1/* 2 * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. 3 * 4 * @Apple_LICENSE_HEADER_START@ 5 * 6 * The contents of this file constitute Original Code as defined in and 7 * are subject to the Apple Public Source License Version 1.1 (the 8 * "License"). You may not use this file except in compliance with the 9 * License. Please obtain a copy of the License at 10 * http://www.apple.com/publicsource and read it before using this file. 11 * 12 * This Original Code and all software distributed under the License are 13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the 17 * License for the specific language governing rights and limitations 18 * under the License. 19 * 20 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 21 */ 22 23 24#include <machine/spl.h> 25 26#include <sys/errno.h> 27#include <sys/param.h> 28#include <sys/systm.h> 29#include <sys/proc_internal.h> 30#include <sys/vm.h> 31#include <sys/sysctl.h> 32#include <sys/kdebug.h> 33#include <sys/sysproto.h> 34#include <sys/bsdtask_info.h> 35 36#define HZ 100 37#include <mach/clock_types.h> 38#include <mach/mach_types.h> 39#include <mach/mach_time.h> 40#include <machine/machine_routines.h> 41 42#if defined(__i386__) || defined(__x86_64__) 43#include <i386/rtclock_protos.h> 44#include <i386/mp.h> 45#include <i386/machine_routines.h> 46#endif 47 48#include <kern/clock.h> 49 50#include <kern/thread.h> 51#include <kern/task.h> 52#include <kern/debug.h> 53#include <kern/kalloc.h> 54#include <kern/cpu_data.h> 55#include <kern/assert.h> 56#include <vm/vm_kern.h> 57#include <sys/lock.h> 58 59#include <sys/malloc.h> 60#include <sys/mcache.h> 61#include <sys/kauth.h> 62 63#include <sys/vnode.h> 64#include <sys/vnode_internal.h> 65#include <sys/fcntl.h> 66#include <sys/file_internal.h> 67#include <sys/ubc.h> 68#include <sys/param.h> /* for isset() */ 69 70#include <mach/mach_host.h> /* for host_info() */ 71#include <libkern/OSAtomic.h> 72 73#include <machine/pal_routines.h> 74 75/* XXX should have prototypes, but Mach does not provide one */ 76void task_act_iterate_wth_args(task_t, void(*)(thread_t, void *), void *); 77int cpu_number(void); /* XXX <machine/...> include path broken */ 78 79/* XXX should probably be static, but it's debugging code... */ 80int kdbg_read(user_addr_t, size_t *, vnode_t, vfs_context_t); 81void kdbg_control_chud(int, void *); 82int kdbg_control(int *, u_int, user_addr_t, size_t *); 83int kdbg_getentropy (user_addr_t, size_t *, int); 84int kdbg_readmap(user_addr_t, size_t *, vnode_t, vfs_context_t); 85int kdbg_getreg(kd_regtype *); 86int kdbg_setreg(kd_regtype *); 87int kdbg_setrtcdec(kd_regtype *); 88int kdbg_setpidex(kd_regtype *); 89int kdbg_setpid(kd_regtype *); 90void kdbg_mapinit(void); 91int kdbg_reinit(boolean_t); 92int kdbg_bootstrap(boolean_t); 93 94static int kdbg_enable_typefilter(void); 95static int kdbg_disable_typefilter(void); 96 97static int create_buffers(boolean_t); 98static void delete_buffers(void); 99 100extern void IOSleep(int); 101 102/* trace enable status */ 103unsigned int kdebug_enable = 0; 104 105/* track timestamps for security server's entropy needs */ 106uint64_t * kd_entropy_buffer = 0; 107unsigned int kd_entropy_bufsize = 0; 108unsigned int kd_entropy_count = 0; 109unsigned int kd_entropy_indx = 0; 110vm_offset_t kd_entropy_buftomem = 0; 111 112#define MAX_ENTROPY_COUNT (128 * 1024) 113 114 115#define SLOW_NOLOG 0x01 116#define SLOW_CHECKS 0x02 117#define SLOW_ENTROPY 0x04 118#define SLOW_CHUD 0x08 119 120unsigned int kd_cpus; 121 122#define EVENTS_PER_STORAGE_UNIT 2048 123#define MIN_STORAGE_UNITS_PER_CPU 4 124 125#define POINTER_FROM_KDS_PTR(x) (&kd_bufs[x.buffer_index].kdsb_addr[x.offset]) 126 127#define NATIVE_TRACE_FACILITY 128 129union kds_ptr { 130 struct { 131 uint32_t buffer_index:21; 132 uint16_t offset:11; 133 }; 134 uint32_t raw; 135}; 136 137struct kd_storage { 138 union kds_ptr kds_next; 139 uint32_t kds_bufindx; 140 uint32_t kds_bufcnt; 141 uint32_t kds_readlast; 142 boolean_t kds_lostevents; 143 uint64_t kds_timestamp; 144 145 kd_buf kds_records[EVENTS_PER_STORAGE_UNIT]; 146}; 147 148#define MAX_BUFFER_SIZE (1024 * 1024 * 128) 149#define N_STORAGE_UNITS_PER_BUFFER (MAX_BUFFER_SIZE / sizeof(struct kd_storage)) 150 151struct kd_storage_buffers { 152 struct kd_storage *kdsb_addr; 153 uint32_t kdsb_size; 154}; 155 156#define KDS_PTR_NULL 0xffffffff 157struct kd_storage_buffers *kd_bufs = NULL; 158int n_storage_units = 0; 159int n_storage_buffers = 0; 160int n_storage_threshold = 0; 161int kds_waiter = 0; 162int kde_waiter = 0; 163 164#pragma pack(0) 165struct kd_bufinfo { 166 union kds_ptr kd_list_head; 167 union kds_ptr kd_list_tail; 168 boolean_t kd_lostevents; 169 uint32_t _pad; 170 uint64_t kd_prev_timebase; 171 uint32_t num_bufs; 172} __attribute__(( aligned(CPU_CACHE_SIZE) )); 173 174struct kd_ctrl_page_t { 175 union kds_ptr kds_free_list; 176 uint32_t enabled :1; 177 uint32_t _pad0 :31; 178 int kds_inuse_count; 179 uint32_t kdebug_flags; 180 uint32_t kdebug_slowcheck; 181 uint32_t _pad1; 182 struct { 183 uint64_t tsc_base; 184 uint64_t ns_base; 185 } cpu_timebase[32]; // should be max number of actual logical cpus 186} kd_ctrl_page = {.kds_free_list = {.raw = KDS_PTR_NULL}, .enabled = 0, .kds_inuse_count = 0, .kdebug_flags = 0, .kdebug_slowcheck = SLOW_NOLOG}; 187#pragma pack() 188 189struct kd_bufinfo *kdbip = NULL; 190 191#define KDCOPYBUF_COUNT 8192 192#define KDCOPYBUF_SIZE (KDCOPYBUF_COUNT * sizeof(kd_buf)) 193kd_buf *kdcopybuf = NULL; 194 195 196int kdlog_sched_events = 0; 197 198boolean_t kdlog_bg_trace = FALSE; 199boolean_t kdlog_bg_trace_running = FALSE; 200unsigned int bg_nkdbufs = 0; 201 202unsigned int nkdbufs = 0; 203unsigned int kdlog_beg=0; 204unsigned int kdlog_end=0; 205unsigned int kdlog_value1=0; 206unsigned int kdlog_value2=0; 207unsigned int kdlog_value3=0; 208unsigned int kdlog_value4=0; 209 210static lck_spin_t * kdw_spin_lock; 211static lck_spin_t * kds_spin_lock; 212static lck_mtx_t * kd_trace_mtx_sysctl; 213static lck_grp_t * kd_trace_mtx_sysctl_grp; 214static lck_attr_t * kd_trace_mtx_sysctl_attr; 215static lck_grp_attr_t *kd_trace_mtx_sysctl_grp_attr; 216 217static lck_grp_t *stackshot_subsys_lck_grp; 218static lck_grp_attr_t *stackshot_subsys_lck_grp_attr; 219static lck_attr_t *stackshot_subsys_lck_attr; 220static lck_mtx_t stackshot_subsys_mutex; 221 222void *stackshot_snapbuf = NULL; 223 224int 225stack_snapshot2(pid_t pid, user_addr_t tracebuf, uint32_t tracebuf_size, uint32_t flags, uint32_t dispatch_offset, int32_t *retval); 226 227extern void 228kdp_snapshot_preflight(int pid, void *tracebuf, uint32_t tracebuf_size, uint32_t flags, uint32_t dispatch_offset); 229 230extern int 231kdp_stack_snapshot_geterror(void); 232extern unsigned int 233kdp_stack_snapshot_bytes_traced(void); 234 235kd_threadmap *kd_mapptr = 0; 236unsigned int kd_mapsize = 0; 237unsigned int kd_mapcount = 0; 238vm_offset_t kd_maptomem = 0; 239 240off_t RAW_file_offset = 0; 241int RAW_file_written = 0; 242 243#define RAW_FLUSH_SIZE (2 * 1024 * 1024) 244 245 246pid_t global_state_pid = -1; /* Used to control exclusive use of kd_buffer */ 247 248#define DBG_FUNC_MASK 0xfffffffc 249 250/* TODO: move to kdebug.h */ 251#define CLASS_MASK 0xff000000 252#define CLASS_OFFSET 24 253#define SUBCLASS_MASK 0x00ff0000 254#define SUBCLASS_OFFSET 16 255#define CSC_MASK 0xffff0000 /* class and subclass mask */ 256#define CSC_OFFSET SUBCLASS_OFFSET 257 258#define EXTRACT_CLASS(debugid) ( (uint8_t) ( ((debugid) & CLASS_MASK ) >> CLASS_OFFSET ) ) 259#define EXTRACT_SUBCLASS(debugid) ( (uint8_t) ( ((debugid) & SUBCLASS_MASK) >> SUBCLASS_OFFSET ) ) 260#define EXTRACT_CSC(debugid) ( (uint16_t)( ((debugid) & CSC_MASK ) >> CSC_OFFSET ) ) 261 262#define INTERRUPT 0x01050000 263#define MACH_vmfault 0x01300008 264#define BSC_SysCall 0x040c0000 265#define MACH_SysCall 0x010c0000 266#define DBG_SCALL_MASK 0xffff0000 267 268 269/* task to string structure */ 270struct tts 271{ 272 task_t task; /* from procs task */ 273 pid_t pid; /* from procs p_pid */ 274 char task_comm[20]; /* from procs p_comm */ 275}; 276 277typedef struct tts tts_t; 278 279struct krt 280{ 281 kd_threadmap *map; /* pointer to the map buffer */ 282 int count; 283 int maxcount; 284 struct tts *atts; 285}; 286 287typedef struct krt krt_t; 288 289/* This is for the CHUD toolkit call */ 290typedef void (*kd_chudhook_fn) (uint32_t debugid, uintptr_t arg1, 291 uintptr_t arg2, uintptr_t arg3, 292 uintptr_t arg4, uintptr_t arg5); 293 294volatile kd_chudhook_fn kdebug_chudhook = 0; /* pointer to CHUD toolkit function */ 295 296__private_extern__ void stackshot_lock_init( void ) __attribute__((section("__TEXT, initcode"))); 297 298static uint8_t *type_filter_bitmap; 299 300static void 301kdbg_set_tracing_enabled(boolean_t enabled, uint32_t trace_type) 302{ 303 int s = ml_set_interrupts_enabled(FALSE); 304 lck_spin_lock(kds_spin_lock); 305 306 if (enabled) { 307 kdebug_enable |= trace_type; 308 kd_ctrl_page.kdebug_slowcheck &= ~SLOW_NOLOG; 309 kd_ctrl_page.enabled = 1; 310 } else { 311 kdebug_enable &= ~(KDEBUG_ENABLE_TRACE|KDEBUG_ENABLE_PPT); 312 kd_ctrl_page.kdebug_slowcheck |= SLOW_NOLOG; 313 kd_ctrl_page.enabled = 0; 314 } 315 lck_spin_unlock(kds_spin_lock); 316 ml_set_interrupts_enabled(s); 317} 318 319static void 320kdbg_set_flags(int slowflag, int enableflag, boolean_t enabled) 321{ 322 int s = ml_set_interrupts_enabled(FALSE); 323 lck_spin_lock(kds_spin_lock); 324 325 if (enabled) { 326 kd_ctrl_page.kdebug_slowcheck |= slowflag; 327 kdebug_enable |= enableflag; 328 } else { 329 kd_ctrl_page.kdebug_slowcheck &= ~slowflag; 330 kdebug_enable &= ~enableflag; 331 } 332 lck_spin_unlock(kds_spin_lock); 333 ml_set_interrupts_enabled(s); 334} 335 336 337#ifdef NATIVE_TRACE_FACILITY 338void 339disable_wrap(uint32_t *old_slowcheck, uint32_t *old_flags) 340{ 341 int s = ml_set_interrupts_enabled(FALSE); 342 lck_spin_lock(kds_spin_lock); 343 344 *old_slowcheck = kd_ctrl_page.kdebug_slowcheck; 345 *old_flags = kd_ctrl_page.kdebug_flags; 346 347 kd_ctrl_page.kdebug_flags &= ~KDBG_WRAPPED; 348 kd_ctrl_page.kdebug_flags |= KDBG_NOWRAP; 349 350 lck_spin_unlock(kds_spin_lock); 351 ml_set_interrupts_enabled(s); 352} 353 354void 355enable_wrap(uint32_t old_slowcheck, boolean_t lostevents) 356{ 357 int s = ml_set_interrupts_enabled(FALSE); 358 lck_spin_lock(kds_spin_lock); 359 360 kd_ctrl_page.kdebug_flags &= ~KDBG_NOWRAP; 361 362 if ( !(old_slowcheck & SLOW_NOLOG)) 363 kd_ctrl_page.kdebug_slowcheck &= ~SLOW_NOLOG; 364 365 if (lostevents == TRUE) 366 kd_ctrl_page.kdebug_flags |= KDBG_WRAPPED; 367 368 lck_spin_unlock(kds_spin_lock); 369 ml_set_interrupts_enabled(s); 370} 371 372void trace_set_timebases(__unused uint64_t tsc, __unused uint64_t ns) 373{ 374} 375#else 376/* Begin functions that are defined twice */ 377void trace_set_timebases(uint64_t tsc, uint64_t ns) 378{ 379 int cpu = cpu_number(); 380 kd_ctrl_page.cpu_timebase[cpu].tsc_base = tsc; 381 kd_ctrl_page.cpu_timebase[cpu].ns_base = ns; 382} 383 384#endif 385 386static int 387#if defined(__i386__) || defined(__x86_64__) 388create_buffers(boolean_t early_trace) 389#else 390create_buffers(__unused boolean_t early_trace) 391#endif 392{ 393 int i; 394 int p_buffer_size; 395 int f_buffer_size; 396 int f_buffers; 397 int error = 0; 398 399 /* 400 * get the number of cpus and cache it 401 */ 402#if defined(__i386__) || defined(__x86_64__) 403 if (early_trace == TRUE) { 404 /* 405 * we've started tracing before the 406 * IOKit has even started running... just 407 * use the static max value 408 */ 409 kd_cpus = max_ncpus; 410 } else 411#endif 412 { 413 host_basic_info_data_t hinfo; 414 mach_msg_type_number_t count = HOST_BASIC_INFO_COUNT; 415 416#define BSD_HOST 1 417 host_info((host_t)BSD_HOST, HOST_BASIC_INFO, (host_info_t)&hinfo, &count); 418 kd_cpus = hinfo.logical_cpu_max; 419 } 420 if (kmem_alloc(kernel_map, (vm_offset_t *)&kdbip, sizeof(struct kd_bufinfo) * kd_cpus) != KERN_SUCCESS) { 421 error = ENOSPC; 422 goto out; 423 } 424 425 trace_handler_map_bufinfo((uintptr_t)kdbip, sizeof(struct kd_bufinfo) * kd_cpus); 426 427#if !defined(NATIVE_TRACE_FACILITY) 428 for(i=0;i<(int)kd_cpus;i++) { 429 get_nanotime_timebases(i, 430 &kd_ctrl_page.cpu_timebase[i].tsc_base, 431 &kd_ctrl_page.cpu_timebase[i].ns_base); 432 } 433#endif 434 435 if (nkdbufs < (kd_cpus * EVENTS_PER_STORAGE_UNIT * MIN_STORAGE_UNITS_PER_CPU)) 436 n_storage_units = kd_cpus * MIN_STORAGE_UNITS_PER_CPU; 437 else 438 n_storage_units = nkdbufs / EVENTS_PER_STORAGE_UNIT; 439 440 nkdbufs = n_storage_units * EVENTS_PER_STORAGE_UNIT; 441 442 f_buffers = n_storage_units / N_STORAGE_UNITS_PER_BUFFER; 443 n_storage_buffers = f_buffers; 444 445 f_buffer_size = N_STORAGE_UNITS_PER_BUFFER * sizeof(struct kd_storage); 446 p_buffer_size = (n_storage_units % N_STORAGE_UNITS_PER_BUFFER) * sizeof(struct kd_storage); 447 448 if (p_buffer_size) 449 n_storage_buffers++; 450 451 kd_bufs = NULL; 452 453 if (kdcopybuf == 0) { 454 if (kmem_alloc(kernel_map, (vm_offset_t *)&kdcopybuf, (vm_size_t)KDCOPYBUF_SIZE) != KERN_SUCCESS) { 455 error = ENOSPC; 456 goto out; 457 } 458 } 459 if (kmem_alloc(kernel_map, (vm_offset_t *)&kd_bufs, (vm_size_t)(n_storage_buffers * sizeof(struct kd_storage_buffers))) != KERN_SUCCESS) { 460 error = ENOSPC; 461 goto out; 462 } 463 bzero(kd_bufs, n_storage_buffers * sizeof(struct kd_storage_buffers)); 464 465 for (i = 0; i < f_buffers; i++) { 466 if (kmem_alloc(kernel_map, (vm_offset_t *)&kd_bufs[i].kdsb_addr, (vm_size_t)f_buffer_size) != KERN_SUCCESS) { 467 error = ENOSPC; 468 goto out; 469 } 470 bzero(kd_bufs[i].kdsb_addr, f_buffer_size); 471 472 kd_bufs[i].kdsb_size = f_buffer_size; 473 } 474 if (p_buffer_size) { 475 if (kmem_alloc(kernel_map, (vm_offset_t *)&kd_bufs[i].kdsb_addr, (vm_size_t)p_buffer_size) != KERN_SUCCESS) { 476 error = ENOSPC; 477 goto out; 478 } 479 bzero(kd_bufs[i].kdsb_addr, p_buffer_size); 480 481 kd_bufs[i].kdsb_size = p_buffer_size; 482 } 483 n_storage_units = 0; 484 485 for (i = 0; i < n_storage_buffers; i++) { 486 struct kd_storage *kds; 487 int n_elements; 488 int n; 489 490 n_elements = kd_bufs[i].kdsb_size / sizeof(struct kd_storage); 491 kds = kd_bufs[i].kdsb_addr; 492 493 trace_handler_map_buffer(i, (uintptr_t)kd_bufs[i].kdsb_addr, kd_bufs[i].kdsb_size); 494 495 for (n = 0; n < n_elements; n++) { 496 kds[n].kds_next.buffer_index = kd_ctrl_page.kds_free_list.buffer_index; 497 kds[n].kds_next.offset = kd_ctrl_page.kds_free_list.offset; 498 499 kd_ctrl_page.kds_free_list.buffer_index = i; 500 kd_ctrl_page.kds_free_list.offset = n; 501 } 502 n_storage_units += n_elements; 503 } 504 505 bzero((char *)kdbip, sizeof(struct kd_bufinfo) * kd_cpus); 506 507 for (i = 0; i < (int)kd_cpus; i++) { 508 kdbip[i].kd_list_head.raw = KDS_PTR_NULL; 509 kdbip[i].kd_list_tail.raw = KDS_PTR_NULL; 510 kdbip[i].kd_lostevents = FALSE; 511 kdbip[i].num_bufs = 0; 512 } 513 514 kd_ctrl_page.kdebug_flags |= KDBG_BUFINIT; 515 516 kd_ctrl_page.kds_inuse_count = 0; 517 n_storage_threshold = n_storage_units / 2; 518out: 519 if (error) 520 delete_buffers(); 521 522 return(error); 523} 524 525 526static void 527delete_buffers(void) 528{ 529 int i; 530 531 if (kd_bufs) { 532 for (i = 0; i < n_storage_buffers; i++) { 533 if (kd_bufs[i].kdsb_addr) { 534 kmem_free(kernel_map, (vm_offset_t)kd_bufs[i].kdsb_addr, (vm_size_t)kd_bufs[i].kdsb_size); 535 trace_handler_unmap_buffer(i); 536 } 537 } 538 kmem_free(kernel_map, (vm_offset_t)kd_bufs, (vm_size_t)(n_storage_buffers * sizeof(struct kd_storage_buffers))); 539 540 kd_bufs = NULL; 541 n_storage_buffers = 0; 542 } 543 if (kdcopybuf) { 544 kmem_free(kernel_map, (vm_offset_t)kdcopybuf, KDCOPYBUF_SIZE); 545 546 kdcopybuf = NULL; 547 } 548 kd_ctrl_page.kds_free_list.raw = KDS_PTR_NULL; 549 550 if (kdbip) { 551 trace_handler_unmap_bufinfo(); 552 553 kmem_free(kernel_map, (vm_offset_t)kdbip, sizeof(struct kd_bufinfo) * kd_cpus); 554 555 kdbip = NULL; 556 } 557 kd_ctrl_page.kdebug_flags &= ~KDBG_BUFINIT; 558} 559 560 561#ifdef NATIVE_TRACE_FACILITY 562void 563release_storage_unit(int cpu, uint32_t kdsp_raw) 564{ 565 int s = 0; 566 struct kd_storage *kdsp_actual; 567 struct kd_bufinfo *kdbp; 568 union kds_ptr kdsp; 569 570 kdsp.raw = kdsp_raw; 571 572 s = ml_set_interrupts_enabled(FALSE); 573 lck_spin_lock(kds_spin_lock); 574 575 kdbp = &kdbip[cpu]; 576 577 if (kdsp.raw == kdbp->kd_list_head.raw) { 578 /* 579 * it's possible for the storage unit pointed to 580 * by kdsp to have already been stolen... so 581 * check to see if it's still the head of the list 582 * now that we're behind the lock that protects 583 * adding and removing from the queue... 584 * since we only ever release and steal units from 585 * that position, if it's no longer the head 586 * we having nothing to do in this context 587 */ 588 kdsp_actual = POINTER_FROM_KDS_PTR(kdsp); 589 kdbp->kd_list_head = kdsp_actual->kds_next; 590 591 kdsp_actual->kds_next = kd_ctrl_page.kds_free_list; 592 kd_ctrl_page.kds_free_list = kdsp; 593 594 kd_ctrl_page.kds_inuse_count--; 595 } 596 lck_spin_unlock(kds_spin_lock); 597 ml_set_interrupts_enabled(s); 598} 599 600 601boolean_t 602allocate_storage_unit(int cpu) 603{ 604 union kds_ptr kdsp; 605 struct kd_storage *kdsp_actual, *kdsp_next_actual; 606 struct kd_bufinfo *kdbp, *kdbp_vict, *kdbp_try; 607 uint64_t oldest_ts, ts; 608 boolean_t retval = TRUE; 609 int s = 0; 610 611 s = ml_set_interrupts_enabled(FALSE); 612 lck_spin_lock(kds_spin_lock); 613 614 kdbp = &kdbip[cpu]; 615 616 /* If someone beat us to the allocate, return success */ 617 if (kdbp->kd_list_tail.raw != KDS_PTR_NULL) { 618 kdsp_actual = POINTER_FROM_KDS_PTR(kdbp->kd_list_tail); 619 620 if (kdsp_actual->kds_bufindx < EVENTS_PER_STORAGE_UNIT) 621 goto out; 622 } 623 624 if ((kdsp = kd_ctrl_page.kds_free_list).raw != KDS_PTR_NULL) { 625 kdsp_actual = POINTER_FROM_KDS_PTR(kdsp); 626 kd_ctrl_page.kds_free_list = kdsp_actual->kds_next; 627 628 kd_ctrl_page.kds_inuse_count++; 629 } else { 630 if (kd_ctrl_page.kdebug_flags & KDBG_NOWRAP) { 631 kd_ctrl_page.kdebug_slowcheck |= SLOW_NOLOG; 632 kdbp->kd_lostevents = TRUE; 633 retval = FALSE; 634 goto out; 635 } 636 kdbp_vict = NULL; 637 oldest_ts = (uint64_t)-1; 638 639 for (kdbp_try = &kdbip[0]; kdbp_try < &kdbip[kd_cpus]; kdbp_try++) { 640 641 if (kdbp_try->kd_list_head.raw == KDS_PTR_NULL) { 642 /* 643 * no storage unit to steal 644 */ 645 continue; 646 } 647 648 kdsp_actual = POINTER_FROM_KDS_PTR(kdbp_try->kd_list_head); 649 650 if (kdsp_actual->kds_bufcnt < EVENTS_PER_STORAGE_UNIT) { 651 /* 652 * make sure we don't steal the storage unit 653 * being actively recorded to... need to 654 * move on because we don't want an out-of-order 655 * set of events showing up later 656 */ 657 continue; 658 } 659 ts = kdbg_get_timestamp(&kdsp_actual->kds_records[0]); 660 661 if (ts < oldest_ts) { 662 /* 663 * when 'wrapping', we want to steal the 664 * storage unit that has the 'earliest' time 665 * associated with it (first event time) 666 */ 667 oldest_ts = ts; 668 kdbp_vict = kdbp_try; 669 } 670 } 671 if (kdbp_vict == NULL) { 672 kdebug_enable = 0; 673 kd_ctrl_page.enabled = 0; 674 retval = FALSE; 675 goto out; 676 } 677 kdsp = kdbp_vict->kd_list_head; 678 kdsp_actual = POINTER_FROM_KDS_PTR(kdsp); 679 kdbp_vict->kd_list_head = kdsp_actual->kds_next; 680 681 if (kdbp_vict->kd_list_head.raw != KDS_PTR_NULL) { 682 kdsp_next_actual = POINTER_FROM_KDS_PTR(kdbp_vict->kd_list_head); 683 kdsp_next_actual->kds_lostevents = TRUE; 684 } else 685 kdbp_vict->kd_lostevents = TRUE; 686 687 kd_ctrl_page.kdebug_flags |= KDBG_WRAPPED; 688 } 689 kdsp_actual->kds_timestamp = mach_absolute_time(); 690 kdsp_actual->kds_next.raw = KDS_PTR_NULL; 691 kdsp_actual->kds_bufcnt = 0; 692 kdsp_actual->kds_readlast = 0; 693 694 kdsp_actual->kds_lostevents = kdbp->kd_lostevents; 695 kdbp->kd_lostevents = FALSE; 696 kdsp_actual->kds_bufindx = 0; 697 698 if (kdbp->kd_list_head.raw == KDS_PTR_NULL) 699 kdbp->kd_list_head = kdsp; 700 else 701 POINTER_FROM_KDS_PTR(kdbp->kd_list_tail)->kds_next = kdsp; 702 kdbp->kd_list_tail = kdsp; 703out: 704 lck_spin_unlock(kds_spin_lock); 705 ml_set_interrupts_enabled(s); 706 707 return (retval); 708} 709#endif 710 711void 712kernel_debug_internal( 713 uint32_t debugid, 714 uintptr_t arg1, 715 uintptr_t arg2, 716 uintptr_t arg3, 717 uintptr_t arg4, 718 uintptr_t arg5, 719 int entropy_flag); 720 721__attribute__((always_inline)) void 722kernel_debug_internal( 723 uint32_t debugid, 724 uintptr_t arg1, 725 uintptr_t arg2, 726 uintptr_t arg3, 727 uintptr_t arg4, 728 uintptr_t arg5, 729 int entropy_flag) 730{ 731 struct proc *curproc; 732 uint64_t now; 733 uint32_t bindx; 734 boolean_t s; 735 kd_buf *kd; 736 int cpu; 737 struct kd_bufinfo *kdbp; 738 struct kd_storage *kdsp_actual; 739 union kds_ptr kds_raw; 740 741 742 743 if (kd_ctrl_page.kdebug_slowcheck) { 744 745 if (kdebug_enable & KDEBUG_ENABLE_CHUD) { 746 kd_chudhook_fn chudhook; 747 /* 748 * Mask interrupts to minimize the interval across 749 * which the driver providing the hook could be 750 * unloaded. 751 */ 752 s = ml_set_interrupts_enabled(FALSE); 753 chudhook = kdebug_chudhook; 754 if (chudhook) 755 chudhook(debugid, arg1, arg2, arg3, arg4, arg5); 756 ml_set_interrupts_enabled(s); 757 } 758 if ((kdebug_enable & KDEBUG_ENABLE_ENTROPY) && entropy_flag) { 759 760 now = mach_absolute_time(); 761 762 s = ml_set_interrupts_enabled(FALSE); 763 lck_spin_lock(kds_spin_lock); 764 765 if (kdebug_enable & KDEBUG_ENABLE_ENTROPY) { 766 767 if (kd_entropy_indx < kd_entropy_count) { 768 kd_entropy_buffer[kd_entropy_indx] = now; 769 kd_entropy_indx++; 770 } 771 if (kd_entropy_indx == kd_entropy_count) { 772 /* 773 * Disable entropy collection 774 */ 775 kdebug_enable &= ~KDEBUG_ENABLE_ENTROPY; 776 kd_ctrl_page.kdebug_slowcheck &= ~SLOW_ENTROPY; 777 } 778 } 779 lck_spin_unlock(kds_spin_lock); 780 ml_set_interrupts_enabled(s); 781 } 782 if ( (kd_ctrl_page.kdebug_slowcheck & SLOW_NOLOG) || !(kdebug_enable & (KDEBUG_ENABLE_TRACE|KDEBUG_ENABLE_PPT))) 783 goto out1; 784 785 if ( !ml_at_interrupt_context()) { 786 if (kd_ctrl_page.kdebug_flags & KDBG_PIDCHECK) { 787 /* 788 * If kdebug flag is not set for current proc, return 789 */ 790 curproc = current_proc(); 791 792 if ((curproc && !(curproc->p_kdebug)) && 793 ((debugid & 0xffff0000) != (MACHDBG_CODE(DBG_MACH_SCHED, 0) | DBG_FUNC_NONE)) && 794 (debugid >> 24 != DBG_TRACE)) 795 goto out1; 796 } 797 else if (kd_ctrl_page.kdebug_flags & KDBG_PIDEXCLUDE) { 798 /* 799 * If kdebug flag is set for current proc, return 800 */ 801 curproc = current_proc(); 802 803 if ((curproc && curproc->p_kdebug) && 804 ((debugid & 0xffff0000) != (MACHDBG_CODE(DBG_MACH_SCHED, 0) | DBG_FUNC_NONE)) && 805 (debugid >> 24 != DBG_TRACE)) 806 goto out1; 807 } 808 } 809 810 if (kd_ctrl_page.kdebug_flags & KDBG_TYPEFILTER_CHECK) { 811 /* Always record trace system info */ 812 if (EXTRACT_CLASS(debugid) == DBG_TRACE) 813 goto record_event; 814 815 if (isset(type_filter_bitmap, EXTRACT_CSC(debugid))) 816 goto record_event; 817 goto out1; 818 } 819 else if (kd_ctrl_page.kdebug_flags & KDBG_RANGECHECK) { 820 if ((debugid >= kdlog_beg && debugid <= kdlog_end) || (debugid >> 24) == DBG_TRACE) 821 goto record_event; 822 if (kdlog_sched_events && (debugid & 0xffff0000) == (MACHDBG_CODE(DBG_MACH_SCHED, 0) | DBG_FUNC_NONE)) 823 goto record_event; 824 goto out1; 825 } 826 else if (kd_ctrl_page.kdebug_flags & KDBG_VALCHECK) { 827 if ((debugid & DBG_FUNC_MASK) != kdlog_value1 && 828 (debugid & DBG_FUNC_MASK) != kdlog_value2 && 829 (debugid & DBG_FUNC_MASK) != kdlog_value3 && 830 (debugid & DBG_FUNC_MASK) != kdlog_value4 && 831 (debugid >> 24 != DBG_TRACE)) 832 goto out1; 833 } 834 } 835record_event: 836 disable_preemption(); 837 cpu = cpu_number(); 838 kdbp = &kdbip[cpu]; 839retry_q: 840 kds_raw = kdbp->kd_list_tail; 841 842 if (kds_raw.raw != KDS_PTR_NULL) { 843 kdsp_actual = POINTER_FROM_KDS_PTR(kds_raw); 844 bindx = kdsp_actual->kds_bufindx; 845 } else 846 kdsp_actual = NULL; 847 848 if (kdsp_actual == NULL || bindx >= EVENTS_PER_STORAGE_UNIT) { 849 if (allocate_storage_unit(cpu) == FALSE) { 850 /* 851 * this can only happen if wrapping 852 * has been disabled 853 */ 854 goto out; 855 } 856 goto retry_q; 857 } 858 now = mach_absolute_time() & KDBG_TIMESTAMP_MASK; 859 860 if ( !OSCompareAndSwap(bindx, bindx + 1, &kdsp_actual->kds_bufindx)) 861 goto retry_q; 862 863 kd = &kdsp_actual->kds_records[bindx]; 864 865 kd->debugid = debugid; 866 kd->arg1 = arg1; 867 kd->arg2 = arg2; 868 kd->arg3 = arg3; 869 kd->arg4 = arg4; 870 kd->arg5 = arg5; 871 872 kdbg_set_timestamp_and_cpu(kd, now, cpu); 873 874 OSAddAtomic(1, &kdsp_actual->kds_bufcnt); 875out: 876 enable_preemption(); 877out1: 878 if ((kds_waiter && kd_ctrl_page.kds_inuse_count >= n_storage_threshold) || 879 (kde_waiter && kd_entropy_indx >= kd_entropy_count)) { 880 uint32_t etype; 881 uint32_t stype; 882 883 etype = debugid & DBG_FUNC_MASK; 884 stype = debugid & DBG_SCALL_MASK; 885 886 if (etype == INTERRUPT || etype == MACH_vmfault || 887 stype == BSC_SysCall || stype == MACH_SysCall) { 888 889 boolean_t need_kds_wakeup = FALSE; 890 boolean_t need_kde_wakeup = FALSE; 891 892 /* 893 * try to take the lock here to synchronize with the 894 * waiter entering the blocked state... use the try 895 * mode to prevent deadlocks caused by re-entering this 896 * routine due to various trace points triggered in the 897 * lck_spin_sleep_xxxx routines used to actually enter 898 * one of our 2 wait conditions... no problem if we fail, 899 * there will be lots of additional events coming in that 900 * will eventually succeed in grabbing this lock 901 */ 902 s = ml_set_interrupts_enabled(FALSE); 903 904 if (lck_spin_try_lock(kdw_spin_lock)) { 905 906 if (kds_waiter && kd_ctrl_page.kds_inuse_count >= n_storage_threshold) { 907 kds_waiter = 0; 908 need_kds_wakeup = TRUE; 909 } 910 if (kde_waiter && kd_entropy_indx >= kd_entropy_count) { 911 kde_waiter = 0; 912 need_kde_wakeup = TRUE; 913 } 914 lck_spin_unlock(kdw_spin_lock); 915 } 916 ml_set_interrupts_enabled(s); 917 918 if (need_kds_wakeup == TRUE) 919 wakeup(&kds_waiter); 920 if (need_kde_wakeup == TRUE) 921 wakeup(&kde_waiter); 922 } 923 } 924} 925 926void 927kernel_debug( 928 uint32_t debugid, 929 uintptr_t arg1, 930 uintptr_t arg2, 931 uintptr_t arg3, 932 uintptr_t arg4, 933 __unused uintptr_t arg5) 934{ 935 kernel_debug_internal(debugid, arg1, arg2, arg3, arg4, (uintptr_t)thread_tid(current_thread()), 1); 936} 937 938void 939kernel_debug1( 940 uint32_t debugid, 941 uintptr_t arg1, 942 uintptr_t arg2, 943 uintptr_t arg3, 944 uintptr_t arg4, 945 uintptr_t arg5) 946{ 947 kernel_debug_internal(debugid, arg1, arg2, arg3, arg4, arg5, 1); 948} 949 950/* 951 * Support syscall SYS_kdebug_trace 952 */ 953int 954kdebug_trace(__unused struct proc *p, struct kdebug_trace_args *uap, __unused int32_t *retval) 955{ 956 if ( __probable(kdebug_enable == 0) ) 957 return(EINVAL); 958 959 kernel_debug_internal(uap->code, uap->arg1, uap->arg2, uap->arg3, uap->arg4, (uintptr_t)thread_tid(current_thread()), 0); 960 961 return(0); 962} 963 964 965static void 966kdbg_lock_init(void) 967{ 968 if (kd_ctrl_page.kdebug_flags & KDBG_LOCKINIT) 969 return; 970 971 trace_handler_map_ctrl_page((uintptr_t)&kd_ctrl_page, sizeof(kd_ctrl_page), sizeof(struct kd_storage), sizeof(union kds_ptr)); 972 973 /* 974 * allocate lock group attribute and group 975 */ 976 kd_trace_mtx_sysctl_grp_attr = lck_grp_attr_alloc_init(); 977 kd_trace_mtx_sysctl_grp = lck_grp_alloc_init("kdebug", kd_trace_mtx_sysctl_grp_attr); 978 979 /* 980 * allocate the lock attribute 981 */ 982 kd_trace_mtx_sysctl_attr = lck_attr_alloc_init(); 983 984 985 /* 986 * allocate and initialize mutex's 987 */ 988 kd_trace_mtx_sysctl = lck_mtx_alloc_init(kd_trace_mtx_sysctl_grp, kd_trace_mtx_sysctl_attr); 989 kds_spin_lock = lck_spin_alloc_init(kd_trace_mtx_sysctl_grp, kd_trace_mtx_sysctl_attr); 990 kdw_spin_lock = lck_spin_alloc_init(kd_trace_mtx_sysctl_grp, kd_trace_mtx_sysctl_attr); 991 992 kd_ctrl_page.kdebug_flags |= KDBG_LOCKINIT; 993} 994 995 996int 997kdbg_bootstrap(boolean_t early_trace) 998{ 999 kd_ctrl_page.kdebug_flags &= ~KDBG_WRAPPED; 1000 1001 return (create_buffers(early_trace)); 1002} 1003 1004int 1005kdbg_reinit(boolean_t early_trace) 1006{ 1007 int ret = 0; 1008 1009 /* 1010 * Disable trace collecting 1011 * First make sure we're not in 1012 * the middle of cutting a trace 1013 */ 1014 kdbg_set_tracing_enabled(FALSE, KDEBUG_ENABLE_TRACE); 1015 1016 /* 1017 * make sure the SLOW_NOLOG is seen 1018 * by everyone that might be trying 1019 * to cut a trace.. 1020 */ 1021 IOSleep(100); 1022 1023 delete_buffers(); 1024 1025 if ((kd_ctrl_page.kdebug_flags & KDBG_MAPINIT) && kd_mapsize && kd_mapptr) { 1026 kmem_free(kernel_map, (vm_offset_t)kd_mapptr, kd_mapsize); 1027 kd_ctrl_page.kdebug_flags &= ~KDBG_MAPINIT; 1028 kd_mapsize = 0; 1029 kd_mapptr = (kd_threadmap *) 0; 1030 kd_mapcount = 0; 1031 } 1032 ret = kdbg_bootstrap(early_trace); 1033 1034 RAW_file_offset = 0; 1035 RAW_file_written = 0; 1036 1037 return(ret); 1038} 1039 1040void 1041kdbg_trace_data(struct proc *proc, long *arg_pid) 1042{ 1043 if (!proc) 1044 *arg_pid = 0; 1045 else 1046 *arg_pid = proc->p_pid; 1047} 1048 1049 1050void 1051kdbg_trace_string(struct proc *proc, long *arg1, long *arg2, long *arg3, long *arg4) 1052{ 1053 char *dbg_nameptr; 1054 int dbg_namelen; 1055 long dbg_parms[4]; 1056 1057 if (!proc) { 1058 *arg1 = 0; 1059 *arg2 = 0; 1060 *arg3 = 0; 1061 *arg4 = 0; 1062 return; 1063 } 1064 /* 1065 * Collect the pathname for tracing 1066 */ 1067 dbg_nameptr = proc->p_comm; 1068 dbg_namelen = (int)strlen(proc->p_comm); 1069 dbg_parms[0]=0L; 1070 dbg_parms[1]=0L; 1071 dbg_parms[2]=0L; 1072 dbg_parms[3]=0L; 1073 1074 if(dbg_namelen > (int)sizeof(dbg_parms)) 1075 dbg_namelen = (int)sizeof(dbg_parms); 1076 1077 strncpy((char *)dbg_parms, dbg_nameptr, dbg_namelen); 1078 1079 *arg1=dbg_parms[0]; 1080 *arg2=dbg_parms[1]; 1081 *arg3=dbg_parms[2]; 1082 *arg4=dbg_parms[3]; 1083} 1084 1085static void 1086kdbg_resolve_map(thread_t th_act, void *opaque) 1087{ 1088 kd_threadmap *mapptr; 1089 krt_t *t = (krt_t *)opaque; 1090 1091 if (t->count < t->maxcount) { 1092 mapptr = &t->map[t->count]; 1093 mapptr->thread = (uintptr_t)thread_tid(th_act); 1094 1095 (void) strlcpy (mapptr->command, t->atts->task_comm, 1096 sizeof(t->atts->task_comm)); 1097 /* 1098 * Some kernel threads have no associated pid. 1099 * We still need to mark the entry as valid. 1100 */ 1101 if (t->atts->pid) 1102 mapptr->valid = t->atts->pid; 1103 else 1104 mapptr->valid = 1; 1105 1106 t->count++; 1107 } 1108} 1109 1110void 1111kdbg_mapinit(void) 1112{ 1113 struct proc *p; 1114 struct krt akrt; 1115 int tts_count; /* number of task-to-string structures */ 1116 struct tts *tts_mapptr; 1117 unsigned int tts_mapsize = 0; 1118 vm_offset_t tts_maptomem=0; 1119 int i; 1120 1121 if (kd_ctrl_page.kdebug_flags & KDBG_MAPINIT) 1122 return; 1123 1124 /* 1125 * need to use PROC_SCANPROCLIST with proc_iterate 1126 */ 1127 proc_list_lock(); 1128 1129 /* 1130 * Calculate the sizes of map buffers 1131 */ 1132 for (p = allproc.lh_first, kd_mapcount=0, tts_count=0; p; p = p->p_list.le_next) { 1133 kd_mapcount += get_task_numacts((task_t)p->task); 1134 tts_count++; 1135 } 1136 proc_list_unlock(); 1137 1138 /* 1139 * The proc count could change during buffer allocation, 1140 * so introduce a small fudge factor to bump up the 1141 * buffer sizes. This gives new tasks some chance of 1142 * making into the tables. Bump up by 10%. 1143 */ 1144 kd_mapcount += kd_mapcount/10; 1145 tts_count += tts_count/10; 1146 1147 kd_mapsize = kd_mapcount * sizeof(kd_threadmap); 1148 1149 if ((kmem_alloc(kernel_map, & kd_maptomem, (vm_size_t)kd_mapsize) == KERN_SUCCESS)) { 1150 kd_mapptr = (kd_threadmap *) kd_maptomem; 1151 bzero(kd_mapptr, kd_mapsize); 1152 } else 1153 kd_mapptr = (kd_threadmap *) 0; 1154 1155 tts_mapsize = tts_count * sizeof(struct tts); 1156 1157 if ((kmem_alloc(kernel_map, & tts_maptomem, (vm_size_t)tts_mapsize) == KERN_SUCCESS)) { 1158 tts_mapptr = (struct tts *) tts_maptomem; 1159 bzero(tts_mapptr, tts_mapsize); 1160 } else 1161 tts_mapptr = (struct tts *) 0; 1162 1163 /* 1164 * We need to save the procs command string 1165 * and take a reference for each task associated 1166 * with a valid process 1167 */ 1168 if (tts_mapptr) { 1169 /* 1170 * should use proc_iterate 1171 */ 1172 proc_list_lock(); 1173 1174 for (p = allproc.lh_first, i=0; p && i < tts_count; p = p->p_list.le_next) { 1175 if (p->p_lflag & P_LEXIT) 1176 continue; 1177 1178 if (p->task) { 1179 task_reference(p->task); 1180 tts_mapptr[i].task = p->task; 1181 tts_mapptr[i].pid = p->p_pid; 1182 (void)strlcpy(tts_mapptr[i].task_comm, p->p_comm, sizeof(tts_mapptr[i].task_comm)); 1183 i++; 1184 } 1185 } 1186 tts_count = i; 1187 1188 proc_list_unlock(); 1189 } 1190 1191 if (kd_mapptr && tts_mapptr) { 1192 kd_ctrl_page.kdebug_flags |= KDBG_MAPINIT; 1193 1194 /* 1195 * Initialize thread map data 1196 */ 1197 akrt.map = kd_mapptr; 1198 akrt.count = 0; 1199 akrt.maxcount = kd_mapcount; 1200 1201 for (i = 0; i < tts_count; i++) { 1202 akrt.atts = &tts_mapptr[i]; 1203 task_act_iterate_wth_args(tts_mapptr[i].task, kdbg_resolve_map, &akrt); 1204 task_deallocate((task_t) tts_mapptr[i].task); 1205 } 1206 kmem_free(kernel_map, (vm_offset_t)tts_mapptr, tts_mapsize); 1207 } 1208} 1209 1210static void 1211kdbg_clear(void) 1212{ 1213 /* 1214 * Clean up the trace buffer 1215 * First make sure we're not in 1216 * the middle of cutting a trace 1217 */ 1218 kdbg_set_tracing_enabled(FALSE, KDEBUG_ENABLE_TRACE); 1219 1220 /* 1221 * make sure the SLOW_NOLOG is seen 1222 * by everyone that might be trying 1223 * to cut a trace.. 1224 */ 1225 IOSleep(100); 1226 1227 kdlog_sched_events = 0; 1228 global_state_pid = -1; 1229 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1230 kd_ctrl_page.kdebug_flags &= ~(KDBG_NOWRAP | KDBG_RANGECHECK | KDBG_VALCHECK); 1231 kd_ctrl_page.kdebug_flags &= ~(KDBG_PIDCHECK | KDBG_PIDEXCLUDE); 1232 1233 kdbg_disable_typefilter(); 1234 1235 delete_buffers(); 1236 nkdbufs = 0; 1237 1238 /* Clean up the thread map buffer */ 1239 kd_ctrl_page.kdebug_flags &= ~KDBG_MAPINIT; 1240 if (kd_mapptr) { 1241 kmem_free(kernel_map, (vm_offset_t)kd_mapptr, kd_mapsize); 1242 kd_mapptr = (kd_threadmap *) 0; 1243 } 1244 kd_mapsize = 0; 1245 kd_mapcount = 0; 1246 1247 RAW_file_offset = 0; 1248 RAW_file_written = 0; 1249} 1250 1251int 1252kdbg_setpid(kd_regtype *kdr) 1253{ 1254 pid_t pid; 1255 int flag, ret=0; 1256 struct proc *p; 1257 1258 pid = (pid_t)kdr->value1; 1259 flag = (int)kdr->value2; 1260 1261 if (pid > 0) { 1262 if ((p = proc_find(pid)) == NULL) 1263 ret = ESRCH; 1264 else { 1265 if (flag == 1) { 1266 /* 1267 * turn on pid check for this and all pids 1268 */ 1269 kd_ctrl_page.kdebug_flags |= KDBG_PIDCHECK; 1270 kd_ctrl_page.kdebug_flags &= ~KDBG_PIDEXCLUDE; 1271 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1272 1273 p->p_kdebug = 1; 1274 } else { 1275 /* 1276 * turn off pid check for this pid value 1277 * Don't turn off all pid checking though 1278 * 1279 * kd_ctrl_page.kdebug_flags &= ~KDBG_PIDCHECK; 1280 */ 1281 p->p_kdebug = 0; 1282 } 1283 proc_rele(p); 1284 } 1285 } 1286 else 1287 ret = EINVAL; 1288 1289 return(ret); 1290} 1291 1292/* This is for pid exclusion in the trace buffer */ 1293int 1294kdbg_setpidex(kd_regtype *kdr) 1295{ 1296 pid_t pid; 1297 int flag, ret=0; 1298 struct proc *p; 1299 1300 pid = (pid_t)kdr->value1; 1301 flag = (int)kdr->value2; 1302 1303 if (pid > 0) { 1304 if ((p = proc_find(pid)) == NULL) 1305 ret = ESRCH; 1306 else { 1307 if (flag == 1) { 1308 /* 1309 * turn on pid exclusion 1310 */ 1311 kd_ctrl_page.kdebug_flags |= KDBG_PIDEXCLUDE; 1312 kd_ctrl_page.kdebug_flags &= ~KDBG_PIDCHECK; 1313 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1314 1315 p->p_kdebug = 1; 1316 } 1317 else { 1318 /* 1319 * turn off pid exclusion for this pid value 1320 * Don't turn off all pid exclusion though 1321 * 1322 * kd_ctrl_page.kdebug_flags &= ~KDBG_PIDEXCLUDE; 1323 */ 1324 p->p_kdebug = 0; 1325 } 1326 proc_rele(p); 1327 } 1328 } else 1329 ret = EINVAL; 1330 1331 return(ret); 1332} 1333 1334 1335/* 1336 * This is for setting a maximum decrementer value 1337 */ 1338int 1339kdbg_setrtcdec(kd_regtype *kdr) 1340{ 1341 int ret = 0; 1342 natural_t decval; 1343 1344 decval = (natural_t)kdr->value1; 1345 1346 if (decval && decval < KDBG_MINRTCDEC) 1347 ret = EINVAL; 1348 else 1349 ret = ENOTSUP; 1350 1351 return(ret); 1352} 1353 1354int 1355kdbg_enable_typefilter(void) 1356{ 1357 if (kd_ctrl_page.kdebug_flags & KDBG_TYPEFILTER_CHECK) { 1358 /* free the old filter */ 1359 kdbg_disable_typefilter(); 1360 } 1361 1362 if (kmem_alloc(kernel_map, (vm_offset_t *)&type_filter_bitmap, KDBG_TYPEFILTER_BITMAP_SIZE) != KERN_SUCCESS) { 1363 return ENOSPC; 1364 } 1365 1366 bzero(type_filter_bitmap, KDBG_TYPEFILTER_BITMAP_SIZE); 1367 1368 /* Turn off range and value checks */ 1369 kd_ctrl_page.kdebug_flags &= ~(KDBG_RANGECHECK | KDBG_VALCHECK); 1370 1371 /* Enable filter checking */ 1372 kd_ctrl_page.kdebug_flags |= KDBG_TYPEFILTER_CHECK; 1373 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1374 return 0; 1375} 1376 1377int 1378kdbg_disable_typefilter(void) 1379{ 1380 /* Disable filter checking */ 1381 kd_ctrl_page.kdebug_flags &= ~KDBG_TYPEFILTER_CHECK; 1382 1383 /* Turn off slow checks unless pid checks are using them */ 1384 if ( (kd_ctrl_page.kdebug_flags & (KDBG_PIDCHECK | KDBG_PIDEXCLUDE)) ) 1385 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1386 else 1387 kdbg_set_flags(SLOW_CHECKS, 0, FALSE); 1388 1389 if(type_filter_bitmap == NULL) 1390 return 0; 1391 1392 vm_offset_t old_bitmap = (vm_offset_t)type_filter_bitmap; 1393 type_filter_bitmap = NULL; 1394 1395 kmem_free(kernel_map, old_bitmap, KDBG_TYPEFILTER_BITMAP_SIZE); 1396 return 0; 1397} 1398 1399int 1400kdbg_setreg(kd_regtype * kdr) 1401{ 1402 int ret=0; 1403 unsigned int val_1, val_2, val; 1404 1405 kdlog_sched_events = 0; 1406 1407 switch (kdr->type) { 1408 1409 case KDBG_CLASSTYPE : 1410 val_1 = (kdr->value1 & 0xff); 1411 val_2 = (kdr->value2 & 0xff); 1412 1413 if (val_1 == DBG_FSYSTEM && val_2 == (DBG_FSYSTEM + 1)) 1414 kdlog_sched_events = 1; 1415 1416 kdlog_beg = (val_1<<24); 1417 kdlog_end = (val_2<<24); 1418 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1419 kd_ctrl_page.kdebug_flags &= ~KDBG_VALCHECK; /* Turn off specific value check */ 1420 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_CLASSTYPE); 1421 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1422 break; 1423 case KDBG_SUBCLSTYPE : 1424 val_1 = (kdr->value1 & 0xff); 1425 val_2 = (kdr->value2 & 0xff); 1426 val = val_2 + 1; 1427 kdlog_beg = ((val_1<<24) | (val_2 << 16)); 1428 kdlog_end = ((val_1<<24) | (val << 16)); 1429 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1430 kd_ctrl_page.kdebug_flags &= ~KDBG_VALCHECK; /* Turn off specific value check */ 1431 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_SUBCLSTYPE); 1432 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1433 break; 1434 case KDBG_RANGETYPE : 1435 kdlog_beg = (kdr->value1); 1436 kdlog_end = (kdr->value2); 1437 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1438 kd_ctrl_page.kdebug_flags &= ~KDBG_VALCHECK; /* Turn off specific value check */ 1439 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_RANGETYPE); 1440 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1441 break; 1442 case KDBG_VALCHECK: 1443 kdlog_value1 = (kdr->value1); 1444 kdlog_value2 = (kdr->value2); 1445 kdlog_value3 = (kdr->value3); 1446 kdlog_value4 = (kdr->value4); 1447 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1448 kd_ctrl_page.kdebug_flags &= ~KDBG_RANGECHECK; /* Turn off range check */ 1449 kd_ctrl_page.kdebug_flags |= KDBG_VALCHECK; /* Turn on specific value check */ 1450 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1451 break; 1452 case KDBG_TYPENONE : 1453 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1454 1455 if ( (kd_ctrl_page.kdebug_flags & (KDBG_RANGECHECK | KDBG_VALCHECK | 1456 KDBG_PIDCHECK | KDBG_PIDEXCLUDE | 1457 KDBG_TYPEFILTER_CHECK)) ) 1458 kdbg_set_flags(SLOW_CHECKS, 0, TRUE); 1459 else 1460 kdbg_set_flags(SLOW_CHECKS, 0, FALSE); 1461 1462 kdlog_beg = 0; 1463 kdlog_end = 0; 1464 break; 1465 default : 1466 ret = EINVAL; 1467 break; 1468 } 1469 return(ret); 1470} 1471 1472int 1473kdbg_getreg(__unused kd_regtype * kdr) 1474{ 1475#if 0 1476 int i,j, ret=0; 1477 unsigned int val_1, val_2, val; 1478 1479 switch (kdr->type) { 1480 case KDBG_CLASSTYPE : 1481 val_1 = (kdr->value1 & 0xff); 1482 val_2 = val_1 + 1; 1483 kdlog_beg = (val_1<<24); 1484 kdlog_end = (val_2<<24); 1485 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1486 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_CLASSTYPE); 1487 break; 1488 case KDBG_SUBCLSTYPE : 1489 val_1 = (kdr->value1 & 0xff); 1490 val_2 = (kdr->value2 & 0xff); 1491 val = val_2 + 1; 1492 kdlog_beg = ((val_1<<24) | (val_2 << 16)); 1493 kdlog_end = ((val_1<<24) | (val << 16)); 1494 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1495 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_SUBCLSTYPE); 1496 break; 1497 case KDBG_RANGETYPE : 1498 kdlog_beg = (kdr->value1); 1499 kdlog_end = (kdr->value2); 1500 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1501 kd_ctrl_page.kdebug_flags |= (KDBG_RANGECHECK | KDBG_RANGETYPE); 1502 break; 1503 case KDBG_TYPENONE : 1504 kd_ctrl_page.kdebug_flags &= (unsigned int)~KDBG_CKTYPES; 1505 kdlog_beg = 0; 1506 kdlog_end = 0; 1507 break; 1508 default : 1509 ret = EINVAL; 1510 break; 1511 } 1512#endif /* 0 */ 1513 return(EINVAL); 1514} 1515 1516 1517int 1518kdbg_readmap(user_addr_t buffer, size_t *number, vnode_t vp, vfs_context_t ctx) 1519{ 1520 int avail = *number; 1521 int ret = 0; 1522 uint32_t count = 0; 1523 1524 count = avail/sizeof (kd_threadmap); 1525 1526 if (count && (count <= kd_mapcount)) 1527 { 1528 if ((kd_ctrl_page.kdebug_flags & KDBG_MAPINIT) && kd_mapsize && kd_mapptr) 1529 { 1530 if (*number < kd_mapsize) 1531 ret = EINVAL; 1532 else 1533 { 1534 if (vp) 1535 { 1536 RAW_header header; 1537 clock_sec_t secs; 1538 clock_usec_t usecs; 1539 char *pad_buf; 1540 int pad_size; 1541 1542 header.version_no = RAW_VERSION1; 1543 header.thread_count = count; 1544 1545 clock_get_calendar_microtime(&secs, &usecs); 1546 header.TOD_secs = secs; 1547 header.TOD_usecs = usecs; 1548 1549 ret = vn_rdwr(UIO_WRITE, vp, (caddr_t)&header, sizeof(RAW_header), RAW_file_offset, 1550 UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx)); 1551 if (ret) 1552 goto write_error; 1553 RAW_file_offset += sizeof(RAW_header); 1554 1555 ret = vn_rdwr(UIO_WRITE, vp, (caddr_t)kd_mapptr, kd_mapsize, RAW_file_offset, 1556 UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx)); 1557 if (ret) 1558 goto write_error; 1559 RAW_file_offset += kd_mapsize; 1560 1561 pad_size = PAGE_SIZE - (RAW_file_offset & PAGE_MASK_64); 1562 1563 if (pad_size) 1564 { 1565 pad_buf = (char *)kalloc(pad_size); 1566 memset(pad_buf, 0, pad_size); 1567 1568 ret = vn_rdwr(UIO_WRITE, vp, (caddr_t)pad_buf, pad_size, RAW_file_offset, 1569 UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx)); 1570 kfree(pad_buf, pad_size); 1571 1572 if (ret) 1573 goto write_error; 1574 RAW_file_offset += pad_size; 1575 } 1576 RAW_file_written += sizeof(RAW_header) + kd_mapsize + pad_size; 1577 1578 } else { 1579 if (copyout(kd_mapptr, buffer, kd_mapsize)) 1580 ret = EINVAL; 1581 } 1582 } 1583 } 1584 else 1585 ret = EINVAL; 1586 } 1587 else 1588 ret = EINVAL; 1589 1590 if (ret && vp) 1591 { 1592 count = 0; 1593 1594 vn_rdwr(UIO_WRITE, vp, (caddr_t)&count, sizeof(uint32_t), RAW_file_offset, 1595 UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx)); 1596 RAW_file_offset += sizeof(uint32_t); 1597 RAW_file_written += sizeof(uint32_t); 1598 } 1599write_error: 1600 if ((kd_ctrl_page.kdebug_flags & KDBG_MAPINIT) && kd_mapsize && kd_mapptr) 1601 { 1602 kmem_free(kernel_map, (vm_offset_t)kd_mapptr, kd_mapsize); 1603 kd_ctrl_page.kdebug_flags &= ~KDBG_MAPINIT; 1604 kd_mapsize = 0; 1605 kd_mapptr = (kd_threadmap *) 0; 1606 kd_mapcount = 0; 1607 } 1608 return(ret); 1609} 1610 1611int 1612kdbg_getentropy (user_addr_t buffer, size_t *number, int ms_timeout) 1613{ 1614 int avail = *number; 1615 int ret = 0; 1616 int s; 1617 u_int64_t abstime; 1618 u_int64_t ns; 1619 int wait_result = THREAD_AWAKENED; 1620 1621 1622 if (kd_entropy_buffer) 1623 return(EBUSY); 1624 1625 if (ms_timeout < 0) 1626 return(EINVAL); 1627 1628 kd_entropy_count = avail/sizeof(uint64_t); 1629 1630 if (kd_entropy_count > MAX_ENTROPY_COUNT || kd_entropy_count == 0) { 1631 /* 1632 * Enforce maximum entropy entries 1633 */ 1634 return(EINVAL); 1635 } 1636 kd_entropy_bufsize = kd_entropy_count * sizeof(uint64_t); 1637 1638 /* 1639 * allocate entropy buffer 1640 */ 1641 if (kmem_alloc(kernel_map, &kd_entropy_buftomem, (vm_size_t)kd_entropy_bufsize) == KERN_SUCCESS) { 1642 kd_entropy_buffer = (uint64_t *) kd_entropy_buftomem; 1643 } else { 1644 kd_entropy_buffer = (uint64_t *) 0; 1645 kd_entropy_count = 0; 1646 1647 return (ENOMEM); 1648 } 1649 kd_entropy_indx = 0; 1650 1651 KERNEL_DEBUG_CONSTANT(0xbbbbf000 | DBG_FUNC_START, ms_timeout, kd_entropy_count, 0, 0, 0); 1652 1653 /* 1654 * Enable entropy sampling 1655 */ 1656 kdbg_set_flags(SLOW_ENTROPY, KDEBUG_ENABLE_ENTROPY, TRUE); 1657 1658 if (ms_timeout) { 1659 ns = (u_int64_t)ms_timeout * (u_int64_t)(1000 * 1000); 1660 nanoseconds_to_absolutetime(ns, &abstime ); 1661 clock_absolutetime_interval_to_deadline( abstime, &abstime ); 1662 } else 1663 abstime = 0; 1664 1665 s = ml_set_interrupts_enabled(FALSE); 1666 lck_spin_lock(kdw_spin_lock); 1667 1668 while (wait_result == THREAD_AWAKENED && kd_entropy_indx < kd_entropy_count) { 1669 1670 kde_waiter = 1; 1671 1672 if (abstime) { 1673 /* 1674 * wait for the specified timeout or 1675 * until we've hit our sample limit 1676 */ 1677 wait_result = lck_spin_sleep_deadline(kdw_spin_lock, 0, &kde_waiter, THREAD_ABORTSAFE, abstime); 1678 } else { 1679 /* 1680 * wait until we've hit our sample limit 1681 */ 1682 wait_result = lck_spin_sleep(kdw_spin_lock, 0, &kde_waiter, THREAD_ABORTSAFE); 1683 } 1684 kde_waiter = 0; 1685 } 1686 lck_spin_unlock(kdw_spin_lock); 1687 ml_set_interrupts_enabled(s); 1688 1689 /* 1690 * Disable entropy sampling 1691 */ 1692 kdbg_set_flags(SLOW_ENTROPY, KDEBUG_ENABLE_ENTROPY, FALSE); 1693 1694 KERNEL_DEBUG_CONSTANT(0xbbbbf000 | DBG_FUNC_END, ms_timeout, kd_entropy_indx, 0, 0, 0); 1695 1696 *number = 0; 1697 ret = 0; 1698 1699 if (kd_entropy_indx > 0) { 1700 /* 1701 * copyout the buffer 1702 */ 1703 if (copyout(kd_entropy_buffer, buffer, kd_entropy_indx * sizeof(uint64_t))) 1704 ret = EINVAL; 1705 else 1706 *number = kd_entropy_indx * sizeof(uint64_t); 1707 } 1708 /* 1709 * Always cleanup 1710 */ 1711 kd_entropy_count = 0; 1712 kd_entropy_indx = 0; 1713 kd_entropy_buftomem = 0; 1714 kmem_free(kernel_map, (vm_offset_t)kd_entropy_buffer, kd_entropy_bufsize); 1715 kd_entropy_buffer = (uint64_t *) 0; 1716 1717 return(ret); 1718} 1719 1720 1721static int 1722kdbg_set_nkdbufs(unsigned int value) 1723{ 1724 /* 1725 * We allow a maximum buffer size of 50% of either ram or max mapped address, whichever is smaller 1726 * 'value' is the desired number of trace entries 1727 */ 1728 unsigned int max_entries = (sane_size/2) / sizeof(kd_buf); 1729 1730 if (value <= max_entries) 1731 return (value); 1732 else 1733 return (max_entries); 1734} 1735 1736 1737static void 1738kdbg_enable_bg_trace(void) 1739{ 1740 if (kdlog_bg_trace == TRUE && kdlog_bg_trace_running == FALSE && n_storage_buffers == 0) { 1741 nkdbufs = bg_nkdbufs; 1742 kdbg_reinit(FALSE); 1743 kdbg_set_tracing_enabled(TRUE, KDEBUG_ENABLE_TRACE); 1744 kdlog_bg_trace_running = TRUE; 1745 } 1746} 1747 1748static void 1749kdbg_disable_bg_trace(void) 1750{ 1751 if (kdlog_bg_trace_running == TRUE) { 1752 kdlog_bg_trace_running = FALSE; 1753 kdbg_clear(); 1754 } 1755} 1756 1757 1758 1759/* 1760 * This function is provided for the CHUD toolkit only. 1761 * int val: 1762 * zero disables kdebug_chudhook function call 1763 * non-zero enables kdebug_chudhook function call 1764 * char *fn: 1765 * address of the enabled kdebug_chudhook function 1766*/ 1767 1768void 1769kdbg_control_chud(int val, void *fn) 1770{ 1771 kdbg_lock_init(); 1772 1773 if (val) { 1774 /* enable chudhook */ 1775 kdebug_chudhook = fn; 1776 kdbg_set_flags(SLOW_CHUD, KDEBUG_ENABLE_CHUD, TRUE); 1777 } 1778 else { 1779 /* disable chudhook */ 1780 kdbg_set_flags(SLOW_CHUD, KDEBUG_ENABLE_CHUD, FALSE); 1781 kdebug_chudhook = 0; 1782 } 1783} 1784 1785 1786int 1787kdbg_control(int *name, u_int namelen, user_addr_t where, size_t *sizep) 1788{ 1789 int ret = 0; 1790 size_t size = *sizep; 1791 unsigned int value = 0; 1792 kd_regtype kd_Reg; 1793 kbufinfo_t kd_bufinfo; 1794 pid_t curpid; 1795 proc_t p, curproc; 1796 1797 if (name[0] == KERN_KDGETENTROPY || 1798 name[0] == KERN_KDWRITETR || 1799 name[0] == KERN_KDWRITEMAP || 1800 name[0] == KERN_KDEFLAGS || 1801 name[0] == KERN_KDDFLAGS || 1802 name[0] == KERN_KDENABLE || 1803 name[0] == KERN_KDENABLE_BG_TRACE || 1804 name[0] == KERN_KDSETBUF) { 1805 1806 if ( namelen < 2 ) 1807 return(EINVAL); 1808 value = name[1]; 1809 } 1810 1811 kdbg_lock_init(); 1812 1813 if ( !(kd_ctrl_page.kdebug_flags & KDBG_LOCKINIT)) 1814 return(ENOSPC); 1815 1816 lck_mtx_lock(kd_trace_mtx_sysctl); 1817 1818 switch(name[0]) { 1819 1820 case KERN_KDGETBUF: 1821 /* 1822 * Does not alter the global_state_pid 1823 * This is a passive request. 1824 */ 1825 if (size < sizeof(kd_bufinfo.nkdbufs)) { 1826 /* 1827 * There is not enough room to return even 1828 * the first element of the info structure. 1829 */ 1830 ret = EINVAL; 1831 goto out; 1832 } 1833 kd_bufinfo.nkdbufs = nkdbufs; 1834 kd_bufinfo.nkdthreads = kd_mapsize / sizeof(kd_threadmap); 1835 1836 if ( (kd_ctrl_page.kdebug_slowcheck & SLOW_NOLOG) ) 1837 kd_bufinfo.nolog = 1; 1838 else 1839 kd_bufinfo.nolog = 0; 1840 1841 kd_bufinfo.flags = kd_ctrl_page.kdebug_flags; 1842#if defined(__LP64__) 1843 kd_bufinfo.flags |= KDBG_LP64; 1844#endif 1845 kd_bufinfo.bufid = global_state_pid; 1846 1847 if (size >= sizeof(kd_bufinfo)) { 1848 /* 1849 * Provide all the info we have 1850 */ 1851 if (copyout(&kd_bufinfo, where, sizeof(kd_bufinfo))) 1852 ret = EINVAL; 1853 } else { 1854 /* 1855 * For backwards compatibility, only provide 1856 * as much info as there is room for. 1857 */ 1858 if (copyout(&kd_bufinfo, where, size)) 1859 ret = EINVAL; 1860 } 1861 goto out; 1862 break; 1863 1864 case KERN_KDGETENTROPY: 1865 if (kd_entropy_buffer) 1866 ret = EBUSY; 1867 else 1868 ret = kdbg_getentropy(where, sizep, value); 1869 goto out; 1870 break; 1871 1872 case KERN_KDENABLE_BG_TRACE: 1873 bg_nkdbufs = kdbg_set_nkdbufs(value); 1874 kdlog_bg_trace = TRUE; 1875 kdbg_enable_bg_trace(); 1876 goto out; 1877 break; 1878 1879 case KERN_KDDISABLE_BG_TRACE: 1880 kdlog_bg_trace = FALSE; 1881 kdbg_disable_bg_trace(); 1882 goto out; 1883 break; 1884 } 1885 1886 if ((curproc = current_proc()) != NULL) 1887 curpid = curproc->p_pid; 1888 else { 1889 ret = ESRCH; 1890 goto out; 1891 } 1892 if (global_state_pid == -1) 1893 global_state_pid = curpid; 1894 else if (global_state_pid != curpid) { 1895 if ((p = proc_find(global_state_pid)) == NULL) { 1896 /* 1897 * The global pid no longer exists 1898 */ 1899 global_state_pid = curpid; 1900 } else { 1901 /* 1902 * The global pid exists, deny this request 1903 */ 1904 proc_rele(p); 1905 1906 ret = EBUSY; 1907 goto out; 1908 } 1909 } 1910 1911 switch(name[0]) { 1912 case KERN_KDEFLAGS: 1913 kdbg_disable_bg_trace(); 1914 1915 value &= KDBG_USERFLAGS; 1916 kd_ctrl_page.kdebug_flags |= value; 1917 break; 1918 case KERN_KDDFLAGS: 1919 kdbg_disable_bg_trace(); 1920 1921 value &= KDBG_USERFLAGS; 1922 kd_ctrl_page.kdebug_flags &= ~value; 1923 break; 1924 case KERN_KDENABLE: 1925 /* 1926 * Enable tracing mechanism. Two types: 1927 * KDEBUG_TRACE is the standard one, 1928 * and KDEBUG_PPT which is a carefully 1929 * chosen subset to avoid performance impact. 1930 */ 1931 if (value) { 1932 /* 1933 * enable only if buffer is initialized 1934 */ 1935 if (!(kd_ctrl_page.kdebug_flags & KDBG_BUFINIT) || 1936 !(value == KDEBUG_ENABLE_TRACE || value == KDEBUG_ENABLE_PPT)) { 1937 ret = EINVAL; 1938 break; 1939 } 1940 kdbg_mapinit(); 1941 1942 kdbg_set_tracing_enabled(TRUE, value); 1943 } 1944 else 1945 { 1946 kdbg_set_tracing_enabled(FALSE, 0); 1947 } 1948 break; 1949 case KERN_KDSETBUF: 1950 kdbg_disable_bg_trace(); 1951 1952 nkdbufs = kdbg_set_nkdbufs(value); 1953 break; 1954 case KERN_KDSETUP: 1955 kdbg_disable_bg_trace(); 1956 1957 ret = kdbg_reinit(FALSE); 1958 break; 1959 case KERN_KDREMOVE: 1960 kdbg_clear(); 1961 kdbg_enable_bg_trace(); 1962 break; 1963 case KERN_KDSETREG: 1964 if(size < sizeof(kd_regtype)) { 1965 ret = EINVAL; 1966 break; 1967 } 1968 if (copyin(where, &kd_Reg, sizeof(kd_regtype))) { 1969 ret = EINVAL; 1970 break; 1971 } 1972 kdbg_disable_bg_trace(); 1973 1974 ret = kdbg_setreg(&kd_Reg); 1975 break; 1976 case KERN_KDGETREG: 1977 if (size < sizeof(kd_regtype)) { 1978 ret = EINVAL; 1979 break; 1980 } 1981 ret = kdbg_getreg(&kd_Reg); 1982 if (copyout(&kd_Reg, where, sizeof(kd_regtype))) { 1983 ret = EINVAL; 1984 } 1985 kdbg_disable_bg_trace(); 1986 1987 break; 1988 case KERN_KDREADTR: 1989 ret = kdbg_read(where, sizep, NULL, NULL); 1990 break; 1991 case KERN_KDWRITETR: 1992 case KERN_KDWRITEMAP: 1993 { 1994 struct vfs_context context; 1995 struct fileproc *fp; 1996 size_t number; 1997 vnode_t vp; 1998 int fd; 1999 2000 kdbg_disable_bg_trace(); 2001 2002 if (name[0] == KERN_KDWRITETR) { 2003 int s; 2004 int wait_result = THREAD_AWAKENED; 2005 u_int64_t abstime; 2006 u_int64_t ns; 2007 2008 if (*sizep) { 2009 ns = ((u_int64_t)*sizep) * (u_int64_t)(1000 * 1000); 2010 nanoseconds_to_absolutetime(ns, &abstime ); 2011 clock_absolutetime_interval_to_deadline( abstime, &abstime ); 2012 } else 2013 abstime = 0; 2014 2015 s = ml_set_interrupts_enabled(FALSE); 2016 lck_spin_lock(kdw_spin_lock); 2017 2018 while (wait_result == THREAD_AWAKENED && kd_ctrl_page.kds_inuse_count < n_storage_threshold) { 2019 2020 kds_waiter = 1; 2021 2022 if (abstime) 2023 wait_result = lck_spin_sleep_deadline(kdw_spin_lock, 0, &kds_waiter, THREAD_ABORTSAFE, abstime); 2024 else 2025 wait_result = lck_spin_sleep(kdw_spin_lock, 0, &kds_waiter, THREAD_ABORTSAFE); 2026 2027 kds_waiter = 0; 2028 } 2029 lck_spin_unlock(kdw_spin_lock); 2030 ml_set_interrupts_enabled(s); 2031 } 2032 p = current_proc(); 2033 fd = value; 2034 2035 proc_fdlock(p); 2036 if ( (ret = fp_lookup(p, fd, &fp, 1)) ) { 2037 proc_fdunlock(p); 2038 break; 2039 } 2040 context.vc_thread = current_thread(); 2041 context.vc_ucred = fp->f_fglob->fg_cred; 2042 2043 if (fp->f_fglob->fg_type != DTYPE_VNODE) { 2044 fp_drop(p, fd, fp, 1); 2045 proc_fdunlock(p); 2046 2047 ret = EBADF; 2048 break; 2049 } 2050 vp = (struct vnode *)fp->f_fglob->fg_data; 2051 proc_fdunlock(p); 2052 2053 if ((ret = vnode_getwithref(vp)) == 0) { 2054 2055 if (name[0] == KERN_KDWRITETR) { 2056 number = nkdbufs * sizeof(kd_buf); 2057 2058 KERNEL_DEBUG_CONSTANT((TRACEDBG_CODE(DBG_TRACE_INFO, 3)) | DBG_FUNC_START, 0, 0, 0, 0, 0); 2059 ret = kdbg_read(0, &number, vp, &context); 2060 KERNEL_DEBUG_CONSTANT((TRACEDBG_CODE(DBG_TRACE_INFO, 3)) | DBG_FUNC_END, number, 0, 0, 0, 0); 2061 2062 *sizep = number; 2063 } else { 2064 number = kd_mapsize; 2065 kdbg_readmap(0, &number, vp, &context); 2066 } 2067 vnode_put(vp); 2068 } 2069 fp_drop(p, fd, fp, 0); 2070 2071 break; 2072 } 2073 case KERN_KDPIDTR: 2074 if (size < sizeof(kd_regtype)) { 2075 ret = EINVAL; 2076 break; 2077 } 2078 if (copyin(where, &kd_Reg, sizeof(kd_regtype))) { 2079 ret = EINVAL; 2080 break; 2081 } 2082 kdbg_disable_bg_trace(); 2083 2084 ret = kdbg_setpid(&kd_Reg); 2085 break; 2086 case KERN_KDPIDEX: 2087 if (size < sizeof(kd_regtype)) { 2088 ret = EINVAL; 2089 break; 2090 } 2091 if (copyin(where, &kd_Reg, sizeof(kd_regtype))) { 2092 ret = EINVAL; 2093 break; 2094 } 2095 kdbg_disable_bg_trace(); 2096 2097 ret = kdbg_setpidex(&kd_Reg); 2098 break; 2099 case KERN_KDTHRMAP: 2100 ret = kdbg_readmap(where, sizep, NULL, NULL); 2101 break; 2102 case KERN_KDSETRTCDEC: 2103 if (size < sizeof(kd_regtype)) { 2104 ret = EINVAL; 2105 break; 2106 } 2107 if (copyin(where, &kd_Reg, sizeof(kd_regtype))) { 2108 ret = EINVAL; 2109 break; 2110 } 2111 kdbg_disable_bg_trace(); 2112 2113 ret = kdbg_setrtcdec(&kd_Reg); 2114 break; 2115 case KERN_KDSET_TYPEFILTER: 2116 kdbg_disable_bg_trace(); 2117 2118 if ((kd_ctrl_page.kdebug_flags & KDBG_TYPEFILTER_CHECK) == 0){ 2119 if ((ret = kdbg_enable_typefilter())) 2120 break; 2121 } 2122 2123 if (size != KDBG_TYPEFILTER_BITMAP_SIZE) { 2124 ret = EINVAL; 2125 break; 2126 } 2127 2128 if (copyin(where, type_filter_bitmap, KDBG_TYPEFILTER_BITMAP_SIZE)) { 2129 ret = EINVAL; 2130 break; 2131 } 2132 break; 2133 default: 2134 ret = EINVAL; 2135 } 2136out: 2137 lck_mtx_unlock(kd_trace_mtx_sysctl); 2138 2139 return(ret); 2140} 2141 2142 2143/* 2144 * This code can run for the most part concurrently with kernel_debug_internal()... 2145 * 'release_storage_unit' will take the kds_spin_lock which may cause us to briefly 2146 * synchronize with the recording side of this puzzle... otherwise, we are able to 2147 * move through the lists w/o use of any locks 2148 */ 2149int 2150kdbg_read(user_addr_t buffer, size_t *number, vnode_t vp, vfs_context_t ctx) 2151{ 2152 unsigned int count; 2153 unsigned int cpu, min_cpu; 2154 uint64_t mintime, t; 2155 int error = 0; 2156 kd_buf *tempbuf; 2157 uint32_t rcursor; 2158 kd_buf lostevent; 2159 union kds_ptr kdsp; 2160 struct kd_storage *kdsp_actual; 2161 struct kd_bufinfo *kdbp; 2162 struct kd_bufinfo *min_kdbp; 2163 uint32_t tempbuf_count; 2164 uint32_t tempbuf_number; 2165 uint32_t old_kdebug_flags; 2166 uint32_t old_kdebug_slowcheck; 2167 boolean_t lostevents = FALSE; 2168 boolean_t out_of_events = FALSE; 2169 2170 count = *number/sizeof(kd_buf); 2171 *number = 0; 2172 2173 if (count == 0 || !(kd_ctrl_page.kdebug_flags & KDBG_BUFINIT) || kdcopybuf == 0) 2174 return EINVAL; 2175 2176 memset(&lostevent, 0, sizeof(lostevent)); 2177 lostevent.debugid = TRACEDBG_CODE(DBG_TRACE_INFO, 2); 2178 2179 /* 2180 * because we hold kd_trace_mtx_sysctl, no other control threads can 2181 * be playing with kdebug_flags... the code that cuts new events could 2182 * be running, but it grabs kds_spin_lock if it needs to acquire a new 2183 * storage chunk which is where it examines kdebug_flags... it its adding 2184 * to the same chunk we're reading from, no problem... 2185 */ 2186 2187 disable_wrap(&old_kdebug_slowcheck, &old_kdebug_flags); 2188 2189 if (count > nkdbufs) 2190 count = nkdbufs; 2191 2192 if ((tempbuf_count = count) > KDCOPYBUF_COUNT) 2193 tempbuf_count = KDCOPYBUF_COUNT; 2194 2195 while (count) { 2196 tempbuf = kdcopybuf; 2197 tempbuf_number = 0; 2198 2199 // While space 2200 while (tempbuf_count) { 2201 mintime = 0xffffffffffffffffULL; 2202 min_kdbp = NULL; 2203 min_cpu = 0; 2204 2205 // Check all CPUs 2206 for (cpu = 0, kdbp = &kdbip[0]; cpu < kd_cpus; cpu++, kdbp++) { 2207 2208 // Find one with raw data 2209 if ((kdsp = kdbp->kd_list_head).raw == KDS_PTR_NULL) 2210 continue; 2211 2212 // Get from cpu data to buffer header to buffer 2213 kdsp_actual = POINTER_FROM_KDS_PTR(kdsp); 2214 2215 // See if there are actual data left in this buffer 2216 rcursor = kdsp_actual->kds_readlast; 2217 2218 if (rcursor == kdsp_actual->kds_bufindx) 2219 continue; 2220 2221 t = kdbg_get_timestamp(&kdsp_actual->kds_records[rcursor]); 2222 2223 if (t < kdsp_actual->kds_timestamp) { 2224 /* 2225 * indicates we've not yet completed filling 2226 * in this event... 2227 * this should only occur when we're looking 2228 * at the buf that the record head is utilizing 2229 * we'll pick these events up on the next 2230 * call to kdbg_read 2231 * we bail at this point so that we don't 2232 * get an out-of-order timestream by continuing 2233 * to read events from the other CPUs' timestream(s) 2234 */ 2235 out_of_events = TRUE; 2236 break; 2237 } 2238 if (t < mintime) { 2239 mintime = t; 2240 min_kdbp = kdbp; 2241 min_cpu = cpu; 2242 } 2243 } 2244 if (min_kdbp == NULL || out_of_events == TRUE) { 2245 /* 2246 * all buffers ran empty 2247 */ 2248 out_of_events = TRUE; 2249 break; 2250 } 2251 2252 // Get data 2253 kdsp = min_kdbp->kd_list_head; 2254 kdsp_actual = POINTER_FROM_KDS_PTR(kdsp); 2255 2256 if (kdsp_actual->kds_lostevents == TRUE) { 2257 kdbg_set_timestamp_and_cpu(&lostevent, kdsp_actual->kds_records[kdsp_actual->kds_readlast].timestamp, min_cpu); 2258 *tempbuf = lostevent; 2259 2260 kdsp_actual->kds_lostevents = FALSE; 2261 lostevents = TRUE; 2262 2263 goto nextevent; 2264 } 2265 2266 // Copy into buffer 2267 *tempbuf = kdsp_actual->kds_records[kdsp_actual->kds_readlast++]; 2268 2269 if (kdsp_actual->kds_readlast == EVENTS_PER_STORAGE_UNIT) 2270 release_storage_unit(min_cpu, kdsp.raw); 2271 2272 /* 2273 * Watch for out of order timestamps 2274 */ 2275 if (mintime < min_kdbp->kd_prev_timebase) { 2276 /* 2277 * if so, use the previous timestamp + 1 cycle 2278 */ 2279 min_kdbp->kd_prev_timebase++; 2280 kdbg_set_timestamp_and_cpu(tempbuf, min_kdbp->kd_prev_timebase, kdbg_get_cpu(tempbuf)); 2281 } else 2282 min_kdbp->kd_prev_timebase = mintime; 2283nextevent: 2284 tempbuf_count--; 2285 tempbuf_number++; 2286 tempbuf++; 2287 2288 if ((RAW_file_written += sizeof(kd_buf)) >= RAW_FLUSH_SIZE) 2289 break; 2290 } 2291 if (tempbuf_number) { 2292 2293 if (vp) { 2294 error = vn_rdwr(UIO_WRITE, vp, (caddr_t)kdcopybuf, tempbuf_number * sizeof(kd_buf), RAW_file_offset, 2295 UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx)); 2296 2297 RAW_file_offset += (tempbuf_number * sizeof(kd_buf)); 2298 2299 if (RAW_file_written >= RAW_FLUSH_SIZE) { 2300 cluster_push(vp, 0); 2301 2302 RAW_file_written = 0; 2303 } 2304 } else { 2305 error = copyout(kdcopybuf, buffer, tempbuf_number * sizeof(kd_buf)); 2306 buffer += (tempbuf_number * sizeof(kd_buf)); 2307 } 2308 if (error) { 2309 *number = 0; 2310 error = EINVAL; 2311 break; 2312 } 2313 count -= tempbuf_number; 2314 *number += tempbuf_number; 2315 } 2316 if (out_of_events == TRUE) 2317 /* 2318 * all trace buffers are empty 2319 */ 2320 break; 2321 2322 if ((tempbuf_count = count) > KDCOPYBUF_COUNT) 2323 tempbuf_count = KDCOPYBUF_COUNT; 2324 } 2325 if ( !(old_kdebug_flags & KDBG_NOWRAP)) { 2326 enable_wrap(old_kdebug_slowcheck, lostevents); 2327 } 2328 return (error); 2329} 2330 2331 2332unsigned char *getProcName(struct proc *proc); 2333unsigned char *getProcName(struct proc *proc) { 2334 2335 return (unsigned char *) &proc->p_comm; /* Return pointer to the proc name */ 2336 2337} 2338 2339#define STACKSHOT_SUBSYS_LOCK() lck_mtx_lock(&stackshot_subsys_mutex) 2340#define STACKSHOT_SUBSYS_UNLOCK() lck_mtx_unlock(&stackshot_subsys_mutex) 2341#if defined(__i386__) || defined (__x86_64__) 2342#define TRAP_DEBUGGER __asm__ volatile("int3"); 2343#elif defined(__arm__) 2344#define TRAP_DEBUGGER __asm__ volatile("bkpt #0"); 2345#endif 2346 2347#define SANE_TRACEBUF_SIZE (8 * 1024 * 1024) 2348 2349/* Initialize the mutex governing access to the stack snapshot subsystem */ 2350__private_extern__ void 2351stackshot_lock_init( void ) 2352{ 2353 stackshot_subsys_lck_grp_attr = lck_grp_attr_alloc_init(); 2354 2355 stackshot_subsys_lck_grp = lck_grp_alloc_init("stackshot_subsys_lock", stackshot_subsys_lck_grp_attr); 2356 2357 stackshot_subsys_lck_attr = lck_attr_alloc_init(); 2358 2359 lck_mtx_init(&stackshot_subsys_mutex, stackshot_subsys_lck_grp, stackshot_subsys_lck_attr); 2360} 2361 2362/* 2363 * stack_snapshot: Obtains a coherent set of stack traces for all threads 2364 * on the system, tracing both kernel and user stacks 2365 * where available. Uses machine specific trace routines 2366 * for ppc, ppc64 and x86. 2367 * Inputs: uap->pid - process id of process to be traced, or -1 2368 * for the entire system 2369 * uap->tracebuf - address of the user space destination 2370 * buffer 2371 * uap->tracebuf_size - size of the user space trace buffer 2372 * uap->options - various options, including the maximum 2373 * number of frames to trace. 2374 * Outputs: EPERM if the caller is not privileged 2375 * EINVAL if the supplied trace buffer isn't sanely sized 2376 * ENOMEM if we don't have enough memory to satisfy the 2377 * request 2378 * ENOENT if the target pid isn't found 2379 * ENOSPC if the supplied buffer is insufficient 2380 * *retval contains the number of bytes traced, if successful 2381 * and -1 otherwise. If the request failed due to 2382 * tracebuffer exhaustion, we copyout as much as possible. 2383 */ 2384int 2385stack_snapshot(struct proc *p, register struct stack_snapshot_args *uap, int32_t *retval) { 2386 int error = 0; 2387 2388 if ((error = suser(kauth_cred_get(), &p->p_acflag))) 2389 return(error); 2390 2391 return stack_snapshot2(uap->pid, uap->tracebuf, uap->tracebuf_size, 2392 uap->flags, uap->dispatch_offset, retval); 2393} 2394 2395int 2396stack_snapshot2(pid_t pid, user_addr_t tracebuf, uint32_t tracebuf_size, uint32_t flags, uint32_t dispatch_offset, int32_t *retval) 2397{ 2398 int error = 0; 2399 unsigned bytesTraced = 0; 2400 boolean_t istate; 2401 2402 *retval = -1; 2403/* Serialize tracing */ 2404 STACKSHOT_SUBSYS_LOCK(); 2405 2406 if ((tracebuf_size <= 0) || (tracebuf_size > SANE_TRACEBUF_SIZE)) { 2407 error = EINVAL; 2408 goto error_exit; 2409 } 2410 2411 assert(stackshot_snapbuf == NULL); 2412 if (kmem_alloc_kobject(kernel_map, (vm_offset_t *)&stackshot_snapbuf, tracebuf_size) != KERN_SUCCESS) { 2413 error = ENOMEM; 2414 goto error_exit; 2415 } 2416 2417 if (panic_active()) { 2418 error = ENOMEM; 2419 goto error_exit; 2420 } 2421 2422 istate = ml_set_interrupts_enabled(FALSE); 2423/* Preload trace parameters*/ 2424 kdp_snapshot_preflight(pid, stackshot_snapbuf, tracebuf_size, flags, dispatch_offset); 2425 2426/* Trap to the debugger to obtain a coherent stack snapshot; this populates 2427 * the trace buffer 2428 */ 2429 2430 TRAP_DEBUGGER; 2431 2432 ml_set_interrupts_enabled(istate); 2433 2434 bytesTraced = kdp_stack_snapshot_bytes_traced(); 2435 2436 if (bytesTraced > 0) { 2437 if ((error = copyout(stackshot_snapbuf, tracebuf, 2438 ((bytesTraced < tracebuf_size) ? 2439 bytesTraced : tracebuf_size)))) 2440 goto error_exit; 2441 *retval = bytesTraced; 2442 } 2443 else { 2444 error = ENOENT; 2445 goto error_exit; 2446 } 2447 2448 error = kdp_stack_snapshot_geterror(); 2449 if (error == -1) { 2450 error = ENOSPC; 2451 *retval = -1; 2452 goto error_exit; 2453 } 2454 2455error_exit: 2456 if (stackshot_snapbuf != NULL) 2457 kmem_free(kernel_map, (vm_offset_t) stackshot_snapbuf, tracebuf_size); 2458 stackshot_snapbuf = NULL; 2459 STACKSHOT_SUBSYS_UNLOCK(); 2460 return error; 2461} 2462 2463void 2464start_kern_tracing(unsigned int new_nkdbufs) { 2465 2466 if (!new_nkdbufs) 2467 return; 2468 nkdbufs = kdbg_set_nkdbufs(new_nkdbufs); 2469 kdbg_lock_init(); 2470 kdbg_reinit(TRUE); 2471 kdbg_set_tracing_enabled(TRUE, KDEBUG_ENABLE_TRACE); 2472 2473#if defined(__i386__) || defined(__x86_64__) 2474 uint64_t now = mach_absolute_time(); 2475 2476 KERNEL_DEBUG_CONSTANT((TRACEDBG_CODE(DBG_TRACE_INFO, 1)) | DBG_FUNC_NONE, 2477 (uint32_t)(tsc_rebase_abs_time >> 32), (uint32_t)tsc_rebase_abs_time, 2478 (uint32_t)(now >> 32), (uint32_t)now, 2479 0); 2480#endif 2481 printf("kernel tracing started\n"); 2482} 2483 2484void 2485kdbg_dump_trace_to_file(const char *filename) 2486{ 2487 vfs_context_t ctx; 2488 vnode_t vp; 2489 int error; 2490 size_t number; 2491 2492 2493 if ( !(kdebug_enable & KDEBUG_ENABLE_TRACE)) 2494 return; 2495 2496 if (global_state_pid != -1) { 2497 if ((proc_find(global_state_pid)) != NULL) { 2498 /* 2499 * The global pid exists, we're running 2500 * due to fs_usage, latency, etc... 2501 * don't cut the panic/shutdown trace file 2502 */ 2503 return; 2504 } 2505 } 2506 KERNEL_DEBUG_CONSTANT((TRACEDBG_CODE(DBG_TRACE_INFO, 0)) | DBG_FUNC_NONE, 0, 0, 0, 0, 0); 2507 2508 kdebug_enable = 0; 2509 kd_ctrl_page.enabled = 0; 2510 2511 ctx = vfs_context_kernel(); 2512 2513 if ((error = vnode_open(filename, (O_CREAT | FWRITE | O_NOFOLLOW), 0600, 0, &vp, ctx))) 2514 return; 2515 2516 number = kd_mapsize; 2517 kdbg_readmap(0, &number, vp, ctx); 2518 2519 number = nkdbufs*sizeof(kd_buf); 2520 kdbg_read(0, &number, vp, ctx); 2521 2522 vnode_close(vp, FWRITE, ctx); 2523 2524 sync(current_proc(), (void *)NULL, (int *)NULL); 2525} 2526 2527/* Helper function for filling in the BSD name for an address space 2528 * Defined here because the machine bindings know only Mach threads 2529 * and nothing about BSD processes. 2530 * 2531 * FIXME: need to grab a lock during this? 2532 */ 2533void kdbg_get_task_name(char* name_buf, int len, task_t task) 2534{ 2535 proc_t proc; 2536 2537 /* Note: we can't use thread->task (and functions that rely on it) here 2538 * because it hasn't been initialized yet when this function is called. 2539 * We use the explicitly-passed task parameter instead. 2540 */ 2541 proc = get_bsdtask_info(task); 2542 if (proc != PROC_NULL) 2543 snprintf(name_buf, len, "%s/%d", proc->p_comm, proc->p_pid); 2544 else 2545 snprintf(name_buf, len, "%p [!bsd]", task); 2546} 2547 2548 2549 2550#if defined(NATIVE_TRACE_FACILITY) 2551void trace_handler_map_ctrl_page(__unused uintptr_t addr, __unused size_t ctrl_page_size, __unused size_t storage_size, __unused size_t kds_ptr_size) 2552{ 2553} 2554void trace_handler_map_bufinfo(__unused uintptr_t addr, __unused size_t size) 2555{ 2556} 2557void trace_handler_unmap_bufinfo(void) 2558{ 2559} 2560void trace_handler_map_buffer(__unused int index, __unused uintptr_t addr, __unused size_t size) 2561{ 2562} 2563void trace_handler_unmap_buffer(__unused int index) 2564{ 2565} 2566#endif 2567