OcAppleKernelLib: Make more progress with KC context init

Include/Acidanthera/Library/OcAppleKernelLib.h

@@ -101,6 +101,18 @@ typedef struct {
   //
   MACH_SECTION_64          *PrelinkedTextSection;
   //
+  // Mach-O context for inner prelinkedkernel (for KC mode).
+  //
+  OC_MACHO_CONTEXT         InnerMachContext;
+  //
+  // Pointer to PRELINK_INFO_SEGMENT in the inner prelinkedkernel.
+  //
+  MACH_SEGMENT_COMMAND_64  *InnerInfoSegment;
+  //
+  // Pointer to PRELINK_INFO_SECTION in the inner prelinkedkernel.
+  //
+  MACH_SECTION_64          *InnerInfoSection;
+  //
   // Copy of prelinkedkernel PRELINK_INFO_SECTION used for XML_DOCUMENT.
   // Freed upon context destruction.
   //
@@ -138,6 +150,10 @@ typedef struct {
   // This is a sublist of PrelinkedKexts.
   //
   LIST_ENTRY               InjectedKexts;
+  //
+  // Whether this kernel is a kernel collection (used by macOS 11.0+).
+  //
+  BOOLEAN                  IsKernelCollection;
 } PRELINKED_CONTEXT;
 
 //

Library/OcAppleKernelLib/KernelCollection.c

@@ -85,7 +85,7 @@ InternalKcWriteCommandHeaders (
     // Write 8-byte aligned fileset command.
     //
     Command.FilesetEntry->CommandType = MACH_LOAD_COMMAND_FILESET_ENTRY;
-    Command.FilesetEntry->CommandSize = ALIGN_VALUE (sizeof (MACH_FILESET_ENTRY_COMMAND) + StringSize, 8);
+    Command.FilesetEntry->CommandSize = (UINT32) ALIGN_VALUE (sizeof (MACH_FILESET_ENTRY_COMMAND) + StringSize, 8);
     Command.FilesetEntry->VirtualAddress = PrelinkedKext->Context.VirtualBase;
     Segment = MachoGetNextSegment64 (&PrelinkedKext->Context.MachContext, NULL);
     ASSERT (Segment != NULL);
@@ -294,7 +294,7 @@ InternalKcInitSegmentFixupChains (
   SegChain->PointerFormat   = MACH_DYLD_CHAINED_PTR_X86_64_KERNEL_CACHE;
   SegChain->SegmentOffset   = Segment->VirtualAddress;
   SegChain->MaxValidPointer = 0;
-  SegChain->PageCount       = Segment->Size / MACHO_PAGE_SIZE;
+  SegChain->PageCount       = (UINT16) (Segment->Size / MACHO_PAGE_SIZE);
   //
   // Initialise all pages with no associated fixups.
   //
@@ -413,7 +413,7 @@ InternalKcConvertRelocToFixup (
       IterFixupData       = SegmentPageData + IterFixupPageOffset;
 
       CopyMem (&IterFixup, IterFixupData, sizeof (IterFixup));
-      NextIterFixupPageOffset = IterFixupPageOffset + IterFixup.Next;
+      NextIterFixupPageOffset = (UINT16) (IterFixupPageOffset + IterFixup.Next);
     } while (NextIterFixupPageOffset < NewFixupPageOffset && IterFixup.Next != 0);
 
     FixupDelta = NewFixupPageOffset - IterFixupPageOffset;

Library/OcAppleKernelLib/PrelinkedContext.c

@@ -145,6 +145,40 @@ PrelinkedFindKmodAddress (
   return TRUE;
 }
 
+STATIC
+EFI_STATUS
+PrelinkedGetSegmentsFromMacho (
+  IN   OC_MACHO_CONTEXT         *MachoContext,
+  OUT  MACH_SEGMENT_COMMAND_64  **PrelinkedInfoSegment,
+  OUT  MACH_SECTION_64          **PrelinkedInfoSection
+  )
+{
+  *PrelinkedInfoSegment = MachoGetSegmentByName64 (
+    MachoContext,
+    PRELINK_INFO_SEGMENT
+    );
+  if (*PrelinkedInfoSegment == NULL) {
+    return EFI_NOT_FOUND;
+  }
+  if ((*PrelinkedInfoSegment)->FileOffset > MAX_UINT32) {
+    return EFI_UNSUPPORTED;
+  }
+
+  *PrelinkedInfoSection = MachoGetSectionByName64 (
+    MachoContext,
+    *PrelinkedInfoSegment,
+    PRELINK_INFO_SECTION
+    );
+  if (*PrelinkedInfoSection == NULL) {
+    return EFI_NOT_FOUND;
+  }
+  if ((*PrelinkedInfoSection)->Size > MAX_UINT32) {
+    return EFI_UNSUPPORTED;
+  }
+
+  return EFI_SUCCESS;
+}
+
 EFI_STATUS
 PrelinkedContextInit (
   IN OUT  PRELINKED_CONTEXT  *Context,
@@ -153,10 +187,14 @@ PrelinkedContextInit (
   IN      UINT32             PrelinkedAllocSize
   )
 {
-  XML_NODE     *PrelinkedInfoRoot;
-  CONST CHAR8  *PrelinkedInfoRootKey;
-  UINT32       PrelinkedInfoRootIndex;
-  UINT32       PrelinkedInfoRootCount;
+  EFI_STATUS               Status;
+  MACH_HEADER_64           *Header;
+  MACH_SEGMENT_COMMAND_64  *Segment;
+  XML_NODE                 *DocumentRoot;
+  XML_NODE                 *PrelinkedInfoRoot;
+  CONST CHAR8              *PrelinkedInfoRootKey;
+  UINT32                   PrelinkedInfoRootIndex;
+  UINT32                   PrelinkedInfoRootCount;
 
   ASSERT (Context != NULL);
   ASSERT (Prelinked != NULL);
@@ -169,15 +207,6 @@ PrelinkedContextInit (
   Context->PrelinkedSize      = MACHO_ALIGN (PrelinkedSize);
   Context->PrelinkedAllocSize = PrelinkedAllocSize;
 
-  //
-  // Initialize kext list with kernel pseudo kext.
-  //
-  InitializeListHead (&Context->PrelinkedKexts);
-  InitializeListHead (&Context->InjectedKexts);
-  if (InternalCachedPrelinkedKernel (Context) == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-
   //
   // Ensure that PrelinkedSize is always aligned.
   //
@@ -189,36 +218,63 @@ PrelinkedContextInit (
     ZeroMem (&Prelinked[PrelinkedSize], Context->PrelinkedSize - PrelinkedSize);
   }
 
+  //
+  // Initialise primary context.
+  //
   if (!MachoInitializeContext (&Context->PrelinkedMachContext, Prelinked, PrelinkedSize)) {
     return EFI_INVALID_PARAMETER;
   }
 
+  //
+  // Detect kernel type.
+  //
+  Header = MachoGetMachHeader64 (&Context->PrelinkedMachContext);
+  Context->IsKernelCollection = Header->FileType == MachHeaderFileTypeFileSet;
+
+  //
+  // When dealing with the kernel collections the actual kernel is pointed by one of the segments.
+  //
+  if (Context->IsKernelCollection) {
+    Segment = MachoGetSegmentByName64 (
+      &Context->PrelinkedMachContext,
+      "__TEXT_EXEC"
+      );
+    if (Segment == NULL || Segment->VirtualAddress < Segment->FileOffset) {
+      return EFI_INVALID_PARAMETER;
+    }
+
+    if (!MachoInitializeContext (
+      &Context->InnerMachContext,
+      &Context->Prelinked[Segment->FileOffset],
+      Context->PrelinkedSize - Segment->FileOffset)) {
+      return EFI_INVALID_PARAMETER;
+    }
+  }
+
+  //
+  // Initialize kext list with kernel pseudo kext.
+  //
+  InitializeListHead (&Context->PrelinkedKexts);
+  InitializeListHead (&Context->InjectedKexts);
+  if (InternalCachedPrelinkedKernel (Context) == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   Context->PrelinkedLastAddress = MACHO_ALIGN (MachoGetLastAddress64 (&Context->PrelinkedMachContext));
   if (Context->PrelinkedLastAddress == 0) {
     return EFI_INVALID_PARAMETER;
   }
 
-  Context->PrelinkedInfoSegment = MachoGetSegmentByName64 (
+  //
+  // Register normal segment entries.
+  //
+  Status = PrelinkedGetSegmentsFromMacho (
     &Context->PrelinkedMachContext,
-    PRELINK_INFO_SEGMENT
+    &Context->PrelinkedInfoSegment,
+    &Context->PrelinkedInfoSection
     );
-  if (Context->PrelinkedInfoSegment == NULL) {
-    return EFI_NOT_FOUND;
-  }
-  if (Context->PrelinkedInfoSegment->FileOffset > MAX_UINT32) {
-    return EFI_UNSUPPORTED;
-  }
-
-  Context->PrelinkedInfoSection = MachoGetSectionByName64 (
-    &Context->PrelinkedMachContext,
-    Context->PrelinkedInfoSegment,
-    PRELINK_INFO_SECTION
-    );
-  if (Context->PrelinkedInfoSection == NULL) {
-    return EFI_NOT_FOUND;
-  }
-  if (Context->PrelinkedInfoSection->Size > MAX_UINT32) {
-    return EFI_UNSUPPORTED;
+  if (EFI_ERROR (Status)) {
+    return Status;
   }
 
   Context->PrelinkedTextSegment = MachoGetSegmentByName64 (
@@ -238,6 +294,20 @@ PrelinkedContextInit (
     return EFI_NOT_FOUND;
   }
 
+  //
+  // Additionally process inner entries for KC.
+  //
+  if (Context->IsKernelCollection) {
+    Status = PrelinkedGetSegmentsFromMacho (
+      &Context->InnerMachContext,
+      &Context->InnerInfoSegment,
+      &Context->InnerInfoSection
+      );
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+  }
+
   Context->PrelinkedInfo = AllocateCopyPool (
     (UINTN)Context->PrelinkedInfoSection->Size,
     &Context->Prelinked[Context->PrelinkedInfoSection->Offset]
@@ -252,7 +322,17 @@ PrelinkedContextInit (
     return EFI_INVALID_PARAMETER;
   }
 
-  PrelinkedInfoRoot = PlistNodeCast (XmlDocumentRoot (Context->PrelinkedInfoDocument), PLIST_NODE_TYPE_DICT);
+  //
+  // For a kernel collection the this is a full plist, while for legacy prelinked format
+  // it starts with a <dict> node.
+  //
+  if (Context->IsKernelCollection) {
+    DocumentRoot = PlistDocumentRoot (Context->PrelinkedInfoDocument);
+  } else {
+    DocumentRoot = XmlDocumentRoot (Context->PrelinkedInfoDocument);
+  }
+
+  PrelinkedInfoRoot = PlistNodeCast (DocumentRoot, PLIST_NODE_TYPE_DICT);
   if (PrelinkedInfoRoot == NULL) {
     PrelinkedContextFree (Context);
     return EFI_INVALID_PARAMETER;
@@ -368,17 +448,6 @@ PrelinkedInjectPrepare (
 {
   UINT64  SegmentEndOffset;
 
-  //
-  // Plist info is normally the last segment, so we may potentially save
-  // some data by removing it and then appending new kexts over.
-  //
-
-  SegmentEndOffset = Context->PrelinkedInfoSegment->FileOffset + Context->PrelinkedInfoSegment->FileSize;
-
-  if (MACHO_ALIGN (SegmentEndOffset) == Context->PrelinkedSize) {
-    Context->PrelinkedSize = (UINT32) MACHO_ALIGN (Context->PrelinkedInfoSegment->FileOffset);
-  }
-
   Context->PrelinkedInfoSegment->VirtualAddress = 0;
   Context->PrelinkedInfoSegment->Size           = 0;
   Context->PrelinkedInfoSegment->FileOffset     = 0;
@@ -387,6 +456,31 @@ PrelinkedInjectPrepare (
   Context->PrelinkedInfoSection->Size           = 0;
   Context->PrelinkedInfoSection->Offset         = 0;
 
+  if (Context->IsKernelCollection) {
+    Context->InnerInfoSegment->VirtualAddress = 0;
+    Context->InnerInfoSegment->Size           = 0;
+    Context->InnerInfoSegment->FileOffset     = 0;
+    Context->InnerInfoSegment->FileSize       = 0;
+    Context->InnerInfoSection->Address        = 0;
+    Context->InnerInfoSection->Size           = 0;
+    Context->InnerInfoSection->Offset         = 0;
+
+    return EFI_SUCCESS;
+  }
+
+  //
+  // For older variant of the prelinkedkernel plist info is normally
+  // the last segment, so we may potentially save some data by removing
+  // it and then appending new kexts over. This is different for KC,
+  // where plist info is in the middle of the file.
+  //
+
+  SegmentEndOffset = Context->PrelinkedInfoSegment->FileOffset + Context->PrelinkedInfoSegment->FileSize;
+
+  if (MACHO_ALIGN (SegmentEndOffset) == Context->PrelinkedSize) {
+    Context->PrelinkedSize = (UINT32) MACHO_ALIGN (Context->PrelinkedInfoSegment->FileOffset);
+  }
+
   Context->PrelinkedLastAddress = MACHO_ALIGN (MachoGetLastAddress64 (&Context->PrelinkedMachContext));
   if (Context->PrelinkedLastAddress == 0) {
     return EFI_INVALID_PARAMETER;
@@ -395,7 +489,6 @@ PrelinkedInjectPrepare (
   //
   // Prior to plist there usually is prelinked text. 
   //
-
   SegmentEndOffset = Context->PrelinkedTextSegment->FileOffset + Context->PrelinkedTextSegment->FileSize;
 
   if (MACHO_ALIGN (SegmentEndOffset) != Context->PrelinkedSize) {

Library/OcAppleKernelLib/PrelinkedKext.c

@@ -603,9 +603,32 @@ InternalCachedPrelinkedKernel (
   ASSERT (Prelinked->Prelinked != NULL);
   ASSERT (Prelinked->PrelinkedSize > 0);
 
-  if (!MachoInitializeContext (&NewKext->Context.MachContext, &Prelinked->Prelinked[0], Prelinked->PrelinkedSize)) {
-    FreePool (NewKext);
-    return NULL;
+  //
+  // When dealing with the kernel collections the actual kernel is pointed by one of the segments.
+  //
+  if (Prelinked->IsKernelCollection) {
+    Segment = MachoGetSegmentByName64 (
+      &Prelinked->PrelinkedMachContext,
+      "__TEXT_EXEC"
+      );
+    if (Segment == NULL || Segment->VirtualAddress < Segment->FileOffset) {
+      FreePool (NewKext);
+      return NULL;
+    }
+
+    if (!MachoInitializeContext (
+      &NewKext->Context.MachContext,
+      &Prelinked->Prelinked[Segment->FileOffset],
+      Prelinked->PrelinkedSize - Segment->FileOffset)) {
+      FreePool (NewKext);
+      return NULL;
+    }
+  } else {
+    CopyMem (
+      &NewKext->Context.MachContext,
+      &Prelinked->PrelinkedMachContext,
+      sizeof (NewKext->Context.MachContext)
+      );
   }
 
   Segment = MachoGetSegmentByName64 (

Utilities/TestKernelCollection/KernelCollection.c

@@ -16,12 +16,14 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/OcMachoLib.h>
 #include <Library/OcMiscLib.h>
+#include <Library/OcAppleKernelLib.h>
 #include <Library/DebugLib.h>
 
 #include <string.h>
 #include <sys/time.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <stdlib.h>
 
 #include <File.h>
 
@@ -35,6 +37,15 @@
  rm -rf Macho.dSYM DICT fuzz*.log Macho
 */
 
+extern UINT8 LiluKextData[];
+extern UINT32 LiluKextDataSize;
+extern CHAR8 LiluKextInfoPlistData[];
+extern UINT32 LiluKextInfoPlistDataSize;
+extern UINT8 VsmcKextData[];
+extern UINT32 VsmcKextDataSize;
+extern CHAR8 VsmcKextInfoPlistData[];
+extern UINT32 VsmcKextInfoPlistDataSize;
+
 static int FeedMacho(void *file, uint32_t size) {
   OC_MACHO_CONTEXT Context;
   if (!MachoInitializeContext (&Context, file, size)) {
@@ -83,16 +94,109 @@ __LINKEDIT     __LINKEDIT     __REGIONX      (new kext)
   return 0;
 }
 
+EFI_STATUS
+GetFileData (
+  IN  EFI_FILE_PROTOCOL  *File,
+  IN  UINT32             Position,
+  IN  UINT32             Size,
+  OUT UINT8              *Buffer
+  )
+{
+  abort();
+  return EFI_SUCCESS;
+}
+
+EFI_STATUS
+GetFileSize (
+  IN  EFI_FILE_PROTOCOL  *File,
+  OUT UINT32             *Size
+  )
+{
+  abort();
+  return EFI_SUCCESS;
+}
+
+
 int main(int argc, char** argv) {
-  uint32_t f;
-  uint8_t *b;
-  if ((b = readFile(argc > 1 ? argv[1] : "/System/Library/KernelCollections/BootKernelExtensions.kc", &f)) == NULL) {
+  uint32_t PrelinkedSize;
+  uint8_t *Prelinked;
+  UINT32 AllocSize;
+  PRELINKED_CONTEXT Context;
+
+  if ((Prelinked = readFile(argc > 1 ? argv[1] : "/System/Library/KernelCollections/BootKernelExtensions.kc", &PrelinkedSize)) == NULL) {
     printf("Read fail\n");
     return -1;
   }
 
-  FeedMacho (b, f);
-  free(b);
+
+  AllocSize = MACHO_ALIGN (PrelinkedSize + 1*1024*1024);
+
+  Prelinked = realloc (Prelinked, AllocSize);
+  if (Prelinked == NULL) {
+    printf("Realloc fail\n");
+    abort();
+    return -1;
+  }
+
+#if 0
+  ApplyKernelPatches (Prelinked, PrelinkedSize);
+#endif
+
+  EFI_STATUS Status = PrelinkedContextInit (&Context, Prelinked, PrelinkedSize, AllocSize);
+
+  if (!EFI_ERROR (Status)) {
+
+    Status = PrelinkedInjectPrepare (&Context);
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_WARN, "Prelink inject prepare error %r\n", Status));
+      return -1;
+    }
+
+    Status = PrelinkedInjectKext (
+      &Context,
+      "/Library/Extensions/Lilu.kext",
+      LiluKextInfoPlistData,
+      LiluKextInfoPlistDataSize,
+      "Contents/MacOS/Lilu",
+      LiluKextData,
+      LiluKextDataSize
+      );
+
+    DEBUG ((DEBUG_WARN, "%a injected - %r\n", "Lilu.kext", Status));
+
+
+    Status = PrelinkedInjectKext (
+      &Context,
+      "/Library/Extensions/VirtualSMC.kext",
+      VsmcKextInfoPlistData,
+      VsmcKextInfoPlistDataSize,
+      "Contents/MacOS/VirtualSMC",
+      VsmcKextData,
+      VsmcKextDataSize
+      );
+
+    DEBUG ((DEBUG_WARN, "VirtualSMC.kext injected - %r\n", Status));
+
+    Status = PrelinkedInjectComplete (&Context);
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_WARN, "Prelink inject complete error %r\n", Status));
+    }
+
+    writeFile("out.bin", Prelinked, Context.PrelinkedSize);
+    if (!EFI_ERROR (Status)) {
+      printf("All good\n");
+    } else {
+      printf("Inject error\n");
+    }
+
+    PrelinkedContextFree (&Context);
+  } else {
+    DEBUG ((DEBUG_WARN, "Context creation error %r\n", Status));
+  }
+
+  free(Prelinked);
+ 
   return 0;
 }
 

Utilities/TestKernelCollection/Makefile

@@ -5,5 +5,20 @@
 
 PROJECT = KernelCollection
 PRODUCT = $(PROJECT)$(SUFFIX)
-OBJS    = $(PROJECT).o
+OBJS    = $(PROJECT).o \
+	Lilu.o \
+	Vsmc.o \
+	KextPatcher.o \
+	PrelinkedKext.o \
+	PrelinkedContext.o \
+	Vtables.o \
+	Link.o \
+	KernelReader.o \
+	DataPatcher.o \
+	lzss.o \
+	lzvn.o
+VPATH   = ../../Library/OcAppleKernelLib:$\
+	../../Library/OcMiscLib:$\
+	../../Library/OcCompressionLib/lzss:$\
+	../../Library/OcCompressionLib/lzvn
 include ../../User/Makefile