_t arg, int md, cred_t *cr, int *rv
 		 * and that the format for the specified index is non-NULL.
 		 */
 		ASSERT(state->dts_formats != NULL);
-		str = state->dts_formats[fmt.dtfd_format - 1];
+		str = state->dts_formats[fmt.dtfd_format - 1]->dtf_str;
 		ASSERT(str != NULL);
 
 		len = strlen(str) + 1;