1 #ifdef T_NAMESPACE
2 #undef T_NAMESPACE
3 #endif
4
5 #include <mach/arm/thread_status.h>
6 #include <mach/mach_traps.h>
7 #include <mach-o/dyld.h>
8 #include <mach/mach.h>
9 #include <mach/task.h>
10
11 #include <darwintest.h>
12 #include <dispatch/dispatch.h>
13 #include <stdlib.h>
14
15 #include <signal.h>
16 #include <spawn.h>
17 #include <spawn_private.h>
18 #include <stdatomic.h>
19
20 #include <excserver.h>
21 #include <sys/ptrace.h>
22 #include <sys/syslimits.h>
23
24 #define SYNC_TIMEOUT dispatch_time(DISPATCH_TIME_NOW, 10 * NSEC_PER_SEC)
25
26 static dispatch_semaphore_t sync_sema;
27 static _Atomic bool after_kill;
28
29 kern_return_t
catch_mach_exception_raise(mach_port_t exception_port,mach_port_t thread,mach_port_t task,exception_type_t exception,mach_exception_data_t code,mach_msg_type_number_t code_count)30 catch_mach_exception_raise(mach_port_t exception_port,
31 mach_port_t thread,
32 mach_port_t task,
33 exception_type_t exception,
34 mach_exception_data_t code,
35 mach_msg_type_number_t code_count)
36 {
37 #pragma unused(exception_port, thread, task, code, code_count)
38 if (exception == EXC_BREAKPOINT || (exception == EXC_CRASH && atomic_load_explicit(&after_kill,
39 memory_order_seq_cst))) {
40 T_LOG("Received exception %d", exception);
41 dispatch_semaphore_signal(sync_sema);
42 return KERN_SUCCESS;
43 }
44
45 T_FAIL("invalid exception type: %d", exception);
46
47 return KERN_FAILURE;
48 }
49
50 kern_return_t
catch_mach_exception_raise_state(mach_port_t exception_port,exception_type_t exception,const mach_exception_data_t code,mach_msg_type_number_t code_count,int * flavor,const thread_state_t old_state,mach_msg_type_number_t old_state_count,thread_state_t new_state,mach_msg_type_number_t * new_state_count)51 catch_mach_exception_raise_state(mach_port_t exception_port,
52 exception_type_t exception,
53 const mach_exception_data_t code,
54 mach_msg_type_number_t code_count,
55 int * flavor,
56 const thread_state_t old_state,
57 mach_msg_type_number_t old_state_count,
58 thread_state_t new_state,
59 mach_msg_type_number_t * new_state_count)
60 {
61 #pragma unused(exception_port, exception, code, code_count, flavor, old_state, old_state_count, new_state, new_state_count)
62 T_FAIL("Unsupported catch_mach_exception_raise_state");
63 return KERN_NOT_SUPPORTED;
64 }
65
66 kern_return_t
catch_mach_exception_raise_state_identity(mach_port_t exception_port,mach_port_t thread,mach_port_t task,exception_type_t exception,mach_exception_data_t code,mach_msg_type_number_t code_count,int * flavor,thread_state_t old_state,mach_msg_type_number_t old_state_count,thread_state_t new_state,mach_msg_type_number_t * new_state_count)67 catch_mach_exception_raise_state_identity(mach_port_t exception_port,
68 mach_port_t thread,
69 mach_port_t task,
70 exception_type_t exception,
71 mach_exception_data_t code,
72 mach_msg_type_number_t code_count,
73 int * flavor,
74 thread_state_t old_state,
75 mach_msg_type_number_t old_state_count,
76 thread_state_t new_state,
77 mach_msg_type_number_t * new_state_count)
78 {
79 #pragma unused(exception_port, thread, task, exception, code, code_count, flavor, old_state, old_state_count, new_state, new_state_count)
80 T_FAIL("Unsupported catch_mach_exception_raise_state_identity");
81 return KERN_NOT_SUPPORTED;
82 }
83
84 static void *
exc_handler(void * arg)85 exc_handler(void * arg)
86 {
87 #pragma unused(arg)
88 kern_return_t kret;
89 mach_port_t exception_port;
90
91 kret = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &exception_port);
92 if (kret != KERN_SUCCESS) {
93 T_FAIL("mach_port_allocate: %s (%d)", mach_error_string(kret), kret);
94 }
95
96 kret = mach_port_insert_right(mach_task_self(), exception_port, exception_port, MACH_MSG_TYPE_MAKE_SEND);
97 if (kret != KERN_SUCCESS) {
98 T_FAIL("mach_port_insert_right: %s (%d)", mach_error_string(kret), kret);
99 }
100
101 kret = task_set_exception_ports(mach_task_self(), EXC_MASK_CRASH | EXC_MASK_BREAKPOINT, exception_port,
102 (exception_behavior_t)(EXCEPTION_DEFAULT | MACH_EXCEPTION_CODES), 0);
103 if (kret != KERN_SUCCESS) {
104 T_FAIL("task_set_exception_ports: %s (%d)", mach_error_string(kret), kret);
105 }
106
107 dispatch_semaphore_signal(sync_sema);
108
109 kret = mach_msg_server(mach_exc_server, MACH_MSG_SIZE_RELIABLE, exception_port, 0);
110 if (kret != KERN_SUCCESS) {
111 T_FAIL("mach_msg_server: %s (%d)", mach_error_string(kret), kret);
112 }
113
114 return NULL;
115 }
116
117 T_HELPER_DECL(hw_breakpoint_helper, "hw_breakpoint_helper")
118 {
119 while (1) {
120 sleep(1);
121 }
122 }
123
124 // Single instruction step
125 // (SS bit in the MDSCR_EL1 register)
126 #define SS_ENABLE ((uint32_t)(1u))
127
128 static void
step_thread(mach_port_name_t task,thread_t thread)129 step_thread(mach_port_name_t task, thread_t thread)
130 {
131 kern_return_t kr;
132
133 arm_debug_state64_t dbg;
134 mach_msg_type_number_t count = ARM_DEBUG_STATE64_COUNT;
135
136 kr = thread_get_state(thread, ARM_DEBUG_STATE64,
137 (thread_state_t)&dbg, &count);
138 T_ASSERT_MACH_SUCCESS(kr, "get debug state for target thread");
139
140 dbg.__mdscr_el1 |= SS_ENABLE;
141
142 kr = thread_set_state(thread, ARM_DEBUG_STATE64,
143 (thread_state_t)&dbg, count);
144 T_ASSERT_MACH_SUCCESS(kr, "set debug state for target thread");
145
146 kr = task_resume(task);
147 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "resume target task");
148
149 long err = dispatch_semaphore_wait(sync_sema, SYNC_TIMEOUT);
150 T_QUIET; T_ASSERT_EQ(err, 0L, "dispatch_semaphore_wait timeout");
151 }
152
153 T_DECL(hw_breakpoint_step, "Ensures that a process can be single-stepped using thread_set_state / ARM_DEBUG_STATE64", T_META_ASROOT(true),
154 T_META_OWNER("Samuel Lepetit <[email protected]>"))
155 {
156 kern_return_t kr;
157 pthread_t handle_thread;
158 sync_sema = dispatch_semaphore_create(0);
159
160 T_ASSERT_POSIX_ZERO(pthread_create(&handle_thread, NULL, exc_handler, NULL), "pthread_create");
161 long err = dispatch_semaphore_wait(sync_sema, SYNC_TIMEOUT);
162 T_QUIET; T_ASSERT_EQ(err, 0L, "dispatch_semaphore_wait timeout");
163
164 pid_t pid;
165 char path[PATH_MAX];
166 uint32_t path_size = sizeof(path);
167
168 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath");
169
170 char *args[] = { path, "-n", "hw_breakpoint_helper", NULL };
171 T_EXPECT_POSIX_ZERO(posix_spawn(&pid, args[0], NULL, NULL, args, NULL), "posix_spawn helper");
172
173 mach_port_name_t task;
174 kr = task_for_pid(mach_task_self(), pid, &task);
175 T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_for_pid");
176
177 T_ASSERT_POSIX_SUCCESS(ptrace(PT_ATTACHEXC, pid, 0, 0), "ptrace");
178
179 kr = task_suspend(task);
180 T_QUIET; T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_suspend");
181
182 thread_array_t threads = NULL;
183 mach_msg_type_number_t thread_count;
184 kr = task_threads(task, &threads, &thread_count);
185 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "task_threads");
186
187 step_thread(task, threads[0]);
188
189 kr = task_suspend(task);
190 T_QUIET; T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_suspend");
191
192 step_thread(task, threads[0]);
193
194 atomic_store_explicit(&after_kill, 1, memory_order_seq_cst);
195 T_ASSERT_POSIX_ZERO(kill(pid, SIGKILL), "kill target process");
196 }
197