xref: /xnu-12377.41.6/tests/exec-race-128791723.c (revision bbb1b6f9e71b8cdde6e5cd6f4841f207dee3d828) 
1*bbb1b6f9SApple OSS Distributions #include <signal.h>
2*bbb1b6f9SApple OSS Distributions #include <libproc.h>
3*bbb1b6f9SApple OSS Distributions #include <sys/sysctl.h>
4*bbb1b6f9SApple OSS Distributions 
5*bbb1b6f9SApple OSS Distributions #include <darwintest.h>
6*bbb1b6f9SApple OSS Distributions 
7*bbb1b6f9SApple OSS Distributions // rdar://128791723
8*bbb1b6f9SApple OSS Distributions // Ensure pidversion always changes across exec
9*bbb1b6f9SApple OSS Distributions 
10*bbb1b6f9SApple OSS Distributions static int32_t
get_pidversion_for_pid(pid_t pid)11*bbb1b6f9SApple OSS Distributions get_pidversion_for_pid(pid_t pid)
12*bbb1b6f9SApple OSS Distributions {
13*bbb1b6f9SApple OSS Distributions 	struct proc_bsdinfowithuniqid bsd_info;
14*bbb1b6f9SApple OSS Distributions 	int ret = proc_pidinfo(pid, PROC_PIDT_BSDINFOWITHUNIQID, 0, &bsd_info, sizeof(bsd_info));
15*bbb1b6f9SApple OSS Distributions 	T_ASSERT_EQ((unsigned long)ret, sizeof(bsd_info), "PROC_PIDT_BSDINFOWITHUNIQID");
16*bbb1b6f9SApple OSS Distributions 	return bsd_info.p_uniqidentifier.p_idversion;
17*bbb1b6f9SApple OSS Distributions }
18*bbb1b6f9SApple OSS Distributions 
19*bbb1b6f9SApple OSS Distributions T_DECL(ensure_pidversion_changes_on_exec,
20*bbb1b6f9SApple OSS Distributions     "Ensure pidversion always changes across exec, even when groomed not to",
21*bbb1b6f9SApple OSS Distributions     T_META_NAMESPACE("xnu.exec"),
22*bbb1b6f9SApple OSS Distributions     T_META_TAG_VM_PREFERRED
23*bbb1b6f9SApple OSS Distributions     ) {
24*bbb1b6f9SApple OSS Distributions 	T_SETUPBEGIN;
25*bbb1b6f9SApple OSS Distributions 
26*bbb1b6f9SApple OSS Distributions 	// Given we exec a helper program (in a forked child, so this runner can stick around)
27*bbb1b6f9SApple OSS Distributions 	// (And we set up some resources to communicate with the forked process)
28*bbb1b6f9SApple OSS Distributions 	int pipefd[2];
29*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(pipe(pipefd), "pipe");
30*bbb1b6f9SApple OSS Distributions 
31*bbb1b6f9SApple OSS Distributions 	pid_t forked_pid = fork();
32*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(forked_pid, "fork");
33*bbb1b6f9SApple OSS Distributions 
34*bbb1b6f9SApple OSS Distributions 	if (forked_pid == 0) {
35*bbb1b6f9SApple OSS Distributions 		close(pipefd[0]);
36*bbb1b6f9SApple OSS Distributions 
37*bbb1b6f9SApple OSS Distributions 		// And we keep track of our current pidversion
38*bbb1b6f9SApple OSS Distributions 		int32_t forked_proc_pidv = get_pidversion_for_pid(getpid());
39*bbb1b6f9SApple OSS Distributions 
40*bbb1b6f9SApple OSS Distributions 		// And we ask the kernel to groom things such that `nextpidversion == current_proc->p_idversion + 1`
41*bbb1b6f9SApple OSS Distributions 		int64_t val = 0;
42*bbb1b6f9SApple OSS Distributions 		size_t val_len = sizeof(val);
43*bbb1b6f9SApple OSS Distributions 		sysctlbyname("debug.test.setup_ensure_pidversion_changes_on_exec", &val, &val_len, &val, sizeof(val));
44*bbb1b6f9SApple OSS Distributions 
45*bbb1b6f9SApple OSS Distributions 		// (And we send the parent's pidversion back to the test runner, for comparison with the exec'd process)
46*bbb1b6f9SApple OSS Distributions 		T_ASSERT_POSIX_SUCCESS(write(pipefd[1], (void*)&forked_proc_pidv, sizeof(forked_proc_pidv)), "write");
47*bbb1b6f9SApple OSS Distributions 		T_ASSERT_POSIX_SUCCESS(close(pipefd[1]), "close");
48*bbb1b6f9SApple OSS Distributions 
49*bbb1b6f9SApple OSS Distributions 		// When I exec a child
50*bbb1b6f9SApple OSS Distributions 		// (Which spins forever, so we can poke it)
51*bbb1b6f9SApple OSS Distributions 		char *args[4];
52*bbb1b6f9SApple OSS Distributions 		char *tail_path = "/usr/bin/tail";
53*bbb1b6f9SApple OSS Distributions 		args[0] = tail_path;
54*bbb1b6f9SApple OSS Distributions 		args[1] = "-f";
55*bbb1b6f9SApple OSS Distributions 		args[2] = "/dev/null";
56*bbb1b6f9SApple OSS Distributions 		args[3] = NULL;
57*bbb1b6f9SApple OSS Distributions 		execv(tail_path, args);
58*bbb1b6f9SApple OSS Distributions 		T_FAIL("execve() failed");
59*bbb1b6f9SApple OSS Distributions 	}
60*bbb1b6f9SApple OSS Distributions 
61*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(close(pipefd[1]), "close");
62*bbb1b6f9SApple OSS Distributions 
63*bbb1b6f9SApple OSS Distributions 	// (And we read the parent's pidversion from our forked counterpart, for comparison with the exec'd process)
64*bbb1b6f9SApple OSS Distributions 	int32_t forked_proc_pidversion;
65*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(read(pipefd[0], &forked_proc_pidversion, sizeof(forked_proc_pidversion)), "read");
66*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(close(pipefd[0]), "close");
67*bbb1b6f9SApple OSS Distributions 
68*bbb1b6f9SApple OSS Distributions 	// (Give the forked process a moment to exec().)
69*bbb1b6f9SApple OSS Distributions 	// (To get rid of this, we could exec something controlled that signals a semaphore.)
70*bbb1b6f9SApple OSS Distributions 	sleep(1);
71*bbb1b6f9SApple OSS Distributions 
72*bbb1b6f9SApple OSS Distributions 	T_SETUPEND;
73*bbb1b6f9SApple OSS Distributions 
74*bbb1b6f9SApple OSS Distributions 	// And I interrogate the pidversion of the exec'd process
75*bbb1b6f9SApple OSS Distributions 	int32_t exec_proc_pidversion = get_pidversion_for_pid(forked_pid);
76*bbb1b6f9SApple OSS Distributions 
77*bbb1b6f9SApple OSS Distributions 	// Then the pidversion should NOT be reused, despite our grooming
78*bbb1b6f9SApple OSS Distributions 	T_ASSERT_NE(exec_proc_pidversion, forked_proc_pidversion, "Prevent pidversion reuse");
79*bbb1b6f9SApple OSS Distributions 
80*bbb1b6f9SApple OSS Distributions 	// Cleanup: kill our errant child
81*bbb1b6f9SApple OSS Distributions 	T_SETUPBEGIN;
82*bbb1b6f9SApple OSS Distributions 	T_ASSERT_POSIX_SUCCESS(kill(forked_pid, SIGKILL), "kill");
83*bbb1b6f9SApple OSS Distributions 	T_SETUPEND;
84*bbb1b6f9SApple OSS Distributions }
85