1*f6217f89SApple OSS Distributions /*
2*f6217f89SApple OSS Distributions * Copyright (c) 2025 Apple Inc. All rights reserved.
3*f6217f89SApple OSS Distributions *
4*f6217f89SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5*f6217f89SApple OSS Distributions *
6*f6217f89SApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code
7*f6217f89SApple OSS Distributions * as defined in and that are subject to the Apple Public Source License
8*f6217f89SApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in
9*f6217f89SApple OSS Distributions * compliance with the License. The rights granted to you under the License
10*f6217f89SApple OSS Distributions * may not be used to create, or enable the creation or redistribution of,
11*f6217f89SApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to
12*f6217f89SApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any
13*f6217f89SApple OSS Distributions * terms of an Apple operating system software license agreement.
14*f6217f89SApple OSS Distributions *
15*f6217f89SApple OSS Distributions * Please obtain a copy of the License at
16*f6217f89SApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file.
17*f6217f89SApple OSS Distributions *
18*f6217f89SApple OSS Distributions * The Original Code and all software distributed under the License are
19*f6217f89SApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20*f6217f89SApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21*f6217f89SApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22*f6217f89SApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23*f6217f89SApple OSS Distributions * Please see the License for the specific language governing rights and
24*f6217f89SApple OSS Distributions * limitations under the License.
25*f6217f89SApple OSS Distributions *
26*f6217f89SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27*f6217f89SApple OSS Distributions */
28*f6217f89SApple OSS Distributions
29*f6217f89SApple OSS Distributions /* test that the header doesn't implicitly depend on others */
30*f6217f89SApple OSS Distributions #include <sys/resource_private.h>
31*f6217f89SApple OSS Distributions #include <sys/resource.h>
32*f6217f89SApple OSS Distributions
33*f6217f89SApple OSS Distributions #include <libproc.h>
34*f6217f89SApple OSS Distributions
35*f6217f89SApple OSS Distributions #include <sys/types.h>
36*f6217f89SApple OSS Distributions #include <unistd.h>
37*f6217f89SApple OSS Distributions
38*f6217f89SApple OSS Distributions #include <mach/task.h>
39*f6217f89SApple OSS Distributions #include <mach/task_policy.h>
40*f6217f89SApple OSS Distributions #include <mach/mach.h>
41*f6217f89SApple OSS Distributions
42*f6217f89SApple OSS Distributions #include <darwintest.h>
43*f6217f89SApple OSS Distributions #include <darwintest_utils.h>
44*f6217f89SApple OSS Distributions
45*f6217f89SApple OSS Distributions #include <sys/sfi.h>
46*f6217f89SApple OSS Distributions #include <Kernel/kern/ledger.h> /* TODO: this should be installed for userspace */
47*f6217f89SApple OSS Distributions extern int ledger(int cmd, caddr_t arg1, caddr_t arg2, caddr_t arg3);
48*f6217f89SApple OSS Distributions
49*f6217f89SApple OSS Distributions #include <kern/debug.h>
50*f6217f89SApple OSS Distributions extern int __microstackshot(char *tracebuf, uint32_t tracebuf_size, uint32_t flags);
51*f6217f89SApple OSS Distributions
52*f6217f89SApple OSS Distributions
53*f6217f89SApple OSS Distributions T_GLOBAL_META(T_META_NAMESPACE("xnu.scheduler"),
54*f6217f89SApple OSS Distributions T_META_RADAR_COMPONENT_NAME("xnu"),
55*f6217f89SApple OSS Distributions T_META_RADAR_COMPONENT_VERSION("scheduler"),
56*f6217f89SApple OSS Distributions T_META_OWNER("chimene"),
57*f6217f89SApple OSS Distributions T_META_RUN_CONCURRENTLY(false), /* because of messing with global SFI */
58*f6217f89SApple OSS Distributions T_META_ASROOT(true), /* for TASK_POLICY_STATE, and setting SFI */
59*f6217f89SApple OSS Distributions T_META_TAG_VM_PREFERRED);
60*f6217f89SApple OSS Distributions
61*f6217f89SApple OSS Distributions static void
check_is_bg(bool wants_bg)62*f6217f89SApple OSS Distributions check_is_bg(bool wants_bg)
63*f6217f89SApple OSS Distributions {
64*f6217f89SApple OSS Distributions kern_return_t kr;
65*f6217f89SApple OSS Distributions struct task_policy_state policy_state;
66*f6217f89SApple OSS Distributions
67*f6217f89SApple OSS Distributions mach_msg_type_number_t count = TASK_POLICY_STATE_COUNT;
68*f6217f89SApple OSS Distributions boolean_t get_default = FALSE;
69*f6217f89SApple OSS Distributions
70*f6217f89SApple OSS Distributions kr = task_policy_get(mach_task_self(), TASK_POLICY_STATE,
71*f6217f89SApple OSS Distributions (task_policy_t)&policy_state, &count, &get_default);
72*f6217f89SApple OSS Distributions
73*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "task_policy_get(TASK_POLICY_STATE)");
74*f6217f89SApple OSS Distributions
75*f6217f89SApple OSS Distributions /*
76*f6217f89SApple OSS Distributions * A test reporting type=APPLICATION should have the live donor bit set.
77*f6217f89SApple OSS Distributions * If this fails, the test may have been launched as a daemon instead.
78*f6217f89SApple OSS Distributions */
79*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_LIVE_DONOR, "test should be live donor enabled");
80*f6217f89SApple OSS Distributions
81*f6217f89SApple OSS Distributions /*
82*f6217f89SApple OSS Distributions * The BG bit is updated via task_policy_update_internal_locked,
83*f6217f89SApple OSS Distributions * checking this proves that the first phase update ran on this task.
84*f6217f89SApple OSS Distributions */
85*f6217f89SApple OSS Distributions if (wants_bg) {
86*f6217f89SApple OSS Distributions T_ASSERT_BITS_SET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is BG", getpid());
87*f6217f89SApple OSS Distributions } else {
88*f6217f89SApple OSS Distributions T_ASSERT_BITS_NOTSET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is not BG", getpid());
89*f6217f89SApple OSS Distributions }
90*f6217f89SApple OSS Distributions
91*f6217f89SApple OSS Distributions /*
92*f6217f89SApple OSS Distributions * The live donor bit is updated via task_policy_update_complete_unlocked,
93*f6217f89SApple OSS Distributions * checking this proves that the second phase update ran on this task.
94*f6217f89SApple OSS Distributions */
95*f6217f89SApple OSS Distributions if (wants_bg) {
96*f6217f89SApple OSS Distributions T_ASSERT_BITS_NOTSET(policy_state.flags, TASK_IMP_DONOR, "%d: is not live donor", getpid());
97*f6217f89SApple OSS Distributions } else {
98*f6217f89SApple OSS Distributions T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_DONOR, "%d: is live donor", getpid());
99*f6217f89SApple OSS Distributions }
100*f6217f89SApple OSS Distributions }
101*f6217f89SApple OSS Distributions
102*f6217f89SApple OSS Distributions static void
check_runaway_mode(bool expected_mode)103*f6217f89SApple OSS Distributions check_runaway_mode(bool expected_mode)
104*f6217f89SApple OSS Distributions {
105*f6217f89SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0);
106*f6217f89SApple OSS Distributions
107*f6217f89SApple OSS Distributions T_QUIET;
108*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
109*f6217f89SApple OSS Distributions
110*f6217f89SApple OSS Distributions T_LOG("pid %d: runaway mitigation mode is: %d", getpid(), runaway_mode);
111*f6217f89SApple OSS Distributions
112*f6217f89SApple OSS Distributions if (expected_mode) {
113*f6217f89SApple OSS Distributions T_QUIET;
114*f6217f89SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");
115*f6217f89SApple OSS Distributions check_is_bg(true);
116*f6217f89SApple OSS Distributions } else {
117*f6217f89SApple OSS Distributions T_QUIET;
118*f6217f89SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
119*f6217f89SApple OSS Distributions check_is_bg(false);
120*f6217f89SApple OSS Distributions }
121*f6217f89SApple OSS Distributions }
122*f6217f89SApple OSS Distributions
123*f6217f89SApple OSS Distributions T_DECL(entitled_runaway_mode, "runaway mitigation mode should be settable while entitled")
124*f6217f89SApple OSS Distributions {
125*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
126*f6217f89SApple OSS Distributions
127*f6217f89SApple OSS Distributions check_runaway_mode(false);
128*f6217f89SApple OSS Distributions
129*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
130*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
131*f6217f89SApple OSS Distributions
132*f6217f89SApple OSS Distributions check_runaway_mode(true);
133*f6217f89SApple OSS Distributions
134*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
135*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
136*f6217f89SApple OSS Distributions
137*f6217f89SApple OSS Distributions check_runaway_mode(false);
138*f6217f89SApple OSS Distributions }
139*f6217f89SApple OSS Distributions
140*f6217f89SApple OSS Distributions T_DECL(entitled_runaway_mode_read_root, "runaway mitigation mode should be readable as root",
141*f6217f89SApple OSS Distributions T_META_ASROOT(true))
142*f6217f89SApple OSS Distributions {
143*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
144*f6217f89SApple OSS Distributions
145*f6217f89SApple OSS Distributions check_runaway_mode(false);
146*f6217f89SApple OSS Distributions }
147*f6217f89SApple OSS Distributions
148*f6217f89SApple OSS Distributions T_DECL(entitled_runaway_mode_read_notroot, "runaway mitigation mode should be readable as not root but entitled",
149*f6217f89SApple OSS Distributions T_META_ASROOT(false))
150*f6217f89SApple OSS Distributions {
151*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
152*f6217f89SApple OSS Distributions
153*f6217f89SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, getpid());
154*f6217f89SApple OSS Distributions
155*f6217f89SApple OSS Distributions T_QUIET;
156*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
157*f6217f89SApple OSS Distributions
158*f6217f89SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
159*f6217f89SApple OSS Distributions }
160*f6217f89SApple OSS Distributions
161*f6217f89SApple OSS Distributions T_DECL(runaway_mode_child_exit, "runaway mitigation mode should disappear when child exits")
162*f6217f89SApple OSS Distributions {
163*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
164*f6217f89SApple OSS Distributions
165*f6217f89SApple OSS Distributions check_runaway_mode(false);
166*f6217f89SApple OSS Distributions
167*f6217f89SApple OSS Distributions T_LOG("Spawning child");
168*f6217f89SApple OSS Distributions
169*f6217f89SApple OSS Distributions pid_t child_pid = fork();
170*f6217f89SApple OSS Distributions
171*f6217f89SApple OSS Distributions if (child_pid == 0) {
172*f6217f89SApple OSS Distributions /* child process */
173*f6217f89SApple OSS Distributions
174*f6217f89SApple OSS Distributions check_runaway_mode(false);
175*f6217f89SApple OSS Distributions
176*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
177*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
178*f6217f89SApple OSS Distributions
179*f6217f89SApple OSS Distributions check_runaway_mode(true);
180*f6217f89SApple OSS Distributions
181*f6217f89SApple OSS Distributions T_LOG("Exit pid %d with runaway mitigation mode on", getpid());
182*f6217f89SApple OSS Distributions
183*f6217f89SApple OSS Distributions exit(0);
184*f6217f89SApple OSS Distributions } else {
185*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork, pid %d", child_pid);
186*f6217f89SApple OSS Distributions
187*f6217f89SApple OSS Distributions /* wait for child process to exit */
188*f6217f89SApple OSS Distributions int exit_status = 0, signum = 0;
189*f6217f89SApple OSS Distributions
190*f6217f89SApple OSS Distributions T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
191*f6217f89SApple OSS Distributions "wait for child (%d) complete", child_pid);
192*f6217f89SApple OSS Distributions
193*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
194*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
195*f6217f89SApple OSS Distributions }
196*f6217f89SApple OSS Distributions
197*f6217f89SApple OSS Distributions check_runaway_mode(false);
198*f6217f89SApple OSS Distributions }
199*f6217f89SApple OSS Distributions
200*f6217f89SApple OSS Distributions T_DECL(runaway_mode_child_set, "runaway mitigation mode should be settable on child pid")
201*f6217f89SApple OSS Distributions {
202*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
203*f6217f89SApple OSS Distributions
204*f6217f89SApple OSS Distributions check_runaway_mode(false);
205*f6217f89SApple OSS Distributions
206*f6217f89SApple OSS Distributions int fd[2];
207*f6217f89SApple OSS Distributions
208*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(pipe(fd), "pipe()");
209*f6217f89SApple OSS Distributions
210*f6217f89SApple OSS Distributions T_LOG("Spawning child");
211*f6217f89SApple OSS Distributions
212*f6217f89SApple OSS Distributions pid_t child_pid = fork();
213*f6217f89SApple OSS Distributions
214*f6217f89SApple OSS Distributions if (child_pid == 0) {
215*f6217f89SApple OSS Distributions char buf[10];
216*f6217f89SApple OSS Distributions
217*f6217f89SApple OSS Distributions /* child process */
218*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork, in child with pid %d", getpid());
219*f6217f89SApple OSS Distributions
220*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");
221*f6217f89SApple OSS Distributions
222*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(read(fd[0], buf, sizeof(buf)), "read(fd[0], buf, sizeof(buf)");
223*f6217f89SApple OSS Distributions
224*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[0]), "close(fd[0])");
225*f6217f89SApple OSS Distributions
226*f6217f89SApple OSS Distributions check_runaway_mode(true);
227*f6217f89SApple OSS Distributions
228*f6217f89SApple OSS Distributions T_LOG("Exit pid %d with runaway mitigation mode on", getpid());
229*f6217f89SApple OSS Distributions
230*f6217f89SApple OSS Distributions exit(0);
231*f6217f89SApple OSS Distributions } else {
232*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork parent: child pid %d", child_pid);
233*f6217f89SApple OSS Distributions
234*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
235*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
236*f6217f89SApple OSS Distributions
237*f6217f89SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid);
238*f6217f89SApple OSS Distributions
239*f6217f89SApple OSS Distributions T_QUIET;
240*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
241*f6217f89SApple OSS Distributions
242*f6217f89SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");
243*f6217f89SApple OSS Distributions
244*f6217f89SApple OSS Distributions T_QUIET; T_LOG("Signalling child to continue");
245*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");
246*f6217f89SApple OSS Distributions
247*f6217f89SApple OSS Distributions /* wait for child process to exit */
248*f6217f89SApple OSS Distributions int exit_status = 0, signum = 0;
249*f6217f89SApple OSS Distributions
250*f6217f89SApple OSS Distributions T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
251*f6217f89SApple OSS Distributions "wait for child (%d) complete", child_pid);
252*f6217f89SApple OSS Distributions
253*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
254*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
255*f6217f89SApple OSS Distributions }
256*f6217f89SApple OSS Distributions
257*f6217f89SApple OSS Distributions check_runaway_mode(false);
258*f6217f89SApple OSS Distributions }
259*f6217f89SApple OSS Distributions
260*f6217f89SApple OSS Distributions
261*f6217f89SApple OSS Distributions /*
262*f6217f89SApple OSS Distributions * TODO: This should be in a test utils library,
263*f6217f89SApple OSS Distributions * but it requires including Kernel.framework header kern/ledger.h, which is Bad
264*f6217f89SApple OSS Distributions */
265*f6217f89SApple OSS Distributions static size_t
ledger_index_for_string(size_t * num_entries,char * string)266*f6217f89SApple OSS Distributions ledger_index_for_string(size_t *num_entries, char* string)
267*f6217f89SApple OSS Distributions {
268*f6217f89SApple OSS Distributions struct ledger_info li;
269*f6217f89SApple OSS Distributions struct ledger_template_info *templateInfo = NULL;
270*f6217f89SApple OSS Distributions int ret;
271*f6217f89SApple OSS Distributions size_t i, footprint_index;
272*f6217f89SApple OSS Distributions bool found = false;
273*f6217f89SApple OSS Distributions
274*f6217f89SApple OSS Distributions ret = ledger(LEDGER_INFO, (caddr_t)(uintptr_t)getpid(), (caddr_t)&li, NULL);
275*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_INFO)");
276*f6217f89SApple OSS Distributions
277*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_GT(li.li_entries, (int64_t) 0, "num ledger entries is valid");
278*f6217f89SApple OSS Distributions *num_entries = (size_t) li.li_entries;
279*f6217f89SApple OSS Distributions templateInfo = malloc((size_t)li.li_entries * sizeof(struct ledger_template_info));
280*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_NOTNULL(templateInfo, "malloc entries");
281*f6217f89SApple OSS Distributions
282*f6217f89SApple OSS Distributions footprint_index = 0;
283*f6217f89SApple OSS Distributions ret = ledger(LEDGER_TEMPLATE_INFO, (caddr_t) templateInfo, (caddr_t) num_entries, NULL);
284*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_TEMPLATE_INFO)");
285*f6217f89SApple OSS Distributions for (i = 0; i < *num_entries; i++) {
286*f6217f89SApple OSS Distributions if (strcmp(templateInfo[i].lti_name, string) == 0) {
287*f6217f89SApple OSS Distributions footprint_index = i;
288*f6217f89SApple OSS Distributions found = true;
289*f6217f89SApple OSS Distributions }
290*f6217f89SApple OSS Distributions }
291*f6217f89SApple OSS Distributions free(templateInfo);
292*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_TRUE(found, "found %s in ledger", string);
293*f6217f89SApple OSS Distributions return footprint_index;
294*f6217f89SApple OSS Distributions }
295*f6217f89SApple OSS Distributions
296*f6217f89SApple OSS Distributions /*
297*f6217f89SApple OSS Distributions * sadly there's no 'get just this one ledger index' syscall,
298*f6217f89SApple OSS Distributions * we have to read all ledgers and filter for the one we want
299*f6217f89SApple OSS Distributions */
300*f6217f89SApple OSS Distributions static int64_t
get_ledger_entry_for_pid(pid_t pid,size_t index,size_t num_entries)301*f6217f89SApple OSS Distributions get_ledger_entry_for_pid(pid_t pid, size_t index, size_t num_entries)
302*f6217f89SApple OSS Distributions {
303*f6217f89SApple OSS Distributions int ret;
304*f6217f89SApple OSS Distributions int64_t value;
305*f6217f89SApple OSS Distributions struct ledger_entry_info *lei = NULL;
306*f6217f89SApple OSS Distributions
307*f6217f89SApple OSS Distributions lei = malloc(num_entries * sizeof(*lei));
308*f6217f89SApple OSS Distributions ret = ledger(LEDGER_ENTRY_INFO, (caddr_t) (uintptr_t) pid, (caddr_t) lei, (caddr_t) &num_entries);
309*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_ENTRY_INFO)");
310*f6217f89SApple OSS Distributions value = lei[index].lei_balance;
311*f6217f89SApple OSS Distributions free(lei);
312*f6217f89SApple OSS Distributions return value;
313*f6217f89SApple OSS Distributions }
314*f6217f89SApple OSS Distributions
315*f6217f89SApple OSS Distributions
316*f6217f89SApple OSS Distributions uint64_t initial_sfi_window = 0, initial_class_offtime = 0;
317*f6217f89SApple OSS Distributions
318*f6217f89SApple OSS Distributions static void
restore_sfi_state(void)319*f6217f89SApple OSS Distributions restore_sfi_state(void)
320*f6217f89SApple OSS Distributions {
321*f6217f89SApple OSS Distributions T_LOG("Restoring initial system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
322*f6217f89SApple OSS Distributions initial_sfi_window, initial_class_offtime);
323*f6217f89SApple OSS Distributions
324*f6217f89SApple OSS Distributions /*
325*f6217f89SApple OSS Distributions * Setting window will fail if there is a larger offtime set, and
326*f6217f89SApple OSS Distributions * setting class will fail if the window is smaller.
327*f6217f89SApple OSS Distributions * To avoid this, disable the window, configure new values, then finally
328*f6217f89SApple OSS Distributions * re-enable the window.
329*f6217f89SApple OSS Distributions */
330*f6217f89SApple OSS Distributions
331*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
332*f6217f89SApple OSS Distributions "system_set_sfi_window(0)");
333*f6217f89SApple OSS Distributions
334*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, initial_class_offtime),
335*f6217f89SApple OSS Distributions "system_set_sfi_window(%lld)", initial_class_offtime);
336*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(initial_sfi_window),
337*f6217f89SApple OSS Distributions "system_set_sfi_window(%lld)", initial_sfi_window);
338*f6217f89SApple OSS Distributions }
339*f6217f89SApple OSS Distributions
340*f6217f89SApple OSS Distributions const int spin_seconds = 1;
341*f6217f89SApple OSS Distributions
342*f6217f89SApple OSS Distributions
343*f6217f89SApple OSS Distributions static void *
spin_thread(void * arg)344*f6217f89SApple OSS Distributions spin_thread(void *arg)
345*f6217f89SApple OSS Distributions {
346*f6217f89SApple OSS Distributions static mach_timebase_info_data_t timebase_info;
347*f6217f89SApple OSS Distributions mach_timebase_info(&timebase_info);
348*f6217f89SApple OSS Distributions
349*f6217f89SApple OSS Distributions uint64_t duration = spin_seconds * NSEC_PER_SEC * timebase_info.denom / timebase_info.numer;
350*f6217f89SApple OSS Distributions uint64_t deadline = mach_absolute_time() + duration;
351*f6217f89SApple OSS Distributions
352*f6217f89SApple OSS Distributions while (mach_absolute_time() < deadline) {
353*f6217f89SApple OSS Distributions ;
354*f6217f89SApple OSS Distributions }
355*f6217f89SApple OSS Distributions
356*f6217f89SApple OSS Distributions return NULL;
357*f6217f89SApple OSS Distributions }
358*f6217f89SApple OSS Distributions
359*f6217f89SApple OSS Distributions T_DECL(runaway_mode_child_sfi, "runaway mitigation mode should cause SFI")
360*f6217f89SApple OSS Distributions {
361*f6217f89SApple OSS Distributions T_LOG("uid: %d", getuid());
362*f6217f89SApple OSS Distributions
363*f6217f89SApple OSS Distributions check_runaway_mode(false);
364*f6217f89SApple OSS Distributions
365*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&initial_sfi_window),
366*f6217f89SApple OSS Distributions "system_get_sfi_window(&initial_sfi_window)");
367*f6217f89SApple OSS Distributions
368*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime),
369*f6217f89SApple OSS Distributions "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime)");
370*f6217f89SApple OSS Distributions
371*f6217f89SApple OSS Distributions T_LOG("Initial System SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld\n", initial_sfi_window, initial_class_offtime);
372*f6217f89SApple OSS Distributions
373*f6217f89SApple OSS Distributions size_t num_ledger_entries = 0;
374*f6217f89SApple OSS Distributions size_t ledger_index = ledger_index_for_string(&num_ledger_entries, "SFI_CLASS_RUNAWAY_MITIGATION");
375*f6217f89SApple OSS Distributions uint64_t sfi_time_before = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);
376*f6217f89SApple OSS Distributions
377*f6217f89SApple OSS Distributions T_LOG("SFI_CLASS_RUNAWAY_MITIGATION ledger index: %zu out of %zu\n", ledger_index, num_ledger_entries);
378*f6217f89SApple OSS Distributions
379*f6217f89SApple OSS Distributions T_LOG("Initial accumulated SFI time: %lld\n", sfi_time_before);
380*f6217f89SApple OSS Distributions
381*f6217f89SApple OSS Distributions T_ATEND(restore_sfi_state);
382*f6217f89SApple OSS Distributions
383*f6217f89SApple OSS Distributions uint64_t custom_sfi_window = 100000; /* microseconds */
384*f6217f89SApple OSS Distributions uint64_t custom_class_offtime = 50000;
385*f6217f89SApple OSS Distributions
386*f6217f89SApple OSS Distributions T_LOG("Setting custom system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
387*f6217f89SApple OSS Distributions custom_sfi_window, custom_class_offtime);
388*f6217f89SApple OSS Distributions
389*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
390*f6217f89SApple OSS Distributions "system_set_sfi_window(0)");
391*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, custom_class_offtime),
392*f6217f89SApple OSS Distributions "sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, %lld)", custom_class_offtime);
393*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(custom_sfi_window),
394*f6217f89SApple OSS Distributions "system_set_sfi_window(%lld)", custom_sfi_window);
395*f6217f89SApple OSS Distributions
396*f6217f89SApple OSS Distributions pthread_t thread;
397*f6217f89SApple OSS Distributions
398*f6217f89SApple OSS Distributions T_LOG("Spawning thread to spin for %d seconds\n", spin_seconds);
399*f6217f89SApple OSS Distributions
400*f6217f89SApple OSS Distributions int rv = pthread_create(&thread, NULL, spin_thread, NULL);
401*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_create");
402*f6217f89SApple OSS Distributions
403*f6217f89SApple OSS Distributions T_LOG("Enable mitigation mode\n");
404*f6217f89SApple OSS Distributions
405*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
406*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
407*f6217f89SApple OSS Distributions
408*f6217f89SApple OSS Distributions check_runaway_mode(true);
409*f6217f89SApple OSS Distributions
410*f6217f89SApple OSS Distributions T_LOG("Wait %d seconds for spin to finish\n", spin_seconds);
411*f6217f89SApple OSS Distributions
412*f6217f89SApple OSS Distributions rv = pthread_join(thread, NULL);
413*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_join");
414*f6217f89SApple OSS Distributions
415*f6217f89SApple OSS Distributions T_LOG("Thread joined, disable mitigation mode\n");
416*f6217f89SApple OSS Distributions
417*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
418*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
419*f6217f89SApple OSS Distributions
420*f6217f89SApple OSS Distributions uint64_t sfi_time_after = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);
421*f6217f89SApple OSS Distributions
422*f6217f89SApple OSS Distributions T_LOG("Ending accumulated SFI time: %lld\n", sfi_time_after);
423*f6217f89SApple OSS Distributions
424*f6217f89SApple OSS Distributions T_ASSERT_LT(sfi_time_before, sfi_time_after, "SFI_CLASS_RUNAWAY_MITIGATION SFI time must have increased");
425*f6217f89SApple OSS Distributions
426*f6217f89SApple OSS Distributions check_runaway_mode(false);
427*f6217f89SApple OSS Distributions
428*f6217f89SApple OSS Distributions uint64_t final_sfi_window = 0, final_class_offtime = 0;
429*f6217f89SApple OSS Distributions
430*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&final_sfi_window),
431*f6217f89SApple OSS Distributions "system_get_sfi_window(&final_sfi_window)");
432*f6217f89SApple OSS Distributions
433*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime),
434*f6217f89SApple OSS Distributions "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime)");
435*f6217f89SApple OSS Distributions
436*f6217f89SApple OSS Distributions /*
437*f6217f89SApple OSS Distributions * If the System SFI configuration was changed out from under us during the test, either us or them will be confused.
438*f6217f89SApple OSS Distributions */
439*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(custom_sfi_window, final_sfi_window, "System SFI window should not unexpectedly change during the test");
440*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_EQ(custom_class_offtime, final_class_offtime, "System SFI offtime should not unexpectedly change during the test");
441*f6217f89SApple OSS Distributions }
442*f6217f89SApple OSS Distributions
443*f6217f89SApple OSS Distributions #if defined(__arm64__)
444*f6217f89SApple OSS Distributions
445*f6217f89SApple OSS Distributions static bool found_flag = false;
446*f6217f89SApple OSS Distributions static bool found_self = false;
447*f6217f89SApple OSS Distributions
448*f6217f89SApple OSS Distributions static const size_t microstackshot_buf_size = 16 * 1024;
449*f6217f89SApple OSS Distributions
450*f6217f89SApple OSS Distributions static bool
search_for_self_microstackshot(bool log_details)451*f6217f89SApple OSS Distributions search_for_self_microstackshot(bool log_details)
452*f6217f89SApple OSS Distributions {
453*f6217f89SApple OSS Distributions void *buf = calloc(microstackshot_buf_size, 1);
454*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_NOTNULL(buf, "allocate buffer");
455*f6217f89SApple OSS Distributions
456*f6217f89SApple OSS Distributions int ret = __microstackshot(buf, microstackshot_buf_size, STACKSHOT_GET_MICROSTACKSHOT);
457*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "microstackshot");
458*f6217f89SApple OSS Distributions
459*f6217f89SApple OSS Distributions if (!log_details) {
460*f6217f89SApple OSS Distributions T_QUIET;
461*f6217f89SApple OSS Distributions }
462*f6217f89SApple OSS Distributions T_EXPECT_EQ(*(uint32_t *)buf,
463*f6217f89SApple OSS Distributions (uint32_t)STACKSHOT_MICRO_SNAPSHOT_MAGIC,
464*f6217f89SApple OSS Distributions "magic value for microstackshot matches");
465*f6217f89SApple OSS Distributions
466*f6217f89SApple OSS Distributions uint32_t magic = STACKSHOT_TASK_SNAPSHOT_MAGIC;
467*f6217f89SApple OSS Distributions
468*f6217f89SApple OSS Distributions void* next_tsnap = memmem(buf, microstackshot_buf_size, &magic, sizeof(magic));
469*f6217f89SApple OSS Distributions
470*f6217f89SApple OSS Distributions void* buf_end = buf + microstackshot_buf_size;
471*f6217f89SApple OSS Distributions
472*f6217f89SApple OSS Distributions while (next_tsnap != NULL && next_tsnap + sizeof(struct task_snapshot) < buf_end) {
473*f6217f89SApple OSS Distributions struct task_snapshot *tsnap = (struct task_snapshot *)next_tsnap;
474*f6217f89SApple OSS Distributions unsigned int offset = next_tsnap - buf;
475*f6217f89SApple OSS Distributions
476*f6217f89SApple OSS Distributions if (log_details) {
477*f6217f89SApple OSS Distributions T_LOG("%6d: found snap pid %d name %s\n", offset, tsnap->pid, (char*)&tsnap->p_comm);
478*f6217f89SApple OSS Distributions }
479*f6217f89SApple OSS Distributions
480*f6217f89SApple OSS Distributions if (tsnap->pid == getpid()) {
481*f6217f89SApple OSS Distributions if (log_details) {
482*f6217f89SApple OSS Distributions T_LOG("%6d: found self snap: flags 0x%x 0x%llx\n", offset, tsnap->ss_flags, tsnap->disk_reads_count);
483*f6217f89SApple OSS Distributions }
484*f6217f89SApple OSS Distributions found_self = true;
485*f6217f89SApple OSS Distributions
486*f6217f89SApple OSS Distributions if (tsnap->disk_reads_count & kTaskRunawayMitigation) {
487*f6217f89SApple OSS Distributions T_LOG("%6d: found runaway flag: pid %d, name %s, flags: 0x%x 0x%llx, \n",
488*f6217f89SApple OSS Distributions offset, tsnap->pid, (char*)&tsnap->p_comm, tsnap->ss_flags, tsnap->disk_reads_count);
489*f6217f89SApple OSS Distributions found_flag = true;
490*f6217f89SApple OSS Distributions }
491*f6217f89SApple OSS Distributions }
492*f6217f89SApple OSS Distributions
493*f6217f89SApple OSS Distributions void* search_start = next_tsnap + sizeof(struct task_snapshot);
494*f6217f89SApple OSS Distributions size_t remaining_size = buf_end - search_start;
495*f6217f89SApple OSS Distributions next_tsnap = memmem(search_start, remaining_size, &magic, sizeof(magic));
496*f6217f89SApple OSS Distributions }
497*f6217f89SApple OSS Distributions
498*f6217f89SApple OSS Distributions free(buf);
499*f6217f89SApple OSS Distributions
500*f6217f89SApple OSS Distributions return found_flag;
501*f6217f89SApple OSS Distributions }
502*f6217f89SApple OSS Distributions
503*f6217f89SApple OSS Distributions T_DECL(runaway_mode_microstackshot_flag,
504*f6217f89SApple OSS Distributions "check that mitigated processes show up in microstackshot",
505*f6217f89SApple OSS Distributions T_META_REQUIRES_SYSCTL_EQ("kern.monotonic.supported", 1),
506*f6217f89SApple OSS Distributions T_META_TAG_VM_NOT_ELIGIBLE, T_META_TIMEOUT(120))
507*f6217f89SApple OSS Distributions {
508*f6217f89SApple OSS Distributions unsigned int pmi_counter;
509*f6217f89SApple OSS Distributions size_t sysctl_size = sizeof(pmi_counter);
510*f6217f89SApple OSS Distributions int ret = sysctlbyname(
511*f6217f89SApple OSS Distributions "kern.microstackshot.pmi_sample_counter",
512*f6217f89SApple OSS Distributions &pmi_counter, &sysctl_size, NULL, 0);
513*f6217f89SApple OSS Distributions if (ret == -1 && errno == ENOENT) {
514*f6217f89SApple OSS Distributions T_SKIP("no PMI support");
515*f6217f89SApple OSS Distributions } else {
516*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "query PMI counter");
517*f6217f89SApple OSS Distributions }
518*f6217f89SApple OSS Distributions uint64_t pmi_period;
519*f6217f89SApple OSS Distributions sysctl_size = sizeof(pmi_period);
520*f6217f89SApple OSS Distributions T_QUIET;
521*f6217f89SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(sysctlbyname(
522*f6217f89SApple OSS Distributions "kern.microstackshot.pmi_sample_period",
523*f6217f89SApple OSS Distributions &pmi_period, &sysctl_size, NULL, 0),
524*f6217f89SApple OSS Distributions "query PMI period");
525*f6217f89SApple OSS Distributions
526*f6217f89SApple OSS Distributions T_LOG("PMI counter: %u", pmi_counter);
527*f6217f89SApple OSS Distributions T_LOG("PMI period: %llu", pmi_period);
528*f6217f89SApple OSS Distributions
529*f6217f89SApple OSS Distributions if (pmi_period == 0) {
530*f6217f89SApple OSS Distributions T_SKIP("PMI microstackshots not enabled");
531*f6217f89SApple OSS Distributions }
532*f6217f89SApple OSS Distributions
533*f6217f89SApple OSS Distributions T_LOG("Enable mitigation mode on self\n");
534*f6217f89SApple OSS Distributions
535*f6217f89SApple OSS Distributions T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
536*f6217f89SApple OSS Distributions 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
537*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
538*f6217f89SApple OSS Distributions
539*f6217f89SApple OSS Distributions uint32_t iterations = 100;
540*f6217f89SApple OSS Distributions
541*f6217f89SApple OSS Distributions /* Over-spin to make it likely we get sampled at least once before failing */
542*f6217f89SApple OSS Distributions uint32_t multiplier = 10;
543*f6217f89SApple OSS Distributions uint64_t target_cycles = multiplier * pmi_period;
544*f6217f89SApple OSS Distributions
545*f6217f89SApple OSS Distributions T_LOG("Spinning for %d iterations or %lld*%d cycles or until self-sample is found\n",
546*f6217f89SApple OSS Distributions iterations, pmi_period, multiplier);
547*f6217f89SApple OSS Distributions
548*f6217f89SApple OSS Distributions struct rusage_info_v6 ru = {};
549*f6217f89SApple OSS Distributions
550*f6217f89SApple OSS Distributions for (int i = 0; i < iterations; i++) {
551*f6217f89SApple OSS Distributions spin_thread(NULL);
552*f6217f89SApple OSS Distributions
553*f6217f89SApple OSS Distributions int rv = proc_pid_rusage(getpid(), RUSAGE_INFO_V6, (rusage_info_t *)&ru);
554*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "proc_pid_rusage");
555*f6217f89SApple OSS Distributions
556*f6217f89SApple OSS Distributions T_LOG("iteration %3d: %14lld / %14lld cycles executed (%.2f%%)\n", i,
557*f6217f89SApple OSS Distributions ru.ri_cycles, target_cycles,
558*f6217f89SApple OSS Distributions ((double)ru.ri_cycles) * 100.0 / (double)target_cycles);
559*f6217f89SApple OSS Distributions
560*f6217f89SApple OSS Distributions T_QUIET; T_ASSERT_NE(ru.ri_cycles, (uint64_t)0,
561*f6217f89SApple OSS Distributions "should be able to measure cycles with proc_pid_rusage");
562*f6217f89SApple OSS Distributions
563*f6217f89SApple OSS Distributions bool found = search_for_self_microstackshot(false);
564*f6217f89SApple OSS Distributions if (ru.ri_cycles > target_cycles || found) {
565*f6217f89SApple OSS Distributions break;
566*f6217f89SApple OSS Distributions }
567*f6217f89SApple OSS Distributions }
568*f6217f89SApple OSS Distributions
569*f6217f89SApple OSS Distributions T_LOG("Complete, executed %lld cycles. Disable mitigation mode.\n", ru.ri_cycles);
570*f6217f89SApple OSS Distributions
571*f6217f89SApple OSS Distributions T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
572*f6217f89SApple OSS Distributions 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
573*f6217f89SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
574*f6217f89SApple OSS Distributions
575*f6217f89SApple OSS Distributions search_for_self_microstackshot(true);
576*f6217f89SApple OSS Distributions
577*f6217f89SApple OSS Distributions T_EXPECT_EQ(found_self, true,
578*f6217f89SApple OSS Distributions "Should have found self in microstackshot buffer");
579*f6217f89SApple OSS Distributions T_EXPECT_EQ(found_flag, true,
580*f6217f89SApple OSS Distributions "Should have found kTaskRunawayMitigation flag in microstackshot buffer");
581*f6217f89SApple OSS Distributions }
582*f6217f89SApple OSS Distributions #endif // defined(__arm64__)
583