From owner-p4-projects@FreeBSD.ORG Tue May 11 11:51:34 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0C67C16A4D0; Tue, 11 May 2004 11:51:34 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB7C816A4CE for ; Tue, 11 May 2004 11:51:33 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id E022D43D58 for ; Tue, 11 May 2004 11:51:32 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i4BIpWGe017450 for ; Tue, 11 May 2004 11:51:32 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i4BIpWiL017438 for perforce@freebsd.org; Tue, 11 May 2004 11:51:32 -0700 (PDT) (envelope-from areisse@nailabs.com) Date: Tue, 11 May 2004 11:51:32 -0700 (PDT) Message-Id: <200405111851.i4BIpWiL017438@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 52679 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 18:51:34 -0000 http://perforce.freebsd.org/chv.cgi?CH=52679 Change 52679 by areisse@areisse_ibook on 2004/05/11 11:50:45 Support for loading security policy modules. The mac_test policy is still present, but not compiled in or enabled by default. Using security policy modules requires the recent bootx and libkld changes. Affected files ... .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/bootstrap.cpp#3 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/kext.cpp#2 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/load.c#2 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/malloc.c#3 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/kmod.c#3 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/startup.c#3 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/conf/files#4 edit .. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/mac_base.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/bootstrap.cpp#3 (text+ko) ==== @@ -68,8 +68,6 @@ */ KLDBootstrap::KLDBootstrap() { - malloc_init(); - kmod_load_function = &load_kernel_extension; record_startup_extensions_function = &recordStartupExtensions; ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/kext.cpp#2 (text+ko) ==== @@ -744,3 +744,82 @@ } return result; } + +extern "C" kload_error __kload_load_modules(dgraph_t * dgraph); +extern "C" kload_error kload_load_modules2 (dgraph_t *dgraph); + +extern "C" +kern_return_t kmod_load_nodeps (const char *name, const char *ver, size_t size, void *data) +{ + kern_return_t result = KERN_SUCCESS; + kload_error load_result = kload_error_none; + dgraph_t dgraph; + dgraph_entry_t *entry; + kmod_info_t *kmod_info; + + if (dgraph_init(&dgraph) != dgraph_valid) + return KERN_FAILURE; + + entry = dgraph_add_dependent (&dgraph, name, data, size, 1, name, ver, 0, 0); + if (!entry) { + IOLog("can't record %s in dependency graph\n", name); + result = KERN_FAILURE; + goto out; + } + + if (kload_map_entry(entry) != kload_error_none) { + IOLog ("can't map %s in preparation for loading\n", name); + result = KERN_FAILURE; + goto out; + } + + dgraph.root = dgraph_find_root(&dgraph); + + if (!dgraph.root) { + IOLog ("Dependency graph to load %s has no root.\n", name); + result = KERN_FAILURE; + goto out; + } + + dgraph_establish_load_order(&dgraph); + + load_result = kload_load_modules2 (&dgraph); + if (load_result != kload_error_none && + load_result != kload_error_already_loaded) { + IOLog ("load_dgraph failed\n"); + result = KERN_FAILURE; + goto out; + } + + out: + dgraph_free(&dgraph, 0); + return result; +} + +extern "C" int preload_find_data (const char *name, size_t *size, void **ptr); + +extern "C" +void kmod_load_early () +{ + void *emvv; + size_t emsize; + + if (preload_find_data (" modules", &emsize, &emvv)) { + int *emv = (int *) emvv; + int n = emv[0]; + + emv++; + + for (int i = 0; i < n; i++) { + char *name = (char *) (emv+2); + void *data = ((char *) (emv+2)) + emv[0]; + + IOLog ("Loading early module %s\n", name); + kmod_load_nodeps (name, "*", emv[1], data); + + emv = (int*) (((char *) (emv+2)) + emv[0] + emv[1]); + if ((char*)emv - (char*)emvv >= emsize) + break; + } + } +} ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/load.c#2 (text+ko) ==== @@ -686,7 +686,82 @@ /******************************************************************************* * *******************************************************************************/ -static + +kload_error kload_load_modules2 (dgraph_t *dgraph) +{ + kload_error result = kload_map_dgraph(dgraph); + if (result != kload_error_none) { + IOLog ("map failed\n"); + return result; + } + result = __kload_patch_dgraph(dgraph); + if (result != kload_error_none) { + IOLog ("patch failed\n"); + return result; + } + + kld_address_func(&__kload_linkedit_address); + kld_set_link_options(KLD_STRIP_ALL); + + dgraph_entry_t *entry = dgraph->load_order[0]; + struct mach_header * kmh; + + entry->object = kld_file_getaddr(entry->name, &entry->object_length); + if (!entry->object) { + IOLog("kld_file_getaddr() failed for module %s", entry->name); + result = kload_error_link_load; + goto out; + } + + G_current_load_entry = entry; + + result = kld_load_from_memory(&kmh, entry->name, + entry->object, entry->object_length); + + kmod_info_t *kmi; + if (!kld_lookup("_kmod_info", &kmi)) + { + printf ("can't find kmodinfo\n"); + goto out; + } + + char *dest_address = (char *)entry->kernel_alloc_address; + memcpy(dest_address, kmh, entry->kernel_hdr_size); + memcpy(dest_address + round_page(entry->kernel_hdr_size), + (void *)((unsigned long)kmh + entry->kernel_hdr_size), + entry->kernel_load_size - entry->kernel_hdr_size); + + bzero(kmi->name, sizeof(kmi->name)); + strcpy(kmi->name, entry->expected_kmod_name); + + bzero(kmi->version, sizeof(kmi->version)); + strcpy(kmi->version, entry->expected_kmod_vers); + + if (entry->kernel_alloc_address) { + kmi->address = entry->kernel_alloc_address; + } else { + kmi->address = entry->loaded_address; + } + kmi->size = entry->kernel_alloc_size; + kmi->hdr_size = round_page(entry->kernel_hdr_size); + + flush_dcache(entry->kernel_alloc_address, entry->kernel_alloc_size, false); + invalidate_icache(entry->kernel_alloc_address, entry->kernel_alloc_size, false); + + if(kmod_create_internal(kmi, &(entry->kmod_id))) + IOLog("kmod_create failed\n"); + + out: + __kload_clear_kld_globals(); + + kld_unload_all(1); + + if (result) + __kload_start_module (entry); + + return result; +} + kload_error __kload_load_modules(dgraph_t * dgraph #ifndef KERNEL , @@ -2364,7 +2439,7 @@ /******************************************************************************* *******************************************************************************/ - +extern int kth_started; /******************************************************************************* * *******************************************************************************/ @@ -2445,6 +2520,12 @@ &G_current_load_entry->kernel_alloc_address, G_current_load_entry->kernel_alloc_size, TRUE); #else + if (!kth_started) + { + G_current_load_entry->kernel_alloc_address = kalloc (G_current_load_entry->kernel_alloc_size); + mach_result = KERN_SUCCESS; + } + else mach_result = vm_allocate(kernel_map, &G_current_load_entry->kernel_alloc_address, G_current_load_entry->kernel_alloc_size, TRUE); ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/malloc.c#3 (text+ko) ==== @@ -123,8 +123,8 @@ * * Allocate the mutual exclusion lock that protect malloc's data. *********************************************************************/ -__private_extern__ void -malloc_init(void) +void +kld_malloc_init(void) { malloc_lock = mutex_alloc(ETAP_IO_AHA); malInited = 1; ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/kmod.c#3 (text+ko) ==== @@ -228,6 +228,7 @@ extern vm_offset_t sectPRELINKB; extern int sectSizePRELINK; +extern int kth_started; kern_return_t kmod_create_internal(kmod_info_t *info, kmod_t *id) @@ -243,7 +244,7 @@ } isPrelink = ((info->address >= sectPRELINKB) && (info->address < (sectPRELINKB + sectSizePRELINK))); - if (!isPrelink) { + if (!isPrelink && kth_started) { rc = vm_map_wire(kernel_map, info->address + info->hdr_size, info->address + info->size, VM_PROT_DEFAULT, FALSE); if (rc != KERN_SUCCESS) { @@ -283,6 +284,9 @@ *id = info->id; + if (!isPrelink && !kth_started) + ; + simple_unlock(&kmod_lock); #if DEBUG ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/startup.c#3 (text+ko) ==== @@ -126,6 +126,9 @@ ipc_bootstrap(); vm_mem_init(); + kmod_init(); + kld_malloc_init(); + mac_init_mach(); mac_late_init(); @@ -142,7 +145,6 @@ #endif machine_init(); - kmod_init(); clock_init(); init_timers(); @@ -167,7 +169,7 @@ * Dynamic Phase: 2 of 2 */ etap_init_phase2(); - + /* * Create a kernel thread to start the other kernel * threads. @@ -185,6 +187,8 @@ panic("cpu_launch_first_thread returns!"); } +int kth_started = 0; + /* * Now running in a thread. Create the rest of the kernel threads * and the bootstrap task. @@ -257,12 +261,14 @@ shared_file_boot_time_init(ENV_DEFAULT_ROOT, machine_slot[cpu_number()].cpu_type); + kth_started = 1; + #ifdef IOKIT { PE_init_iokit(); } #endif - + (void) spllo(); /* Allow interruptions */ /* ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/conf/files#4 (text+ko) ==== @@ -12,7 +12,6 @@ security/mac_system.c standard security/mac_socket.c standard security/mac_network.c standard -security/mac_test/mac_test.c standard security/mac_mls/mac_mls.c standard security/sebsd/sebsd.c standard security/sebsd/sebsd_syscall.c standard ==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/mac_base.c#3 (text+ko) ==== @@ -306,12 +306,12 @@ void mac_late_init(void) { - extern struct mac_policy_conf test_mac_policy_conf; + //extern struct mac_policy_conf test_mac_policy_conf; extern struct mac_policy_conf sebsd_mac_policy_conf; extern struct mac_policy_conf mac_mls_mac_policy_conf; - printf("MAC: init mac_test\n"); - mac_policy_register(&test_mac_policy_conf); + //printf("MAC: init mac_test\n"); + //mac_policy_register(&test_mac_policy_conf); printf("MAC: init sebsd\n"); mac_policy_register(&sebsd_mac_policy_conf); @@ -319,6 +319,8 @@ printf("MAC: init MAC/MLS\n"); mac_policy_register(&mac_mls_mac_policy_conf); + kmod_load_early(); + mac_late = 1; }