1 //===-- DynamicLoaderDarwinKernel.cpp -------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #include "Plugins/Platform/MacOSX/PlatformDarwinKernel.h" 10 #include "lldb/Breakpoint/StoppointCallbackContext.h" 11 #include "lldb/Core/Debugger.h" 12 #include "lldb/Core/Module.h" 13 #include "lldb/Core/ModuleSpec.h" 14 #include "lldb/Core/PluginManager.h" 15 #include "lldb/Core/Section.h" 16 #include "lldb/Core/StreamFile.h" 17 #include "lldb/Interpreter/OptionValueProperties.h" 18 #include "lldb/Symbol/LocateSymbolFile.h" 19 #include "lldb/Symbol/ObjectFile.h" 20 #include "lldb/Target/OperatingSystem.h" 21 #include "lldb/Target/RegisterContext.h" 22 #include "lldb/Target/StackFrame.h" 23 #include "lldb/Target/Target.h" 24 #include "lldb/Target/Thread.h" 25 #include "lldb/Target/ThreadPlanRunToAddress.h" 26 #include "lldb/Utility/DataBuffer.h" 27 #include "lldb/Utility/DataBufferHeap.h" 28 #include "lldb/Utility/LLDBLog.h" 29 #include "lldb/Utility/Log.h" 30 #include "lldb/Utility/State.h" 31 32 #include "DynamicLoaderDarwinKernel.h" 33 34 #include <algorithm> 35 #include <memory> 36 37 //#define ENABLE_DEBUG_PRINTF // COMMENT THIS LINE OUT PRIOR TO CHECKIN 38 #ifdef ENABLE_DEBUG_PRINTF 39 #include <cstdio> 40 #define DEBUG_PRINTF(fmt, ...) printf(fmt, ##__VA_ARGS__) 41 #else 42 #define DEBUG_PRINTF(fmt, ...) 43 #endif 44 45 using namespace lldb; 46 using namespace lldb_private; 47 48 LLDB_PLUGIN_DEFINE(DynamicLoaderDarwinKernel) 49 50 // Progressively greater amounts of scanning we will allow For some targets 51 // very early in startup, we can't do any random reads of memory or we can 52 // crash the device so a setting is needed that can completely disable the 53 // KASLR scans. 54 55 enum KASLRScanType { 56 eKASLRScanNone = 0, // No reading into the inferior at all 57 eKASLRScanLowgloAddresses, // Check one word of memory for a possible kernel 58 // addr, then see if a kernel is there 59 eKASLRScanNearPC, // Scan backwards from the current $pc looking for kernel; 60 // checking at 96 locations total 61 eKASLRScanExhaustiveScan // Scan through the entire possible kernel address 62 // range looking for a kernel 63 }; 64 65 static constexpr OptionEnumValueElement g_kaslr_kernel_scan_enum_values[] = { 66 { 67 eKASLRScanNone, 68 "none", 69 "Do not read memory looking for a Darwin kernel when attaching.", 70 }, 71 { 72 eKASLRScanLowgloAddresses, 73 "basic", 74 "Check for the Darwin kernel's load addr in the lowglo page " 75 "(boot-args=debug) only.", 76 }, 77 { 78 eKASLRScanNearPC, 79 "fast-scan", 80 "Scan near the pc value on attach to find the Darwin kernel's load " 81 "address.", 82 }, 83 { 84 eKASLRScanExhaustiveScan, 85 "exhaustive-scan", 86 "Scan through the entire potential address range of Darwin kernel " 87 "(only on 32-bit targets).", 88 }, 89 }; 90 91 #define LLDB_PROPERTIES_dynamicloaderdarwinkernel 92 #include "DynamicLoaderDarwinKernelProperties.inc" 93 94 enum { 95 #define LLDB_PROPERTIES_dynamicloaderdarwinkernel 96 #include "DynamicLoaderDarwinKernelPropertiesEnum.inc" 97 }; 98 99 class DynamicLoaderDarwinKernelProperties : public Properties { 100 public: 101 static ConstString &GetSettingName() { 102 static ConstString g_setting_name("darwin-kernel"); 103 return g_setting_name; 104 } 105 106 DynamicLoaderDarwinKernelProperties() : Properties() { 107 m_collection_sp = std::make_shared<OptionValueProperties>(GetSettingName()); 108 m_collection_sp->Initialize(g_dynamicloaderdarwinkernel_properties); 109 } 110 111 ~DynamicLoaderDarwinKernelProperties() override = default; 112 113 bool GetLoadKexts() const { 114 const uint32_t idx = ePropertyLoadKexts; 115 return m_collection_sp->GetPropertyAtIndexAsBoolean( 116 nullptr, idx, 117 g_dynamicloaderdarwinkernel_properties[idx].default_uint_value != 0); 118 } 119 120 KASLRScanType GetScanType() const { 121 const uint32_t idx = ePropertyScanType; 122 return (KASLRScanType)m_collection_sp->GetPropertyAtIndexAsEnumeration( 123 nullptr, idx, 124 g_dynamicloaderdarwinkernel_properties[idx].default_uint_value); 125 } 126 }; 127 128 static DynamicLoaderDarwinKernelProperties &GetGlobalProperties() { 129 static DynamicLoaderDarwinKernelProperties g_settings; 130 return g_settings; 131 } 132 133 static bool is_kernel(Module *module) { 134 if (!module) 135 return false; 136 ObjectFile *objfile = module->GetObjectFile(); 137 if (!objfile) 138 return false; 139 if (objfile->GetType() != ObjectFile::eTypeExecutable) 140 return false; 141 if (objfile->GetStrata() != ObjectFile::eStrataKernel) 142 return false; 143 144 return true; 145 } 146 147 // Create an instance of this class. This function is filled into the plugin 148 // info class that gets handed out by the plugin factory and allows the lldb to 149 // instantiate an instance of this class. 150 DynamicLoader *DynamicLoaderDarwinKernel::CreateInstance(Process *process, 151 bool force) { 152 if (!force) { 153 // If the user provided an executable binary and it is not a kernel, this 154 // plugin should not create an instance. 155 Module *exec = process->GetTarget().GetExecutableModulePointer(); 156 if (exec && !is_kernel(exec)) 157 return nullptr; 158 159 // If the target's architecture does not look like an Apple environment, 160 // this plugin should not create an instance. 161 const llvm::Triple &triple_ref = 162 process->GetTarget().GetArchitecture().GetTriple(); 163 switch (triple_ref.getOS()) { 164 case llvm::Triple::Darwin: 165 case llvm::Triple::MacOSX: 166 case llvm::Triple::IOS: 167 case llvm::Triple::TvOS: 168 case llvm::Triple::WatchOS: 169 // NEED_BRIDGEOS_TRIPLE case llvm::Triple::BridgeOS: 170 if (triple_ref.getVendor() != llvm::Triple::Apple) { 171 return nullptr; 172 } 173 break; 174 // If we have triple like armv7-unknown-unknown, we should try looking for 175 // a Darwin kernel. 176 case llvm::Triple::UnknownOS: 177 break; 178 default: 179 return nullptr; 180 break; 181 } 182 } 183 184 // At this point if there is an ExecutableModule, it is a kernel and the 185 // Target is some variant of an Apple system. If the Process hasn't provided 186 // the kernel load address, we need to look around in memory to find it. 187 const addr_t kernel_load_address = SearchForDarwinKernel(process); 188 if (CheckForKernelImageAtAddress(kernel_load_address, process).IsValid()) { 189 return new DynamicLoaderDarwinKernel(process, kernel_load_address); 190 } 191 return nullptr; 192 } 193 194 lldb::addr_t 195 DynamicLoaderDarwinKernel::SearchForDarwinKernel(Process *process) { 196 addr_t kernel_load_address = process->GetImageInfoAddress(); 197 if (kernel_load_address == LLDB_INVALID_ADDRESS) 198 kernel_load_address = SearchForKernelAtSameLoadAddr(process); 199 if (kernel_load_address == LLDB_INVALID_ADDRESS) 200 kernel_load_address = SearchForKernelWithDebugHints(process); 201 if (kernel_load_address == LLDB_INVALID_ADDRESS) 202 kernel_load_address = SearchForKernelNearPC(process); 203 if (kernel_load_address == LLDB_INVALID_ADDRESS) 204 kernel_load_address = SearchForKernelViaExhaustiveSearch(process); 205 206 return kernel_load_address; 207 } 208 209 // Check if the kernel binary is loaded in memory without a slide. First verify 210 // that the ExecutableModule is a kernel before we proceed. Returns the address 211 // of the kernel if one was found, else LLDB_INVALID_ADDRESS. 212 lldb::addr_t 213 DynamicLoaderDarwinKernel::SearchForKernelAtSameLoadAddr(Process *process) { 214 Module *exe_module = process->GetTarget().GetExecutableModulePointer(); 215 216 if (!is_kernel(process->GetTarget().GetExecutableModulePointer())) 217 return LLDB_INVALID_ADDRESS; 218 219 ObjectFile *exe_objfile = exe_module->GetObjectFile(); 220 221 if (!exe_objfile->GetBaseAddress().IsValid()) 222 return LLDB_INVALID_ADDRESS; 223 224 if (CheckForKernelImageAtAddress( 225 exe_objfile->GetBaseAddress().GetFileAddress(), process) == 226 exe_module->GetUUID()) 227 return exe_objfile->GetBaseAddress().GetFileAddress(); 228 229 return LLDB_INVALID_ADDRESS; 230 } 231 232 // If the debug flag is included in the boot-args nvram setting, the kernel's 233 // load address will be noted in the lowglo page at a fixed address Returns the 234 // address of the kernel if one was found, else LLDB_INVALID_ADDRESS. 235 lldb::addr_t 236 DynamicLoaderDarwinKernel::SearchForKernelWithDebugHints(Process *process) { 237 if (GetGlobalProperties().GetScanType() == eKASLRScanNone) 238 return LLDB_INVALID_ADDRESS; 239 240 Status read_err; 241 addr_t kernel_addresses_64[] = { 242 0xfffffff000002010ULL, 243 0xfffffff000004010ULL, // newest arm64 devices 244 0xffffff8000004010ULL, // 2014-2015-ish arm64 devices 245 0xffffff8000002010ULL, // oldest arm64 devices 246 LLDB_INVALID_ADDRESS}; 247 addr_t kernel_addresses_32[] = {0xffff0110, // 2016 and earlier armv7 devices 248 0xffff1010, LLDB_INVALID_ADDRESS}; 249 250 uint8_t uval[8]; 251 if (process->GetAddressByteSize() == 8) { 252 for (size_t i = 0; kernel_addresses_64[i] != LLDB_INVALID_ADDRESS; i++) { 253 if (process->ReadMemoryFromInferior (kernel_addresses_64[i], uval, 8, read_err) == 8) 254 { 255 DataExtractor data (&uval, 8, process->GetByteOrder(), process->GetAddressByteSize()); 256 offset_t offset = 0; 257 uint64_t addr = data.GetU64 (&offset); 258 if (CheckForKernelImageAtAddress(addr, process).IsValid()) { 259 return addr; 260 } 261 } 262 } 263 } 264 265 if (process->GetAddressByteSize() == 4) { 266 for (size_t i = 0; kernel_addresses_32[i] != LLDB_INVALID_ADDRESS; i++) { 267 if (process->ReadMemoryFromInferior (kernel_addresses_32[i], uval, 4, read_err) == 4) 268 { 269 DataExtractor data (&uval, 4, process->GetByteOrder(), process->GetAddressByteSize()); 270 offset_t offset = 0; 271 uint32_t addr = data.GetU32 (&offset); 272 if (CheckForKernelImageAtAddress(addr, process).IsValid()) { 273 return addr; 274 } 275 } 276 } 277 } 278 279 return LLDB_INVALID_ADDRESS; 280 } 281 282 // If the kernel is currently executing when lldb attaches, and we don't have a 283 // better way of finding the kernel's load address, try searching backwards 284 // from the current pc value looking for the kernel's Mach header in memory. 285 // Returns the address of the kernel if one was found, else 286 // LLDB_INVALID_ADDRESS. 287 lldb::addr_t 288 DynamicLoaderDarwinKernel::SearchForKernelNearPC(Process *process) { 289 if (GetGlobalProperties().GetScanType() == eKASLRScanNone || 290 GetGlobalProperties().GetScanType() == eKASLRScanLowgloAddresses) { 291 return LLDB_INVALID_ADDRESS; 292 } 293 294 ThreadSP thread = process->GetThreadList().GetSelectedThread(); 295 if (thread.get() == nullptr) 296 return LLDB_INVALID_ADDRESS; 297 addr_t pc = thread->GetRegisterContext()->GetPC(LLDB_INVALID_ADDRESS); 298 299 int ptrsize = process->GetTarget().GetArchitecture().GetAddressByteSize(); 300 301 // The kernel is always loaded in high memory, if the top bit is zero, 302 // this isn't a kernel. 303 if (ptrsize == 8) { 304 if ((pc & (1ULL << 63)) == 0) { 305 return LLDB_INVALID_ADDRESS; 306 } 307 } else { 308 if ((pc & (1ULL << 31)) == 0) { 309 return LLDB_INVALID_ADDRESS; 310 } 311 } 312 313 if (pc == LLDB_INVALID_ADDRESS) 314 return LLDB_INVALID_ADDRESS; 315 316 int pagesize = 0x4000; // 16k pages on 64-bit targets 317 if (ptrsize == 4) 318 pagesize = 0x1000; // 4k pages on 32-bit targets 319 320 // The kernel will be loaded on a page boundary. 321 // Round the current pc down to the nearest page boundary. 322 addr_t addr = pc & ~(pagesize - 1ULL); 323 324 // Search backwards for 128 megabytes, or first memory read error. 325 while (pc - addr < 128 * 0x100000) { 326 bool read_error; 327 if (CheckForKernelImageAtAddress(addr, process, &read_error).IsValid()) 328 return addr; 329 330 // Stop scanning on the first read error we encounter; we've walked 331 // past this executable block of memory. 332 if (read_error == true) 333 break; 334 335 addr -= pagesize; 336 } 337 338 return LLDB_INVALID_ADDRESS; 339 } 340 341 // Scan through the valid address range for a kernel binary. This is uselessly 342 // slow in 64-bit environments so we don't even try it. This scan is not 343 // enabled by default even for 32-bit targets. Returns the address of the 344 // kernel if one was found, else LLDB_INVALID_ADDRESS. 345 lldb::addr_t DynamicLoaderDarwinKernel::SearchForKernelViaExhaustiveSearch( 346 Process *process) { 347 if (GetGlobalProperties().GetScanType() != eKASLRScanExhaustiveScan) { 348 return LLDB_INVALID_ADDRESS; 349 } 350 351 addr_t kernel_range_low, kernel_range_high; 352 if (process->GetTarget().GetArchitecture().GetAddressByteSize() == 8) { 353 kernel_range_low = 1ULL << 63; 354 kernel_range_high = UINT64_MAX; 355 } else { 356 kernel_range_low = 1ULL << 31; 357 kernel_range_high = UINT32_MAX; 358 } 359 360 // Stepping through memory at one-megabyte resolution looking for a kernel 361 // rarely works (fast enough) with a 64-bit address space -- for now, let's 362 // not even bother. We may be attaching to something which *isn't* a kernel 363 // and we don't want to spin for minutes on-end looking for a kernel. 364 if (process->GetTarget().GetArchitecture().GetAddressByteSize() == 8) 365 return LLDB_INVALID_ADDRESS; 366 367 addr_t addr = kernel_range_low; 368 369 while (addr >= kernel_range_low && addr < kernel_range_high) { 370 // x86_64 kernels are at offset 0 371 if (CheckForKernelImageAtAddress(addr, process).IsValid()) 372 return addr; 373 // 32-bit arm kernels are at offset 0x1000 (one 4k page) 374 if (CheckForKernelImageAtAddress(addr + 0x1000, process).IsValid()) 375 return addr + 0x1000; 376 // 64-bit arm kernels are at offset 0x4000 (one 16k page) 377 if (CheckForKernelImageAtAddress(addr + 0x4000, process).IsValid()) 378 return addr + 0x4000; 379 addr += 0x100000; 380 } 381 return LLDB_INVALID_ADDRESS; 382 } 383 384 // Read the mach_header struct out of memory and return it. 385 // Returns true if the mach_header was successfully read, 386 // Returns false if there was a problem reading the header, or it was not 387 // a Mach-O header. 388 389 bool 390 DynamicLoaderDarwinKernel::ReadMachHeader(addr_t addr, Process *process, llvm::MachO::mach_header &header, 391 bool *read_error) { 392 Status error; 393 if (read_error) 394 *read_error = false; 395 396 // Read the mach header and see whether it looks like a kernel 397 if (process->ReadMemory(addr, &header, sizeof(header), error) != 398 sizeof(header)) { 399 if (read_error) 400 *read_error = true; 401 return false; 402 } 403 404 const uint32_t magicks[] = { llvm::MachO::MH_MAGIC_64, llvm::MachO::MH_MAGIC, llvm::MachO::MH_CIGAM, llvm::MachO::MH_CIGAM_64}; 405 406 bool found_matching_pattern = false; 407 for (size_t i = 0; i < std::size(magicks); i++) 408 if (::memcmp (&header.magic, &magicks[i], sizeof (uint32_t)) == 0) 409 found_matching_pattern = true; 410 411 if (!found_matching_pattern) 412 return false; 413 414 if (header.magic == llvm::MachO::MH_CIGAM || 415 header.magic == llvm::MachO::MH_CIGAM_64) { 416 header.magic = llvm::ByteSwap_32(header.magic); 417 header.cputype = llvm::ByteSwap_32(header.cputype); 418 header.cpusubtype = llvm::ByteSwap_32(header.cpusubtype); 419 header.filetype = llvm::ByteSwap_32(header.filetype); 420 header.ncmds = llvm::ByteSwap_32(header.ncmds); 421 header.sizeofcmds = llvm::ByteSwap_32(header.sizeofcmds); 422 header.flags = llvm::ByteSwap_32(header.flags); 423 } 424 425 return true; 426 } 427 428 // Given an address in memory, look to see if there is a kernel image at that 429 // address. 430 // Returns a UUID; if a kernel was not found at that address, UUID.IsValid() 431 // will be false. 432 lldb_private::UUID 433 DynamicLoaderDarwinKernel::CheckForKernelImageAtAddress(lldb::addr_t addr, 434 Process *process, 435 bool *read_error) { 436 Log *log = GetLog(LLDBLog::DynamicLoader); 437 if (addr == LLDB_INVALID_ADDRESS) { 438 if (read_error) 439 *read_error = true; 440 return UUID(); 441 } 442 443 LLDB_LOGF(log, 444 "DynamicLoaderDarwinKernel::CheckForKernelImageAtAddress: " 445 "looking for kernel binary at 0x%" PRIx64, 446 addr); 447 448 llvm::MachO::mach_header header; 449 450 if (!ReadMachHeader(addr, process, header, read_error)) 451 return UUID(); 452 453 // First try a quick test -- read the first 4 bytes and see if there is a 454 // valid Mach-O magic field there 455 // (the first field of the mach_header/mach_header_64 struct). 456 // A kernel is an executable which does not have the dynamic link object flag 457 // set. 458 if (header.filetype == llvm::MachO::MH_EXECUTE && 459 (header.flags & llvm::MachO::MH_DYLDLINK) == 0) { 460 // Create a full module to get the UUID 461 ModuleSP memory_module_sp = 462 process->ReadModuleFromMemory(FileSpec("temp_mach_kernel"), addr); 463 if (!memory_module_sp.get()) 464 return UUID(); 465 466 ObjectFile *exe_objfile = memory_module_sp->GetObjectFile(); 467 if (exe_objfile == nullptr) { 468 LLDB_LOGF(log, 469 "DynamicLoaderDarwinKernel::CheckForKernelImageAtAddress " 470 "found a binary at 0x%" PRIx64 471 " but could not create an object file from memory", 472 addr); 473 return UUID(); 474 } 475 476 if (is_kernel(memory_module_sp.get())) { 477 ArchSpec kernel_arch(eArchTypeMachO, header.cputype, header.cpusubtype); 478 if (!process->GetTarget().GetArchitecture().IsCompatibleMatch( 479 kernel_arch)) { 480 process->GetTarget().SetArchitecture(kernel_arch); 481 } 482 if (log) { 483 std::string uuid_str; 484 if (memory_module_sp->GetUUID().IsValid()) { 485 uuid_str = "with UUID "; 486 uuid_str += memory_module_sp->GetUUID().GetAsString(); 487 } else { 488 uuid_str = "and no LC_UUID found in load commands "; 489 } 490 LLDB_LOGF( 491 log, 492 "DynamicLoaderDarwinKernel::CheckForKernelImageAtAddress: " 493 "kernel binary image found at 0x%" PRIx64 " with arch '%s' %s", 494 addr, kernel_arch.GetTriple().str().c_str(), uuid_str.c_str()); 495 } 496 return memory_module_sp->GetUUID(); 497 } 498 } 499 500 return UUID(); 501 } 502 503 // Constructor 504 DynamicLoaderDarwinKernel::DynamicLoaderDarwinKernel(Process *process, 505 lldb::addr_t kernel_addr) 506 : DynamicLoader(process), m_kernel_load_address(kernel_addr), m_kernel(), 507 m_kext_summary_header_ptr_addr(), m_kext_summary_header_addr(), 508 m_kext_summary_header(), m_known_kexts(), m_mutex(), 509 m_break_id(LLDB_INVALID_BREAK_ID) { 510 Status error; 511 process->SetCanRunCode(false); 512 PlatformSP platform_sp = 513 process->GetTarget().GetDebugger().GetPlatformList().Create( 514 PlatformDarwinKernel::GetPluginNameStatic()); 515 if (platform_sp.get()) 516 process->GetTarget().SetPlatform(platform_sp); 517 } 518 519 // Destructor 520 DynamicLoaderDarwinKernel::~DynamicLoaderDarwinKernel() { Clear(true); } 521 522 void DynamicLoaderDarwinKernel::UpdateIfNeeded() { 523 LoadKernelModuleIfNeeded(); 524 SetNotificationBreakpointIfNeeded(); 525 } 526 527 /// We've attached to a remote connection, or read a corefile. 528 /// Now load the kernel binary and potentially the kexts, add 529 /// them to the Target. 530 void DynamicLoaderDarwinKernel::DidAttach() { 531 PrivateInitialize(m_process); 532 UpdateIfNeeded(); 533 } 534 535 /// Called after attaching a process. 536 /// 537 /// Allow DynamicLoader plug-ins to execute some code after 538 /// attaching to a process. 539 void DynamicLoaderDarwinKernel::DidLaunch() { 540 PrivateInitialize(m_process); 541 UpdateIfNeeded(); 542 } 543 544 // Clear out the state of this class. 545 void DynamicLoaderDarwinKernel::Clear(bool clear_process) { 546 std::lock_guard<std::recursive_mutex> guard(m_mutex); 547 548 if (m_process->IsAlive() && LLDB_BREAK_ID_IS_VALID(m_break_id)) 549 m_process->ClearBreakpointSiteByID(m_break_id); 550 551 if (clear_process) 552 m_process = nullptr; 553 m_kernel.Clear(); 554 m_known_kexts.clear(); 555 m_kext_summary_header_ptr_addr.Clear(); 556 m_kext_summary_header_addr.Clear(); 557 m_break_id = LLDB_INVALID_BREAK_ID; 558 } 559 560 bool DynamicLoaderDarwinKernel::KextImageInfo::LoadImageAtFileAddress( 561 Process *process) { 562 if (IsLoaded()) 563 return true; 564 565 if (m_module_sp) { 566 bool changed = false; 567 if (m_module_sp->SetLoadAddress(process->GetTarget(), 0, true, changed)) 568 m_load_process_stop_id = process->GetStopID(); 569 } 570 return false; 571 } 572 573 void DynamicLoaderDarwinKernel::KextImageInfo::SetModule(ModuleSP module_sp) { 574 m_module_sp = module_sp; 575 m_kernel_image = is_kernel(module_sp.get()); 576 } 577 578 ModuleSP DynamicLoaderDarwinKernel::KextImageInfo::GetModule() { 579 return m_module_sp; 580 } 581 582 void DynamicLoaderDarwinKernel::KextImageInfo::SetLoadAddress( 583 addr_t load_addr) { 584 m_load_address = load_addr; 585 } 586 587 addr_t DynamicLoaderDarwinKernel::KextImageInfo::GetLoadAddress() const { 588 return m_load_address; 589 } 590 591 uint64_t DynamicLoaderDarwinKernel::KextImageInfo::GetSize() const { 592 return m_size; 593 } 594 595 void DynamicLoaderDarwinKernel::KextImageInfo::SetSize(uint64_t size) { 596 m_size = size; 597 } 598 599 uint32_t DynamicLoaderDarwinKernel::KextImageInfo::GetProcessStopId() const { 600 return m_load_process_stop_id; 601 } 602 603 void DynamicLoaderDarwinKernel::KextImageInfo::SetProcessStopId( 604 uint32_t stop_id) { 605 m_load_process_stop_id = stop_id; 606 } 607 608 bool DynamicLoaderDarwinKernel::KextImageInfo:: 609 operator==(const KextImageInfo &rhs) { 610 if (m_uuid.IsValid() || rhs.GetUUID().IsValid()) { 611 return m_uuid == rhs.GetUUID(); 612 } 613 614 return m_name == rhs.GetName() && m_load_address == rhs.GetLoadAddress(); 615 } 616 617 void DynamicLoaderDarwinKernel::KextImageInfo::SetName(const char *name) { 618 m_name = name; 619 } 620 621 std::string DynamicLoaderDarwinKernel::KextImageInfo::GetName() const { 622 return m_name; 623 } 624 625 void DynamicLoaderDarwinKernel::KextImageInfo::SetUUID(const UUID &uuid) { 626 m_uuid = uuid; 627 } 628 629 UUID DynamicLoaderDarwinKernel::KextImageInfo::GetUUID() const { 630 return m_uuid; 631 } 632 633 // Given the m_load_address from the kext summaries, and a UUID, try to create 634 // an in-memory Module at that address. Require that the MemoryModule have a 635 // matching UUID and detect if this MemoryModule is a kernel or a kext. 636 // 637 // Returns true if m_memory_module_sp is now set to a valid Module. 638 639 bool DynamicLoaderDarwinKernel::KextImageInfo::ReadMemoryModule( 640 Process *process) { 641 Log *log = GetLog(LLDBLog::Host); 642 if (m_memory_module_sp.get() != nullptr) 643 return true; 644 if (m_load_address == LLDB_INVALID_ADDRESS) 645 return false; 646 647 FileSpec file_spec(m_name.c_str()); 648 649 llvm::MachO::mach_header mh; 650 size_t size_to_read = 512; 651 if (ReadMachHeader(m_load_address, process, mh)) { 652 if (mh.magic == llvm::MachO::MH_CIGAM || mh.magic == llvm::MachO::MH_MAGIC) 653 size_to_read = sizeof(llvm::MachO::mach_header) + mh.sizeofcmds; 654 if (mh.magic == llvm::MachO::MH_CIGAM_64 || 655 mh.magic == llvm::MachO::MH_MAGIC_64) 656 size_to_read = sizeof(llvm::MachO::mach_header_64) + mh.sizeofcmds; 657 } 658 659 ModuleSP memory_module_sp = 660 process->ReadModuleFromMemory(file_spec, m_load_address, size_to_read); 661 662 if (memory_module_sp.get() == nullptr) 663 return false; 664 665 bool this_is_kernel = is_kernel(memory_module_sp.get()); 666 667 // If this is a kext, and the kernel specified what UUID we should find at 668 // this load address, require that the memory module have a matching UUID or 669 // something has gone wrong and we should discard it. 670 if (m_uuid.IsValid()) { 671 if (m_uuid != memory_module_sp->GetUUID()) { 672 if (log) { 673 LLDB_LOGF(log, 674 "KextImageInfo::ReadMemoryModule the kernel said to find " 675 "uuid %s at 0x%" PRIx64 676 " but instead we found uuid %s, throwing it away", 677 m_uuid.GetAsString().c_str(), m_load_address, 678 memory_module_sp->GetUUID().GetAsString().c_str()); 679 } 680 return false; 681 } 682 } 683 684 // If the in-memory Module has a UUID, let's use that. 685 if (!m_uuid.IsValid() && memory_module_sp->GetUUID().IsValid()) { 686 m_uuid = memory_module_sp->GetUUID(); 687 } 688 689 m_memory_module_sp = memory_module_sp; 690 m_kernel_image = this_is_kernel; 691 if (this_is_kernel) { 692 if (log) { 693 // This is unusual and probably not intended 694 LLDB_LOGF(log, 695 "KextImageInfo::ReadMemoryModule read the kernel binary out " 696 "of memory"); 697 } 698 if (memory_module_sp->GetArchitecture().IsValid()) { 699 process->GetTarget().SetArchitecture(memory_module_sp->GetArchitecture()); 700 } 701 } 702 703 return true; 704 } 705 706 bool DynamicLoaderDarwinKernel::KextImageInfo::IsKernel() const { 707 return m_kernel_image; 708 } 709 710 void DynamicLoaderDarwinKernel::KextImageInfo::SetIsKernel(bool is_kernel) { 711 m_kernel_image = is_kernel; 712 } 713 714 bool DynamicLoaderDarwinKernel::KextImageInfo::LoadImageUsingMemoryModule( 715 Process *process) { 716 if (IsLoaded()) 717 return true; 718 719 Target &target = process->GetTarget(); 720 721 // kexts will have a uuid from the table. 722 // for the kernel, we'll need to read the load commands out of memory to get it. 723 if (m_uuid.IsValid() == false) { 724 if (ReadMemoryModule(process) == false) { 725 Log *log = GetLog(LLDBLog::DynamicLoader); 726 LLDB_LOGF(log, 727 "Unable to read '%s' from memory at address 0x%" PRIx64 728 " to get the segment load addresses.", 729 m_name.c_str(), m_load_address); 730 return false; 731 } 732 } 733 734 if (IsKernel() && m_uuid.IsValid()) { 735 Stream &s = target.GetDebugger().GetOutputStream(); 736 s.Printf("Kernel UUID: %s\n", m_uuid.GetAsString().c_str()); 737 s.Printf("Load Address: 0x%" PRIx64 "\n", m_load_address); 738 739 // Start of a kernel debug session, we have the UUID of the kernel. 740 // Go through the target's list of modules and if there are any kernel 741 // modules with non-matching UUIDs, remove them. The user may have added 742 // the wrong kernel binary manually and it will only confuse things. 743 ModuleList incorrect_kernels; 744 for (ModuleSP module_sp : target.GetImages().Modules()) { 745 if (is_kernel(module_sp.get()) && module_sp->GetUUID() != m_uuid) 746 incorrect_kernels.Append(module_sp); 747 } 748 target.GetImages().Remove(incorrect_kernels); 749 } 750 751 if (!m_module_sp) { 752 // See if the kext has already been loaded into the target, probably by the 753 // user doing target modules add. 754 const ModuleList &target_images = target.GetImages(); 755 m_module_sp = target_images.FindModule(m_uuid); 756 757 // Search for the kext on the local filesystem via the UUID 758 if (!m_module_sp && m_uuid.IsValid()) { 759 ModuleSpec module_spec; 760 module_spec.GetUUID() = m_uuid; 761 module_spec.GetArchitecture() = target.GetArchitecture(); 762 763 // For the kernel, we really do need an on-disk file copy of the binary 764 // to do anything useful. This will force a call to dsymForUUID if it 765 // exists, instead of depending on the DebugSymbols preferences being 766 // set. 767 if (IsKernel()) { 768 Status error; 769 if (Symbols::DownloadObjectAndSymbolFile(module_spec, error, true)) { 770 if (FileSystem::Instance().Exists(module_spec.GetFileSpec())) { 771 m_module_sp = std::make_shared<Module>(module_spec.GetFileSpec(), 772 target.GetArchitecture()); 773 } 774 } 775 } 776 777 // If the current platform is PlatformDarwinKernel, create a ModuleSpec 778 // with the filename set to be the bundle ID for this kext, e.g. 779 // "com.apple.filesystems.msdosfs", and ask the platform to find it. 780 // PlatformDarwinKernel does a special scan for kexts on the local 781 // system. 782 PlatformSP platform_sp(target.GetPlatform()); 783 if (!m_module_sp && platform_sp) { 784 static ConstString g_platform_name( 785 PlatformDarwinKernel::GetPluginNameStatic()); 786 if (platform_sp->GetPluginName() == g_platform_name.GetStringRef()) { 787 ModuleSpec kext_bundle_module_spec(module_spec); 788 FileSpec kext_filespec(m_name.c_str()); 789 FileSpecList search_paths = target.GetExecutableSearchPaths(); 790 kext_bundle_module_spec.GetFileSpec() = kext_filespec; 791 platform_sp->GetSharedModule(kext_bundle_module_spec, process, 792 m_module_sp, &search_paths, nullptr, 793 nullptr); 794 } 795 } 796 797 // Ask the Target to find this file on the local system, if possible. 798 // This will search in the list of currently-loaded files, look in the 799 // standard search paths on the system, and on a Mac it will try calling 800 // the DebugSymbols framework with the UUID to find the binary via its 801 // search methods. 802 if (!m_module_sp) { 803 m_module_sp = target.GetOrCreateModule(module_spec, true /* notify */); 804 } 805 806 if (IsKernel() && !m_module_sp) { 807 Stream &s = target.GetDebugger().GetOutputStream(); 808 s.Printf("WARNING: Unable to locate kernel binary on the debugger " 809 "system.\n"); 810 } 811 } 812 813 // If we managed to find a module, append it to the target's list of 814 // images. If we also have a memory module, require that they have matching 815 // UUIDs 816 if (m_module_sp) { 817 if (m_uuid.IsValid() && m_module_sp->GetUUID() == m_uuid) { 818 target.GetImages().AppendIfNeeded(m_module_sp, false); 819 } 820 } 821 } 822 823 // If we've found a binary, read the load commands out of memory so we 824 // can set the segment load addresses. 825 if (m_module_sp) 826 ReadMemoryModule (process); 827 828 static ConstString g_section_name_LINKEDIT("__LINKEDIT"); 829 830 if (m_memory_module_sp && m_module_sp) { 831 if (m_module_sp->GetUUID() == m_memory_module_sp->GetUUID()) { 832 ObjectFile *ondisk_object_file = m_module_sp->GetObjectFile(); 833 ObjectFile *memory_object_file = m_memory_module_sp->GetObjectFile(); 834 835 if (memory_object_file && ondisk_object_file) { 836 // The memory_module for kexts may have an invalid __LINKEDIT seg; skip 837 // it. 838 const bool ignore_linkedit = !IsKernel(); 839 840 SectionList *ondisk_section_list = ondisk_object_file->GetSectionList(); 841 SectionList *memory_section_list = memory_object_file->GetSectionList(); 842 if (memory_section_list && ondisk_section_list) { 843 const uint32_t num_ondisk_sections = ondisk_section_list->GetSize(); 844 // There may be CTF sections in the memory image so we can't always 845 // just compare the number of sections (which are actually segments 846 // in mach-o parlance) 847 uint32_t sect_idx = 0; 848 849 // Use the memory_module's addresses for each section to set the file 850 // module's load address as appropriate. We don't want to use a 851 // single slide value for the entire kext - different segments may be 852 // slid different amounts by the kext loader. 853 854 uint32_t num_sections_loaded = 0; 855 for (sect_idx = 0; sect_idx < num_ondisk_sections; ++sect_idx) { 856 SectionSP ondisk_section_sp( 857 ondisk_section_list->GetSectionAtIndex(sect_idx)); 858 if (ondisk_section_sp) { 859 // Don't ever load __LINKEDIT as it may or may not be actually 860 // mapped into memory and there is no current way to tell. 861 // I filed rdar://problem/12851706 to track being able to tell 862 // if the __LINKEDIT is actually mapped, but until then, we need 863 // to not load the __LINKEDIT 864 if (ignore_linkedit && 865 ondisk_section_sp->GetName() == g_section_name_LINKEDIT) 866 continue; 867 868 const Section *memory_section = 869 memory_section_list 870 ->FindSectionByName(ondisk_section_sp->GetName()) 871 .get(); 872 if (memory_section) { 873 target.SetSectionLoadAddress(ondisk_section_sp, 874 memory_section->GetFileAddress()); 875 ++num_sections_loaded; 876 } 877 } 878 } 879 if (num_sections_loaded > 0) 880 m_load_process_stop_id = process->GetStopID(); 881 else 882 m_module_sp.reset(); // No sections were loaded 883 } else 884 m_module_sp.reset(); // One or both section lists 885 } else 886 m_module_sp.reset(); // One or both object files missing 887 } else 888 m_module_sp.reset(); // UUID mismatch 889 } 890 891 bool is_loaded = IsLoaded(); 892 893 if (is_loaded && m_module_sp && IsKernel()) { 894 Stream &s = target.GetDebugger().GetOutputStream(); 895 ObjectFile *kernel_object_file = m_module_sp->GetObjectFile(); 896 if (kernel_object_file) { 897 addr_t file_address = 898 kernel_object_file->GetBaseAddress().GetFileAddress(); 899 if (m_load_address != LLDB_INVALID_ADDRESS && 900 file_address != LLDB_INVALID_ADDRESS) { 901 s.Printf("Kernel slid 0x%" PRIx64 " in memory.\n", 902 m_load_address - file_address); 903 } 904 } 905 { 906 s.Printf("Loaded kernel file %s\n", 907 m_module_sp->GetFileSpec().GetPath().c_str()); 908 } 909 s.Flush(); 910 } 911 912 // Notify the target about the module being added; 913 // set breakpoints, load dSYM scripts, etc. as needed. 914 if (is_loaded && m_module_sp) { 915 ModuleList loaded_module_list; 916 loaded_module_list.Append(m_module_sp); 917 target.ModulesDidLoad(loaded_module_list); 918 } 919 920 return is_loaded; 921 } 922 923 uint32_t DynamicLoaderDarwinKernel::KextImageInfo::GetAddressByteSize() { 924 if (m_memory_module_sp) 925 return m_memory_module_sp->GetArchitecture().GetAddressByteSize(); 926 if (m_module_sp) 927 return m_module_sp->GetArchitecture().GetAddressByteSize(); 928 return 0; 929 } 930 931 lldb::ByteOrder DynamicLoaderDarwinKernel::KextImageInfo::GetByteOrder() { 932 if (m_memory_module_sp) 933 return m_memory_module_sp->GetArchitecture().GetByteOrder(); 934 if (m_module_sp) 935 return m_module_sp->GetArchitecture().GetByteOrder(); 936 return endian::InlHostByteOrder(); 937 } 938 939 lldb_private::ArchSpec 940 DynamicLoaderDarwinKernel::KextImageInfo::GetArchitecture() const { 941 if (m_memory_module_sp) 942 return m_memory_module_sp->GetArchitecture(); 943 if (m_module_sp) 944 return m_module_sp->GetArchitecture(); 945 return lldb_private::ArchSpec(); 946 } 947 948 // Load the kernel module and initialize the "m_kernel" member. Return true 949 // _only_ if the kernel is loaded the first time through (subsequent calls to 950 // this function should return false after the kernel has been already loaded). 951 void DynamicLoaderDarwinKernel::LoadKernelModuleIfNeeded() { 952 if (!m_kext_summary_header_ptr_addr.IsValid()) { 953 m_kernel.Clear(); 954 ModuleSP module_sp = m_process->GetTarget().GetExecutableModule(); 955 if (is_kernel(module_sp.get())) { 956 m_kernel.SetModule(module_sp); 957 m_kernel.SetIsKernel(true); 958 } 959 960 ConstString kernel_name("mach_kernel"); 961 if (m_kernel.GetModule().get() && m_kernel.GetModule()->GetObjectFile() && 962 !m_kernel.GetModule() 963 ->GetObjectFile() 964 ->GetFileSpec() 965 .GetFilename() 966 .IsEmpty()) { 967 kernel_name = 968 m_kernel.GetModule()->GetObjectFile()->GetFileSpec().GetFilename(); 969 } 970 m_kernel.SetName(kernel_name.AsCString()); 971 972 if (m_kernel.GetLoadAddress() == LLDB_INVALID_ADDRESS) { 973 m_kernel.SetLoadAddress(m_kernel_load_address); 974 if (m_kernel.GetLoadAddress() == LLDB_INVALID_ADDRESS && 975 m_kernel.GetModule()) { 976 // We didn't get a hint from the process, so we will try the kernel at 977 // the address that it exists at in the file if we have one 978 ObjectFile *kernel_object_file = m_kernel.GetModule()->GetObjectFile(); 979 if (kernel_object_file) { 980 addr_t load_address = 981 kernel_object_file->GetBaseAddress().GetLoadAddress( 982 &m_process->GetTarget()); 983 addr_t file_address = 984 kernel_object_file->GetBaseAddress().GetFileAddress(); 985 if (load_address != LLDB_INVALID_ADDRESS && load_address != 0) { 986 m_kernel.SetLoadAddress(load_address); 987 if (load_address != file_address) { 988 // Don't accidentally relocate the kernel to the File address -- 989 // the Load address has already been set to its actual in-memory 990 // address. Mark it as IsLoaded. 991 m_kernel.SetProcessStopId(m_process->GetStopID()); 992 } 993 } else { 994 m_kernel.SetLoadAddress(file_address); 995 } 996 } 997 } 998 } 999 1000 if (m_kernel.GetLoadAddress() != LLDB_INVALID_ADDRESS) { 1001 if (!m_kernel.LoadImageUsingMemoryModule(m_process)) { 1002 m_kernel.LoadImageAtFileAddress(m_process); 1003 } 1004 } 1005 1006 // The operating system plugin gets loaded and initialized in 1007 // LoadImageUsingMemoryModule when we discover the kernel dSYM. For a core 1008 // file in particular, that's the wrong place to do this, since we haven't 1009 // fixed up the section addresses yet. So let's redo it here. 1010 LoadOperatingSystemPlugin(false); 1011 1012 if (m_kernel.IsLoaded() && m_kernel.GetModule()) { 1013 static ConstString kext_summary_symbol("gLoadedKextSummaries"); 1014 const Symbol *symbol = 1015 m_kernel.GetModule()->FindFirstSymbolWithNameAndType( 1016 kext_summary_symbol, eSymbolTypeData); 1017 if (symbol) { 1018 m_kext_summary_header_ptr_addr = symbol->GetAddress(); 1019 // Update all image infos 1020 ReadAllKextSummaries(); 1021 } 1022 } else { 1023 m_kernel.Clear(); 1024 } 1025 } 1026 } 1027 1028 // Static callback function that gets called when our DYLD notification 1029 // breakpoint gets hit. We update all of our image infos and then let our super 1030 // class DynamicLoader class decide if we should stop or not (based on global 1031 // preference). 1032 bool DynamicLoaderDarwinKernel::BreakpointHitCallback( 1033 void *baton, StoppointCallbackContext *context, user_id_t break_id, 1034 user_id_t break_loc_id) { 1035 return static_cast<DynamicLoaderDarwinKernel *>(baton)->BreakpointHit( 1036 context, break_id, break_loc_id); 1037 } 1038 1039 bool DynamicLoaderDarwinKernel::BreakpointHit(StoppointCallbackContext *context, 1040 user_id_t break_id, 1041 user_id_t break_loc_id) { 1042 Log *log = GetLog(LLDBLog::DynamicLoader); 1043 LLDB_LOGF(log, "DynamicLoaderDarwinKernel::BreakpointHit (...)\n"); 1044 1045 ReadAllKextSummaries(); 1046 1047 if (log) 1048 PutToLog(log); 1049 1050 return GetStopWhenImagesChange(); 1051 } 1052 1053 bool DynamicLoaderDarwinKernel::ReadKextSummaryHeader() { 1054 std::lock_guard<std::recursive_mutex> guard(m_mutex); 1055 1056 // the all image infos is already valid for this process stop ID 1057 1058 if (m_kext_summary_header_ptr_addr.IsValid()) { 1059 const uint32_t addr_size = m_kernel.GetAddressByteSize(); 1060 const ByteOrder byte_order = m_kernel.GetByteOrder(); 1061 Status error; 1062 // Read enough bytes for a "OSKextLoadedKextSummaryHeader" structure which 1063 // is currently 4 uint32_t and a pointer. 1064 uint8_t buf[24]; 1065 DataExtractor data(buf, sizeof(buf), byte_order, addr_size); 1066 const size_t count = 4 * sizeof(uint32_t) + addr_size; 1067 const bool force_live_memory = true; 1068 if (m_process->GetTarget().ReadPointerFromMemory( 1069 m_kext_summary_header_ptr_addr, error, 1070 m_kext_summary_header_addr, force_live_memory)) { 1071 // We got a valid address for our kext summary header and make sure it 1072 // isn't NULL 1073 if (m_kext_summary_header_addr.IsValid() && 1074 m_kext_summary_header_addr.GetFileAddress() != 0) { 1075 const size_t bytes_read = m_process->GetTarget().ReadMemory( 1076 m_kext_summary_header_addr, buf, count, error, force_live_memory); 1077 if (bytes_read == count) { 1078 lldb::offset_t offset = 0; 1079 m_kext_summary_header.version = data.GetU32(&offset); 1080 if (m_kext_summary_header.version > 128) { 1081 Stream &s = m_process->GetTarget().GetDebugger().GetOutputStream(); 1082 s.Printf("WARNING: Unable to read kext summary header, got " 1083 "improbable version number %u\n", 1084 m_kext_summary_header.version); 1085 // If we get an improbably large version number, we're probably 1086 // getting bad memory. 1087 m_kext_summary_header_addr.Clear(); 1088 return false; 1089 } 1090 if (m_kext_summary_header.version >= 2) { 1091 m_kext_summary_header.entry_size = data.GetU32(&offset); 1092 if (m_kext_summary_header.entry_size > 4096) { 1093 // If we get an improbably large entry_size, we're probably 1094 // getting bad memory. 1095 Stream &s = 1096 m_process->GetTarget().GetDebugger().GetOutputStream(); 1097 s.Printf("WARNING: Unable to read kext summary header, got " 1098 "improbable entry_size %u\n", 1099 m_kext_summary_header.entry_size); 1100 m_kext_summary_header_addr.Clear(); 1101 return false; 1102 } 1103 } else { 1104 // Versions less than 2 didn't have an entry size, it was hard 1105 // coded 1106 m_kext_summary_header.entry_size = 1107 KERNEL_MODULE_ENTRY_SIZE_VERSION_1; 1108 } 1109 m_kext_summary_header.entry_count = data.GetU32(&offset); 1110 if (m_kext_summary_header.entry_count > 10000) { 1111 // If we get an improbably large number of kexts, we're probably 1112 // getting bad memory. 1113 Stream &s = m_process->GetTarget().GetDebugger().GetOutputStream(); 1114 s.Printf("WARNING: Unable to read kext summary header, got " 1115 "improbable number of kexts %u\n", 1116 m_kext_summary_header.entry_count); 1117 m_kext_summary_header_addr.Clear(); 1118 return false; 1119 } 1120 return true; 1121 } 1122 } 1123 } 1124 } 1125 m_kext_summary_header_addr.Clear(); 1126 return false; 1127 } 1128 1129 // We've either (a) just attached to a new kernel, or (b) the kexts-changed 1130 // breakpoint was hit and we need to figure out what kexts have been added or 1131 // removed. Read the kext summaries from the inferior kernel memory, compare 1132 // them against the m_known_kexts vector and update the m_known_kexts vector as 1133 // needed to keep in sync with the inferior. 1134 1135 bool DynamicLoaderDarwinKernel::ParseKextSummaries( 1136 const Address &kext_summary_addr, uint32_t count) { 1137 KextImageInfo::collection kext_summaries; 1138 Log *log = GetLog(LLDBLog::DynamicLoader); 1139 LLDB_LOGF(log, 1140 "Kexts-changed breakpoint hit, there are %d kexts currently.\n", 1141 count); 1142 1143 std::lock_guard<std::recursive_mutex> guard(m_mutex); 1144 1145 if (!ReadKextSummaries(kext_summary_addr, count, kext_summaries)) 1146 return false; 1147 1148 // read the plugin.dynamic-loader.darwin-kernel.load-kexts setting -- if the 1149 // user requested no kext loading, don't print any messages about kexts & 1150 // don't try to read them. 1151 const bool load_kexts = GetGlobalProperties().GetLoadKexts(); 1152 1153 // By default, all kexts we've loaded in the past are marked as "remove" and 1154 // all of the kexts we just found out about from ReadKextSummaries are marked 1155 // as "add". 1156 std::vector<bool> to_be_removed(m_known_kexts.size(), true); 1157 std::vector<bool> to_be_added(count, true); 1158 1159 int number_of_new_kexts_being_added = 0; 1160 int number_of_old_kexts_being_removed = m_known_kexts.size(); 1161 1162 const uint32_t new_kexts_size = kext_summaries.size(); 1163 const uint32_t old_kexts_size = m_known_kexts.size(); 1164 1165 // The m_known_kexts vector may have entries that have been Cleared, or are a 1166 // kernel. 1167 for (uint32_t old_kext = 0; old_kext < old_kexts_size; old_kext++) { 1168 bool ignore = false; 1169 KextImageInfo &image_info = m_known_kexts[old_kext]; 1170 if (image_info.IsKernel()) { 1171 ignore = true; 1172 } else if (image_info.GetLoadAddress() == LLDB_INVALID_ADDRESS && 1173 !image_info.GetModule()) { 1174 ignore = true; 1175 } 1176 1177 if (ignore) { 1178 number_of_old_kexts_being_removed--; 1179 to_be_removed[old_kext] = false; 1180 } 1181 } 1182 1183 // Scan over the list of kexts we just read from the kernel, note those that 1184 // need to be added and those already loaded. 1185 for (uint32_t new_kext = 0; new_kext < new_kexts_size; new_kext++) { 1186 bool add_this_one = true; 1187 for (uint32_t old_kext = 0; old_kext < old_kexts_size; old_kext++) { 1188 if (m_known_kexts[old_kext] == kext_summaries[new_kext]) { 1189 // We already have this kext, don't re-load it. 1190 to_be_added[new_kext] = false; 1191 // This kext is still present, do not remove it. 1192 to_be_removed[old_kext] = false; 1193 1194 number_of_old_kexts_being_removed--; 1195 add_this_one = false; 1196 break; 1197 } 1198 } 1199 // If this "kext" entry is actually an alias for the kernel -- the kext was 1200 // compiled into the kernel or something -- then we don't want to load the 1201 // kernel's text section at a different address. Ignore this kext entry. 1202 if (kext_summaries[new_kext].GetUUID().IsValid() && 1203 m_kernel.GetUUID().IsValid() && 1204 kext_summaries[new_kext].GetUUID() == m_kernel.GetUUID()) { 1205 to_be_added[new_kext] = false; 1206 break; 1207 } 1208 if (add_this_one) { 1209 number_of_new_kexts_being_added++; 1210 } 1211 } 1212 1213 if (number_of_new_kexts_being_added == 0 && 1214 number_of_old_kexts_being_removed == 0) 1215 return true; 1216 1217 Stream &s = m_process->GetTarget().GetDebugger().GetOutputStream(); 1218 if (load_kexts) { 1219 if (number_of_new_kexts_being_added > 0 && 1220 number_of_old_kexts_being_removed > 0) { 1221 s.Printf("Loading %d kext modules and unloading %d kext modules ", 1222 number_of_new_kexts_being_added, 1223 number_of_old_kexts_being_removed); 1224 } else if (number_of_new_kexts_being_added > 0) { 1225 s.Printf("Loading %d kext modules ", number_of_new_kexts_being_added); 1226 } else if (number_of_old_kexts_being_removed > 0) { 1227 s.Printf("Unloading %d kext modules ", number_of_old_kexts_being_removed); 1228 } 1229 } 1230 1231 if (log) { 1232 if (load_kexts) { 1233 LLDB_LOGF(log, 1234 "DynamicLoaderDarwinKernel::ParseKextSummaries: %d kexts " 1235 "added, %d kexts removed", 1236 number_of_new_kexts_being_added, 1237 number_of_old_kexts_being_removed); 1238 } else { 1239 LLDB_LOGF(log, 1240 "DynamicLoaderDarwinKernel::ParseKextSummaries kext loading is " 1241 "disabled, else would have %d kexts added, %d kexts removed", 1242 number_of_new_kexts_being_added, 1243 number_of_old_kexts_being_removed); 1244 } 1245 } 1246 1247 // Build up a list of <kext-name, uuid> for any kexts that fail to load 1248 std::vector<std::pair<std::string, UUID>> kexts_failed_to_load; 1249 if (number_of_new_kexts_being_added > 0) { 1250 ModuleList loaded_module_list; 1251 1252 const uint32_t num_of_new_kexts = kext_summaries.size(); 1253 for (uint32_t new_kext = 0; new_kext < num_of_new_kexts; new_kext++) { 1254 if (to_be_added[new_kext]) { 1255 KextImageInfo &image_info = kext_summaries[new_kext]; 1256 bool kext_successfully_added = true; 1257 if (load_kexts) { 1258 if (!image_info.LoadImageUsingMemoryModule(m_process)) { 1259 kexts_failed_to_load.push_back(std::pair<std::string, UUID>( 1260 kext_summaries[new_kext].GetName(), 1261 kext_summaries[new_kext].GetUUID())); 1262 image_info.LoadImageAtFileAddress(m_process); 1263 kext_successfully_added = false; 1264 } 1265 } 1266 1267 m_known_kexts.push_back(image_info); 1268 1269 if (image_info.GetModule() && 1270 m_process->GetStopID() == image_info.GetProcessStopId()) 1271 loaded_module_list.AppendIfNeeded(image_info.GetModule()); 1272 1273 if (load_kexts) { 1274 if (kext_successfully_added) 1275 s.Printf("."); 1276 else 1277 s.Printf("-"); 1278 } 1279 1280 if (log) 1281 kext_summaries[new_kext].PutToLog(log); 1282 } 1283 } 1284 m_process->GetTarget().ModulesDidLoad(loaded_module_list); 1285 } 1286 1287 if (number_of_old_kexts_being_removed > 0) { 1288 ModuleList loaded_module_list; 1289 const uint32_t num_of_old_kexts = m_known_kexts.size(); 1290 for (uint32_t old_kext = 0; old_kext < num_of_old_kexts; old_kext++) { 1291 ModuleList unloaded_module_list; 1292 if (to_be_removed[old_kext]) { 1293 KextImageInfo &image_info = m_known_kexts[old_kext]; 1294 // You can't unload the kernel. 1295 if (!image_info.IsKernel()) { 1296 if (image_info.GetModule()) { 1297 unloaded_module_list.AppendIfNeeded(image_info.GetModule()); 1298 } 1299 s.Printf("."); 1300 image_info.Clear(); 1301 // should pull it out of the KextImageInfos vector but that would 1302 // mutate the list and invalidate the to_be_removed bool vector; 1303 // leaving it in place once Cleared() is relatively harmless. 1304 } 1305 } 1306 m_process->GetTarget().ModulesDidUnload(unloaded_module_list, false); 1307 } 1308 } 1309 1310 if (load_kexts) { 1311 s.Printf(" done.\n"); 1312 if (kexts_failed_to_load.size() > 0 && number_of_new_kexts_being_added > 0) { 1313 s.Printf("Failed to load %d of %d kexts:\n", 1314 (int)kexts_failed_to_load.size(), 1315 number_of_new_kexts_being_added); 1316 // print a sorted list of <kext-name, uuid> kexts which failed to load 1317 unsigned longest_name = 0; 1318 std::sort(kexts_failed_to_load.begin(), kexts_failed_to_load.end()); 1319 for (const auto &ku : kexts_failed_to_load) { 1320 if (ku.first.size() > longest_name) 1321 longest_name = ku.first.size(); 1322 } 1323 for (const auto &ku : kexts_failed_to_load) { 1324 std::string uuid; 1325 if (ku.second.IsValid()) 1326 uuid = ku.second.GetAsString(); 1327 s.Printf(" %-*s %s\n", longest_name, ku.first.c_str(), uuid.c_str()); 1328 } 1329 } 1330 s.Flush(); 1331 } 1332 1333 return true; 1334 } 1335 1336 uint32_t DynamicLoaderDarwinKernel::ReadKextSummaries( 1337 const Address &kext_summary_addr, uint32_t image_infos_count, 1338 KextImageInfo::collection &image_infos) { 1339 const ByteOrder endian = m_kernel.GetByteOrder(); 1340 const uint32_t addr_size = m_kernel.GetAddressByteSize(); 1341 1342 image_infos.resize(image_infos_count); 1343 const size_t count = image_infos.size() * m_kext_summary_header.entry_size; 1344 DataBufferHeap data(count, 0); 1345 Status error; 1346 1347 const bool force_live_memory = true; 1348 const size_t bytes_read = m_process->GetTarget().ReadMemory( 1349 kext_summary_addr, data.GetBytes(), data.GetByteSize(), error, force_live_memory); 1350 if (bytes_read == count) { 1351 1352 DataExtractor extractor(data.GetBytes(), data.GetByteSize(), endian, 1353 addr_size); 1354 uint32_t i = 0; 1355 for (uint32_t kext_summary_offset = 0; 1356 i < image_infos.size() && 1357 extractor.ValidOffsetForDataOfSize(kext_summary_offset, 1358 m_kext_summary_header.entry_size); 1359 ++i, kext_summary_offset += m_kext_summary_header.entry_size) { 1360 lldb::offset_t offset = kext_summary_offset; 1361 const void *name_data = 1362 extractor.GetData(&offset, KERNEL_MODULE_MAX_NAME); 1363 if (name_data == nullptr) 1364 break; 1365 image_infos[i].SetName((const char *)name_data); 1366 UUID uuid(extractor.GetData(&offset, 16), 16); 1367 image_infos[i].SetUUID(uuid); 1368 image_infos[i].SetLoadAddress(extractor.GetU64(&offset)); 1369 image_infos[i].SetSize(extractor.GetU64(&offset)); 1370 } 1371 if (i < image_infos.size()) 1372 image_infos.resize(i); 1373 } else { 1374 image_infos.clear(); 1375 } 1376 return image_infos.size(); 1377 } 1378 1379 bool DynamicLoaderDarwinKernel::ReadAllKextSummaries() { 1380 std::lock_guard<std::recursive_mutex> guard(m_mutex); 1381 1382 if (ReadKextSummaryHeader()) { 1383 if (m_kext_summary_header.entry_count > 0 && 1384 m_kext_summary_header_addr.IsValid()) { 1385 Address summary_addr(m_kext_summary_header_addr); 1386 summary_addr.Slide(m_kext_summary_header.GetSize()); 1387 if (!ParseKextSummaries(summary_addr, 1388 m_kext_summary_header.entry_count)) { 1389 m_known_kexts.clear(); 1390 } 1391 return true; 1392 } 1393 } 1394 return false; 1395 } 1396 1397 // Dump an image info structure to the file handle provided. 1398 void DynamicLoaderDarwinKernel::KextImageInfo::PutToLog(Log *log) const { 1399 if (m_load_address == LLDB_INVALID_ADDRESS) { 1400 LLDB_LOG(log, "uuid={0} name=\"{1}\" (UNLOADED)", m_uuid.GetAsString(), 1401 m_name); 1402 } else { 1403 LLDB_LOG(log, "addr={0:x+16} size={1:x+16} uuid={2} name=\"{3}\"", 1404 m_load_address, m_size, m_uuid.GetAsString(), m_name); 1405 } 1406 } 1407 1408 // Dump the _dyld_all_image_infos members and all current image infos that we 1409 // have parsed to the file handle provided. 1410 void DynamicLoaderDarwinKernel::PutToLog(Log *log) const { 1411 if (log == nullptr) 1412 return; 1413 1414 std::lock_guard<std::recursive_mutex> guard(m_mutex); 1415 LLDB_LOGF(log, 1416 "gLoadedKextSummaries = 0x%16.16" PRIx64 1417 " { version=%u, entry_size=%u, entry_count=%u }", 1418 m_kext_summary_header_addr.GetFileAddress(), 1419 m_kext_summary_header.version, m_kext_summary_header.entry_size, 1420 m_kext_summary_header.entry_count); 1421 1422 size_t i; 1423 const size_t count = m_known_kexts.size(); 1424 if (count > 0) { 1425 log->PutCString("Loaded:"); 1426 for (i = 0; i < count; i++) 1427 m_known_kexts[i].PutToLog(log); 1428 } 1429 } 1430 1431 void DynamicLoaderDarwinKernel::PrivateInitialize(Process *process) { 1432 DEBUG_PRINTF("DynamicLoaderDarwinKernel::%s() process state = %s\n", 1433 __FUNCTION__, StateAsCString(m_process->GetState())); 1434 Clear(true); 1435 m_process = process; 1436 } 1437 1438 void DynamicLoaderDarwinKernel::SetNotificationBreakpointIfNeeded() { 1439 if (m_break_id == LLDB_INVALID_BREAK_ID && m_kernel.GetModule()) { 1440 DEBUG_PRINTF("DynamicLoaderDarwinKernel::%s() process state = %s\n", 1441 __FUNCTION__, StateAsCString(m_process->GetState())); 1442 1443 const bool internal_bp = true; 1444 const bool hardware = false; 1445 const LazyBool skip_prologue = eLazyBoolNo; 1446 FileSpecList module_spec_list; 1447 module_spec_list.Append(m_kernel.GetModule()->GetFileSpec()); 1448 Breakpoint *bp = 1449 m_process->GetTarget() 1450 .CreateBreakpoint(&module_spec_list, nullptr, 1451 "OSKextLoadedKextSummariesUpdated", 1452 eFunctionNameTypeFull, eLanguageTypeUnknown, 0, 1453 skip_prologue, internal_bp, hardware) 1454 .get(); 1455 1456 bp->SetCallback(DynamicLoaderDarwinKernel::BreakpointHitCallback, this, 1457 true); 1458 m_break_id = bp->GetID(); 1459 } 1460 } 1461 1462 // Member function that gets called when the process state changes. 1463 void DynamicLoaderDarwinKernel::PrivateProcessStateChanged(Process *process, 1464 StateType state) { 1465 DEBUG_PRINTF("DynamicLoaderDarwinKernel::%s(%s)\n", __FUNCTION__, 1466 StateAsCString(state)); 1467 switch (state) { 1468 case eStateConnected: 1469 case eStateAttaching: 1470 case eStateLaunching: 1471 case eStateInvalid: 1472 case eStateUnloaded: 1473 case eStateExited: 1474 case eStateDetached: 1475 Clear(false); 1476 break; 1477 1478 case eStateStopped: 1479 UpdateIfNeeded(); 1480 break; 1481 1482 case eStateRunning: 1483 case eStateStepping: 1484 case eStateCrashed: 1485 case eStateSuspended: 1486 break; 1487 } 1488 } 1489 1490 ThreadPlanSP 1491 DynamicLoaderDarwinKernel::GetStepThroughTrampolinePlan(Thread &thread, 1492 bool stop_others) { 1493 ThreadPlanSP thread_plan_sp; 1494 Log *log = GetLog(LLDBLog::Step); 1495 LLDB_LOGF(log, "Could not find symbol for step through."); 1496 return thread_plan_sp; 1497 } 1498 1499 Status DynamicLoaderDarwinKernel::CanLoadImage() { 1500 Status error; 1501 error.SetErrorString( 1502 "always unsafe to load or unload shared libraries in the darwin kernel"); 1503 return error; 1504 } 1505 1506 void DynamicLoaderDarwinKernel::Initialize() { 1507 PluginManager::RegisterPlugin(GetPluginNameStatic(), 1508 GetPluginDescriptionStatic(), CreateInstance, 1509 DebuggerInitialize); 1510 } 1511 1512 void DynamicLoaderDarwinKernel::Terminate() { 1513 PluginManager::UnregisterPlugin(CreateInstance); 1514 } 1515 1516 void DynamicLoaderDarwinKernel::DebuggerInitialize( 1517 lldb_private::Debugger &debugger) { 1518 if (!PluginManager::GetSettingForDynamicLoaderPlugin( 1519 debugger, DynamicLoaderDarwinKernelProperties::GetSettingName())) { 1520 const bool is_global_setting = true; 1521 PluginManager::CreateSettingForDynamicLoaderPlugin( 1522 debugger, GetGlobalProperties().GetValueProperties(), 1523 ConstString("Properties for the DynamicLoaderDarwinKernel plug-in."), 1524 is_global_setting); 1525 } 1526 } 1527 1528 llvm::StringRef DynamicLoaderDarwinKernel::GetPluginDescriptionStatic() { 1529 return "Dynamic loader plug-in that watches for shared library loads/unloads " 1530 "in the MacOSX kernel."; 1531 } 1532 1533 lldb::ByteOrder 1534 DynamicLoaderDarwinKernel::GetByteOrderFromMagic(uint32_t magic) { 1535 switch (magic) { 1536 case llvm::MachO::MH_MAGIC: 1537 case llvm::MachO::MH_MAGIC_64: 1538 return endian::InlHostByteOrder(); 1539 1540 case llvm::MachO::MH_CIGAM: 1541 case llvm::MachO::MH_CIGAM_64: 1542 if (endian::InlHostByteOrder() == lldb::eByteOrderBig) 1543 return lldb::eByteOrderLittle; 1544 else 1545 return lldb::eByteOrderBig; 1546 1547 default: 1548 break; 1549 } 1550 return lldb::eByteOrderInvalid; 1551 } 1552