xref: /xnu-11215.81.4/tests/kevent_info.c (revision d4514f0bc1d3f944c22d92e68b646ac3fb40d452) 
1*d4514f0bSApple OSS Distributions #include <stdio.h>
2*d4514f0bSApple OSS Distributions #include <assert.h>
3*d4514f0bSApple OSS Distributions #include <stdlib.h>
4*d4514f0bSApple OSS Distributions #include <unistd.h>
5*d4514f0bSApple OSS Distributions #include <mach/mach.h>
6*d4514f0bSApple OSS Distributions #include <pthread.h>
7*d4514f0bSApple OSS Distributions #include <sys/event.h>
8*d4514f0bSApple OSS Distributions #include <errno.h>
9*d4514f0bSApple OSS Distributions #include <string.h>
10*d4514f0bSApple OSS Distributions #include <libproc.h>
11*d4514f0bSApple OSS Distributions 
12*d4514f0bSApple OSS Distributions #include <darwintest.h>
13*d4514f0bSApple OSS Distributions 
14*d4514f0bSApple OSS Distributions T_GLOBAL_META(T_META_NAMESPACE("xnu.kevent"),
15*d4514f0bSApple OSS Distributions     T_META_RADAR_COMPONENT_NAME("xnu"),
16*d4514f0bSApple OSS Distributions     T_META_RADAR_COMPONENT_VERSION("kevent"));
17*d4514f0bSApple OSS Distributions 
18*d4514f0bSApple OSS Distributions extern int __proc_info(int32_t callnum, int32_t pid, uint32_t flavor, uint64_t arg, user_addr_t buffer, int32_t buffersize);
19*d4514f0bSApple OSS Distributions 
20*d4514f0bSApple OSS Distributions T_DECL(avoid_leaking_KASLR, "rdar://101248992", T_META_TAG_VM_PREFERRED) {
21*d4514f0bSApple OSS Distributions 	int kq = kqueue();
22*d4514f0bSApple OSS Distributions 	T_ASSERT_GE(kq, 0, "Valid kqueue");
23*d4514f0bSApple OSS Distributions 
24*d4514f0bSApple OSS Distributions 	mach_port_t sync_port = MACH_PORT_NULL, mq_port = MACH_PORT_NULL;
25*d4514f0bSApple OSS Distributions 	kern_return_t kr = KERN_SUCCESS;
26*d4514f0bSApple OSS Distributions 
27*d4514f0bSApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &sync_port);
28*d4514f0bSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated sync port");
29*d4514f0bSApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &mq_port);
30*d4514f0bSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated mq port");
31*d4514f0bSApple OSS Distributions 
32*d4514f0bSApple OSS Distributions 
33*d4514f0bSApple OSS Distributions 	/* Create a kmsg which has the receive right of mq port in it for later copy
34*d4514f0bSApple OSS Distributions 	 * out */
35*d4514f0bSApple OSS Distributions 	typedef struct msg_request_s {
36*d4514f0bSApple OSS Distributions 		mach_msg_header_t header;
37*d4514f0bSApple OSS Distributions 		mach_msg_body_t body;
38*d4514f0bSApple OSS Distributions 		mach_msg_port_descriptor_t port;
39*d4514f0bSApple OSS Distributions 	}* msg_request_t;
40*d4514f0bSApple OSS Distributions 
41*d4514f0bSApple OSS Distributions 	typedef struct msg_reply_s {
42*d4514f0bSApple OSS Distributions 		mach_msg_header_t header;
43*d4514f0bSApple OSS Distributions 		mach_msg_body_t body;
44*d4514f0bSApple OSS Distributions 		mach_msg_port_descriptor_t port;
45*d4514f0bSApple OSS Distributions 		mach_msg_trailer_t trailer;
46*d4514f0bSApple OSS Distributions 	}* msg_reply_t;
47*d4514f0bSApple OSS Distributions 
48*d4514f0bSApple OSS Distributions 	union {
49*d4514f0bSApple OSS Distributions 		struct msg_request_s request;
50*d4514f0bSApple OSS Distributions 		struct msg_reply_s reply;
51*d4514f0bSApple OSS Distributions 	} message;
52*d4514f0bSApple OSS Distributions 	memset(&message, 0, sizeof(message));
53*d4514f0bSApple OSS Distributions 
54*d4514f0bSApple OSS Distributions 	msg_request_t requestp = &message.request;
55*d4514f0bSApple OSS Distributions 	msg_reply_t replyp = &message.reply;
56*d4514f0bSApple OSS Distributions 
57*d4514f0bSApple OSS Distributions 	*requestp = (struct msg_request_s) {
58*d4514f0bSApple OSS Distributions 		.header = {
59*d4514f0bSApple OSS Distributions 			.msgh_bits = MACH_MSGH_BITS_SET(MACH_MSG_TYPE_MAKE_SEND_ONCE, 0, 0, MACH_MSGH_BITS_COMPLEX),
60*d4514f0bSApple OSS Distributions 			.msgh_remote_port = sync_port,
61*d4514f0bSApple OSS Distributions 			.msgh_local_port = MACH_PORT_NULL,
62*d4514f0bSApple OSS Distributions 			.msgh_voucher_port = MACH_PORT_NULL,
63*d4514f0bSApple OSS Distributions 			.msgh_size = sizeof(*requestp),
64*d4514f0bSApple OSS Distributions 			.msgh_id = 0x88888888,
65*d4514f0bSApple OSS Distributions 		},
66*d4514f0bSApple OSS Distributions 		.body = {
67*d4514f0bSApple OSS Distributions 			.msgh_descriptor_count = 1,
68*d4514f0bSApple OSS Distributions 		},
69*d4514f0bSApple OSS Distributions 		.port = {
70*d4514f0bSApple OSS Distributions 			.name = mq_port,
71*d4514f0bSApple OSS Distributions 			.type = MACH_MSG_PORT_DESCRIPTOR,
72*d4514f0bSApple OSS Distributions 			.disposition = MACH_MSG_TYPE_MOVE_RECEIVE,
73*d4514f0bSApple OSS Distributions 		},
74*d4514f0bSApple OSS Distributions 	};
75*d4514f0bSApple OSS Distributions 
76*d4514f0bSApple OSS Distributions 	/*
77*d4514f0bSApple OSS Distributions 	 *	Send the receive right of mq_port to sync_port for later copyout.
78*d4514f0bSApple OSS Distributions 	 */
79*d4514f0bSApple OSS Distributions 	kr = mach_msg(&requestp->header, MACH_SEND_MSG, sizeof(*requestp), 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
80*d4514f0bSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "sending message to sync port");
81*d4514f0bSApple OSS Distributions 
82*d4514f0bSApple OSS Distributions 	/*
83*d4514f0bSApple OSS Distributions 	 * The EV_DISPATCH is required that can pass filt_machport_kqueue_has_turnstile().
84*d4514f0bSApple OSS Distributions 	 * The received message will be copied out to replyp.
85*d4514f0bSApple OSS Distributions 	 * In filt_machport_stash_port(), the value in ext[3] will be set to the mq_port object.
86*d4514f0bSApple OSS Distributions 	 */
87*d4514f0bSApple OSS Distributions 	struct kevent_qos_s req_event = {
88*d4514f0bSApple OSS Distributions 		.ident = sync_port,
89*d4514f0bSApple OSS Distributions 		.filter = EVFILT_MACHPORT,
90*d4514f0bSApple OSS Distributions 		.flags = EV_ADD | EV_DISPATCH,
91*d4514f0bSApple OSS Distributions 		.fflags = MACH_RCV_MSG,
92*d4514f0bSApple OSS Distributions 		.ext = {
93*d4514f0bSApple OSS Distributions 			[0] = (uint64_t)replyp,
94*d4514f0bSApple OSS Distributions 			[1] = sizeof(*replyp),
95*d4514f0bSApple OSS Distributions 		},
96*d4514f0bSApple OSS Distributions 	};
97*d4514f0bSApple OSS Distributions 	struct kevent_qos_s reply_event = {};
98*d4514f0bSApple OSS Distributions 
99*d4514f0bSApple OSS Distributions 	int nevents = kevent_qos(kq, &req_event, 1, &reply_event, 1, NULL, NULL, 0);
100*d4514f0bSApple OSS Distributions 	T_ASSERT_EQ(nevents, 1, NULL);
101*d4514f0bSApple OSS Distributions 	T_ASSERT_EQ(replyp->body.msgh_descriptor_count, 1, NULL);
102*d4514f0bSApple OSS Distributions 	assert(MACH_PORT_VALID(replyp->port.name) && replyp->port.disposition == MACH_MSG_TYPE_MOVE_RECEIVE);
103*d4514f0bSApple OSS Distributions 
104*d4514f0bSApple OSS Distributions 	struct kevent_extinfo extinfo;
105*d4514f0bSApple OSS Distributions 	int knotes = __proc_info(PROC_INFO_CALL_PIDFDINFO, getpid(), PROC_PIDFDKQUEUE_EXTINFO, kq, (user_addr_t)&extinfo, sizeof(extinfo));
106*d4514f0bSApple OSS Distributions 	T_ASSERT_EQ(knotes, 1, NULL);
107*d4514f0bSApple OSS Distributions 	T_ASSERT_EQ(extinfo.kqext_kev.ident, sync_port, NULL);
108*d4514f0bSApple OSS Distributions 
109*d4514f0bSApple OSS Distributions 	uint64_t leaked_addr = extinfo.kqext_kev.ext[3];
110*d4514f0bSApple OSS Distributions 	T_ASSERT_EQ(leaked_addr, NULL, "Leaked kernel address");
111*d4514f0bSApple OSS Distributions }
112