xref: /xnu-11417.121.6/tests/kevent_info.c (revision a1e26a70f38d1d7daa7b49b258e2f8538ad81650) 
1*a1e26a70SApple OSS Distributions #include <stdio.h>
2*a1e26a70SApple OSS Distributions #include <assert.h>
3*a1e26a70SApple OSS Distributions #include <stdlib.h>
4*a1e26a70SApple OSS Distributions #include <unistd.h>
5*a1e26a70SApple OSS Distributions #include <mach/mach.h>
6*a1e26a70SApple OSS Distributions #include <pthread.h>
7*a1e26a70SApple OSS Distributions #include <sys/event.h>
8*a1e26a70SApple OSS Distributions #include <errno.h>
9*a1e26a70SApple OSS Distributions #include <string.h>
10*a1e26a70SApple OSS Distributions #include <libproc.h>
11*a1e26a70SApple OSS Distributions 
12*a1e26a70SApple OSS Distributions #include <darwintest.h>
13*a1e26a70SApple OSS Distributions 
14*a1e26a70SApple OSS Distributions T_GLOBAL_META(T_META_NAMESPACE("xnu.kevent"),
15*a1e26a70SApple OSS Distributions     T_META_RADAR_COMPONENT_NAME("xnu"),
16*a1e26a70SApple OSS Distributions     T_META_RADAR_COMPONENT_VERSION("kevent"));
17*a1e26a70SApple OSS Distributions 
18*a1e26a70SApple OSS Distributions extern int __proc_info(int32_t callnum, int32_t pid, uint32_t flavor, uint64_t arg, user_addr_t buffer, int32_t buffersize);
19*a1e26a70SApple OSS Distributions 
20*a1e26a70SApple OSS Distributions T_DECL(avoid_leaking_KASLR, "rdar://101248992", T_META_TAG_VM_PREFERRED) {
21*a1e26a70SApple OSS Distributions 	int kq = kqueue();
22*a1e26a70SApple OSS Distributions 	T_ASSERT_GE(kq, 0, "Valid kqueue");
23*a1e26a70SApple OSS Distributions 
24*a1e26a70SApple OSS Distributions 	mach_port_t sync_port = MACH_PORT_NULL, mq_port = MACH_PORT_NULL;
25*a1e26a70SApple OSS Distributions 	kern_return_t kr = KERN_SUCCESS;
26*a1e26a70SApple OSS Distributions 
27*a1e26a70SApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &sync_port);
28*a1e26a70SApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated sync port");
29*a1e26a70SApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &mq_port);
30*a1e26a70SApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated mq port");
31*a1e26a70SApple OSS Distributions 
32*a1e26a70SApple OSS Distributions 
33*a1e26a70SApple OSS Distributions 	/* Create a kmsg which has the receive right of mq port in it for later copy
34*a1e26a70SApple OSS Distributions 	 * out */
35*a1e26a70SApple OSS Distributions 	typedef struct msg_request_s {
36*a1e26a70SApple OSS Distributions 		mach_msg_header_t header;
37*a1e26a70SApple OSS Distributions 		mach_msg_body_t body;
38*a1e26a70SApple OSS Distributions 		mach_msg_port_descriptor_t port;
39*a1e26a70SApple OSS Distributions 	}* msg_request_t;
40*a1e26a70SApple OSS Distributions 
41*a1e26a70SApple OSS Distributions 	typedef struct msg_reply_s {
42*a1e26a70SApple OSS Distributions 		mach_msg_header_t header;
43*a1e26a70SApple OSS Distributions 		mach_msg_body_t body;
44*a1e26a70SApple OSS Distributions 		mach_msg_port_descriptor_t port;
45*a1e26a70SApple OSS Distributions 		mach_msg_trailer_t trailer;
46*a1e26a70SApple OSS Distributions 	}* msg_reply_t;
47*a1e26a70SApple OSS Distributions 
48*a1e26a70SApple OSS Distributions 	union {
49*a1e26a70SApple OSS Distributions 		struct msg_request_s request;
50*a1e26a70SApple OSS Distributions 		struct msg_reply_s reply;
51*a1e26a70SApple OSS Distributions 	} message;
52*a1e26a70SApple OSS Distributions 	memset(&message, 0, sizeof(message));
53*a1e26a70SApple OSS Distributions 
54*a1e26a70SApple OSS Distributions 	msg_request_t requestp = &message.request;
55*a1e26a70SApple OSS Distributions 	msg_reply_t replyp = &message.reply;
56*a1e26a70SApple OSS Distributions 
57*a1e26a70SApple OSS Distributions 	*requestp = (struct msg_request_s) {
58*a1e26a70SApple OSS Distributions 		.header = {
59*a1e26a70SApple OSS Distributions 			.msgh_bits = MACH_MSGH_BITS_SET(MACH_MSG_TYPE_MAKE_SEND_ONCE, 0, 0, MACH_MSGH_BITS_COMPLEX),
60*a1e26a70SApple OSS Distributions 			.msgh_remote_port = sync_port,
61*a1e26a70SApple OSS Distributions 			.msgh_local_port = MACH_PORT_NULL,
62*a1e26a70SApple OSS Distributions 			.msgh_voucher_port = MACH_PORT_NULL,
63*a1e26a70SApple OSS Distributions 			.msgh_size = sizeof(*requestp),
64*a1e26a70SApple OSS Distributions 			.msgh_id = 0x88888888,
65*a1e26a70SApple OSS Distributions 		},
66*a1e26a70SApple OSS Distributions 		.body = {
67*a1e26a70SApple OSS Distributions 			.msgh_descriptor_count = 1,
68*a1e26a70SApple OSS Distributions 		},
69*a1e26a70SApple OSS Distributions 		.port = {
70*a1e26a70SApple OSS Distributions 			.name = mq_port,
71*a1e26a70SApple OSS Distributions 			.type = MACH_MSG_PORT_DESCRIPTOR,
72*a1e26a70SApple OSS Distributions 			.disposition = MACH_MSG_TYPE_MOVE_RECEIVE,
73*a1e26a70SApple OSS Distributions 		},
74*a1e26a70SApple OSS Distributions 	};
75*a1e26a70SApple OSS Distributions 
76*a1e26a70SApple OSS Distributions 	/*
77*a1e26a70SApple OSS Distributions 	 *	Send the receive right of mq_port to sync_port for later copyout.
78*a1e26a70SApple OSS Distributions 	 */
79*a1e26a70SApple OSS Distributions 	kr = mach_msg(&requestp->header, MACH_SEND_MSG, sizeof(*requestp), 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
80*a1e26a70SApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "sending message to sync port");
81*a1e26a70SApple OSS Distributions 
82*a1e26a70SApple OSS Distributions 	/*
83*a1e26a70SApple OSS Distributions 	 * The EV_DISPATCH is required that can pass filt_machport_kqueue_has_turnstile().
84*a1e26a70SApple OSS Distributions 	 * The received message will be copied out to replyp.
85*a1e26a70SApple OSS Distributions 	 * In filt_machport_stash_port(), the value in ext[3] will be set to the mq_port object.
86*a1e26a70SApple OSS Distributions 	 */
87*a1e26a70SApple OSS Distributions 	struct kevent_qos_s req_event = {
88*a1e26a70SApple OSS Distributions 		.ident = sync_port,
89*a1e26a70SApple OSS Distributions 		.filter = EVFILT_MACHPORT,
90*a1e26a70SApple OSS Distributions 		.flags = EV_ADD | EV_DISPATCH,
91*a1e26a70SApple OSS Distributions 		.fflags = MACH_RCV_MSG,
92*a1e26a70SApple OSS Distributions 		.ext = {
93*a1e26a70SApple OSS Distributions 			[0] = (uint64_t)replyp,
94*a1e26a70SApple OSS Distributions 			[1] = sizeof(*replyp),
95*a1e26a70SApple OSS Distributions 		},
96*a1e26a70SApple OSS Distributions 	};
97*a1e26a70SApple OSS Distributions 	struct kevent_qos_s reply_event = {};
98*a1e26a70SApple OSS Distributions 
99*a1e26a70SApple OSS Distributions 	int nevents = kevent_qos(kq, &req_event, 1, &reply_event, 1, NULL, NULL, 0);
100*a1e26a70SApple OSS Distributions 	T_ASSERT_EQ(nevents, 1, NULL);
101*a1e26a70SApple OSS Distributions 	T_ASSERT_EQ(replyp->body.msgh_descriptor_count, 1, NULL);
102*a1e26a70SApple OSS Distributions 	assert(MACH_PORT_VALID(replyp->port.name) && replyp->port.disposition == MACH_MSG_TYPE_MOVE_RECEIVE);
103*a1e26a70SApple OSS Distributions 
104*a1e26a70SApple OSS Distributions 	struct kevent_extinfo extinfo;
105*a1e26a70SApple OSS Distributions 	int knotes = __proc_info(PROC_INFO_CALL_PIDFDINFO, getpid(), PROC_PIDFDKQUEUE_EXTINFO, kq, (user_addr_t)&extinfo, sizeof(extinfo));
106*a1e26a70SApple OSS Distributions 	T_ASSERT_EQ(knotes, 1, NULL);
107*a1e26a70SApple OSS Distributions 	T_ASSERT_EQ(extinfo.kqext_kev.ident, sync_port, NULL);
108*a1e26a70SApple OSS Distributions 
109*a1e26a70SApple OSS Distributions 	uint64_t leaked_addr = extinfo.kqext_kev.ext[3];
110*a1e26a70SApple OSS Distributions 	T_ASSERT_EQ(leaked_addr, NULL, "Leaked kernel address");
111*a1e26a70SApple OSS Distributions }
112