xref: /xnu-12377.41.6/tests/runaway_mitigation.c (revision bbb1b6f9e71b8cdde6e5cd6f4841f207dee3d828)

/*
 * Copyright (c) 2025 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

/* test that the header doesn't implicitly depend on others */
#include <sys/resource_private.h>
#include <sys/resource.h>

#include <libproc.h>

#include <sys/types.h>
#include <unistd.h>

#include <mach/task.h>
#include <mach/task_policy.h>
#include <mach/mach.h>

#include <darwintest.h>
#include <darwintest_utils.h>

#include <sys/sfi.h>
#include <Kernel/kern/ledger.h>  /* TODO: this should be installed for userspace */
extern int ledger(int cmd, caddr_t arg1, caddr_t arg2, caddr_t arg3);

#include <kern/debug.h>
extern int __microstackshot(char *tracebuf, uint32_t tracebuf_size, uint32_t flags);


T_GLOBAL_META(T_META_NAMESPACE("xnu.scheduler"),
    T_META_RADAR_COMPONENT_NAME("xnu"),
    T_META_RADAR_COMPONENT_VERSION("scheduler"),
    T_META_OWNER("chimene"),
    T_META_RUN_CONCURRENTLY(false), /* because of messing with global SFI */
    T_META_ASROOT(true), /* for TASK_POLICY_STATE, and setting SFI */
    T_META_TAG_VM_PREFERRED);

static void
check_is_bg(bool wants_bg)
{
	kern_return_t kr;
	struct task_policy_state policy_state;

	mach_msg_type_number_t count = TASK_POLICY_STATE_COUNT;
	boolean_t get_default = FALSE;

	kr = task_policy_get(mach_task_self(), TASK_POLICY_STATE,
	    (task_policy_t)&policy_state, &count, &get_default);

	T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "task_policy_get(TASK_POLICY_STATE)");

	/*
	 * A test reporting type=APPLICATION should have the live donor bit set.
	 * If this fails, the test may have been launched as a daemon instead.
	 */
	T_QUIET; T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_LIVE_DONOR, "test should be live donor enabled");

	/*
	 * The BG bit is updated via task_policy_update_internal_locked,
	 * checking this proves that the first phase update ran on this task.
	 */
	if (wants_bg) {
		T_ASSERT_BITS_SET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is BG", getpid());
	} else {
		T_ASSERT_BITS_NOTSET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is not BG", getpid());
	}

	/*
	 * The live donor bit is updated via task_policy_update_complete_unlocked,
	 * checking this proves that the second phase update ran on this task.
	 */
	if (wants_bg) {
		T_ASSERT_BITS_NOTSET(policy_state.flags, TASK_IMP_DONOR, "%d: is not live donor", getpid());
	} else {
		T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_DONOR, "%d: is live donor", getpid());
	}
}

static void
check_runaway_mode(bool expected_mode)
{
	int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0);

	T_QUIET;
	T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");

	T_LOG("pid %d: runaway mitigation mode is: %d", getpid(), runaway_mode);

	if (expected_mode) {
		T_QUIET;
		T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");
		check_is_bg(true);
	} else {
		T_QUIET;
		T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
		check_is_bg(false);
	}
}

T_DECL(entitled_runaway_mode, "runaway mitigation mode should be settable while entitled")
{
	T_LOG("uid: %d", getuid());

	check_runaway_mode(false);

	T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");

	check_runaway_mode(true);

	T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");

	check_runaway_mode(false);
}

T_DECL(entitled_runaway_mode_read_root, "runaway mitigation mode should be readable as root",
    T_META_ASROOT(true))
{
	T_LOG("uid: %d", getuid());

	check_runaway_mode(false);
}

T_DECL(entitled_runaway_mode_read_notroot, "runaway mitigation mode should be readable as not root but entitled",
    T_META_ASROOT(false))
{
	T_LOG("uid: %d", getuid());

	int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, getpid());

	T_QUIET;
	T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");

	T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
}

T_DECL(runaway_mode_child_exit, "runaway mitigation mode should disappear when child exits")
{
	T_LOG("uid: %d", getuid());

	check_runaway_mode(false);

	T_LOG("Spawning child");

	pid_t child_pid = fork();

	if (child_pid == 0) {
		/* child process */

		check_runaway_mode(false);

		T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
		    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");

		check_runaway_mode(true);

		T_LOG("Exit pid %d with runaway mitigation mode on", getpid());

		exit(0);
	} else {
		T_ASSERT_POSIX_SUCCESS(child_pid, "fork, pid %d", child_pid);

		/* wait for child process to exit */
		int exit_status = 0, signum = 0;

		T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
		    "wait for child (%d) complete", child_pid);

		T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
		T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
	}

	check_runaway_mode(false);
}

T_DECL(runaway_mode_child_set, "runaway mitigation mode should be settable on child pid")
{
	T_LOG("uid: %d", getuid());

	check_runaway_mode(false);

	int fd[2];

	T_QUIET; T_ASSERT_POSIX_SUCCESS(pipe(fd), "pipe()");

	T_LOG("Spawning child");

	pid_t child_pid = fork();

	if (child_pid == 0) {
		char buf[10];

		/* child process */
		T_ASSERT_POSIX_SUCCESS(child_pid, "fork, in child with pid %d", getpid());

		T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");

		T_ASSERT_POSIX_SUCCESS(read(fd[0], buf, sizeof(buf)), "read(fd[0], buf, sizeof(buf)");

		T_ASSERT_POSIX_SUCCESS(close(fd[0]), "close(fd[0])");

		check_runaway_mode(true);

		T_LOG("Exit pid %d with runaway mitigation mode on", getpid());

		exit(0);
	} else {
		T_ASSERT_POSIX_SUCCESS(child_pid, "fork parent: child pid %d", child_pid);

		T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
		    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");

		int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid);

		T_QUIET;
		T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");

		T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");

		T_QUIET; T_LOG("Signalling child to continue");
		T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");

		/* wait for child process to exit */
		int exit_status = 0, signum = 0;

		T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
		    "wait for child (%d) complete", child_pid);

		T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
		T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
	}

	check_runaway_mode(false);
}


/*
 * TODO: This should be in a test utils library,
 * but it requires including Kernel.framework header kern/ledger.h, which is Bad
 */
static size_t
ledger_index_for_string(size_t *num_entries, char* string)
{
	struct ledger_info li;
	struct ledger_template_info *templateInfo = NULL;
	int ret;
	size_t i, footprint_index;
	bool found = false;

	ret = ledger(LEDGER_INFO, (caddr_t)(uintptr_t)getpid(), (caddr_t)&li, NULL);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_INFO)");

	T_QUIET; T_ASSERT_GT(li.li_entries, (int64_t) 0, "num ledger entries is valid");
	*num_entries = (size_t) li.li_entries;
	templateInfo = malloc((size_t)li.li_entries * sizeof(struct ledger_template_info));
	T_QUIET; T_ASSERT_NOTNULL(templateInfo, "malloc entries");

	footprint_index = 0;
	ret = ledger(LEDGER_TEMPLATE_INFO, (caddr_t) templateInfo, (caddr_t) num_entries, NULL);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_TEMPLATE_INFO)");
	for (i = 0; i < *num_entries; i++) {
		if (strcmp(templateInfo[i].lti_name, string) == 0) {
			footprint_index = i;
			found = true;
		}
	}
	free(templateInfo);
	T_QUIET; T_ASSERT_TRUE(found, "found %s in ledger", string);
	return footprint_index;
}

/*
 * sadly there's no 'get just this one ledger index' syscall,
 * we have to read all ledgers and filter for the one we want
 */
static int64_t
get_ledger_entry_for_pid(pid_t pid, size_t index, size_t num_entries)
{
	int ret;
	int64_t value;
	struct ledger_entry_info *lei = NULL;

	lei = malloc(num_entries * sizeof(*lei));
	ret = ledger(LEDGER_ENTRY_INFO, (caddr_t) (uintptr_t) pid, (caddr_t) lei, (caddr_t) &num_entries);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_ENTRY_INFO)");
	value = lei[index].lei_balance;
	free(lei);
	return value;
}


uint64_t initial_sfi_window = 0, initial_class_offtime = 0;

static void
restore_sfi_state(void)
{
	T_LOG("Restoring initial system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
	    initial_sfi_window, initial_class_offtime);

	/*
	 * Setting window will fail if there is a larger offtime set, and
	 * setting class will fail if the window is smaller.
	 * To avoid this, disable the window, configure new values, then finally
	 * re-enable the window.
	 */

	T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
	    "system_set_sfi_window(0)");

	T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, initial_class_offtime),
	    "system_set_sfi_window(%lld)", initial_class_offtime);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(initial_sfi_window),
	    "system_set_sfi_window(%lld)", initial_sfi_window);
}

const int spin_seconds = 1;


static void *
spin_thread(void *arg)
{
	static mach_timebase_info_data_t timebase_info;
	mach_timebase_info(&timebase_info);

	uint64_t duration = spin_seconds * NSEC_PER_SEC * timebase_info.denom / timebase_info.numer;
	uint64_t deadline = mach_absolute_time() + duration;

	while (mach_absolute_time() < deadline) {
		;
	}

	return NULL;
}

T_DECL(runaway_mode_child_sfi, "runaway mitigation mode should cause SFI")
{
	T_LOG("uid: %d", getuid());

	check_runaway_mode(false);

	T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&initial_sfi_window),
	    "system_get_sfi_window(&initial_sfi_window)");

	T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime),
	    "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime)");

	T_LOG("Initial System SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld\n", initial_sfi_window, initial_class_offtime);

	size_t num_ledger_entries = 0;
	size_t ledger_index = ledger_index_for_string(&num_ledger_entries, "SFI_CLASS_RUNAWAY_MITIGATION");
	uint64_t sfi_time_before = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);

	T_LOG("SFI_CLASS_RUNAWAY_MITIGATION ledger index: %zu out of %zu\n", ledger_index, num_ledger_entries);

	T_LOG("Initial accumulated SFI time: %lld\n", sfi_time_before);

	T_ATEND(restore_sfi_state);

	uint64_t custom_sfi_window = 100000; /* microseconds */
	uint64_t custom_class_offtime = 50000;

	T_LOG("Setting custom system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
	    custom_sfi_window, custom_class_offtime);

	T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
	    "system_set_sfi_window(0)");
	T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, custom_class_offtime),
	    "sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, %lld)", custom_class_offtime);
	T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(custom_sfi_window),
	    "system_set_sfi_window(%lld)", custom_sfi_window);

	pthread_t thread;

	T_LOG("Spawning thread to spin for %d seconds\n", spin_seconds);

	int rv = pthread_create(&thread, NULL, spin_thread, NULL);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_create");

	T_LOG("Enable mitigation mode\n");

	T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");

	check_runaway_mode(true);

	T_LOG("Wait %d seconds for spin to finish\n", spin_seconds);

	rv = pthread_join(thread, NULL);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_join");

	T_LOG("Thread joined, disable mitigation mode\n");

	T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");

	uint64_t sfi_time_after = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);

	T_LOG("Ending accumulated SFI time: %lld\n", sfi_time_after);

	T_ASSERT_LT(sfi_time_before, sfi_time_after, "SFI_CLASS_RUNAWAY_MITIGATION SFI time must have increased");

	check_runaway_mode(false);

	uint64_t final_sfi_window = 0, final_class_offtime = 0;

	T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&final_sfi_window),
	    "system_get_sfi_window(&final_sfi_window)");

	T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime),
	    "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime)");

	/*
	 * If the System SFI configuration was changed out from under us during the test, either us or them will be confused.
	 */
	T_QUIET; T_ASSERT_EQ(custom_sfi_window, final_sfi_window, "System SFI window should not unexpectedly change during the test");
	T_QUIET; T_ASSERT_EQ(custom_class_offtime, final_class_offtime, "System SFI offtime should not unexpectedly change during the test");
}

#if defined(__arm64__)

static bool found_flag = false;
static bool found_self = false;

static const size_t microstackshot_buf_size = 16 * 1024;

static bool
search_for_self_microstackshot(bool log_details)
{
	void *buf = calloc(microstackshot_buf_size, 1);
	T_QUIET; T_ASSERT_NOTNULL(buf, "allocate buffer");

	int ret = __microstackshot(buf, microstackshot_buf_size, STACKSHOT_GET_MICROSTACKSHOT);
	T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "microstackshot");

	if (!log_details) {
		T_QUIET;
	}
	T_EXPECT_EQ(*(uint32_t *)buf,
	    (uint32_t)STACKSHOT_MICRO_SNAPSHOT_MAGIC,
	    "magic value for microstackshot matches");

	uint32_t magic = STACKSHOT_TASK_SNAPSHOT_MAGIC;

	void* next_tsnap = memmem(buf, microstackshot_buf_size, &magic, sizeof(magic));

	void* buf_end = buf + microstackshot_buf_size;

	while (next_tsnap != NULL && next_tsnap + sizeof(struct task_snapshot) < buf_end) {
		struct task_snapshot *tsnap = (struct task_snapshot *)next_tsnap;
		unsigned int offset = next_tsnap - buf;

		if (log_details) {
			T_LOG("%6d: found snap pid %d name %s\n", offset, tsnap->pid, (char*)&tsnap->p_comm);
		}

		if (tsnap->pid == getpid()) {
			if (log_details) {
				T_LOG("%6d: found self snap: flags 0x%x 0x%llx\n", offset, tsnap->ss_flags, tsnap->disk_reads_count);
			}
			found_self = true;

			if (tsnap->disk_reads_count & kTaskRunawayMitigation) {
				T_LOG("%6d: found runaway flag: pid %d, name %s, flags: 0x%x 0x%llx, \n",
				    offset, tsnap->pid, (char*)&tsnap->p_comm, tsnap->ss_flags, tsnap->disk_reads_count);
				found_flag = true;
			}
		}

		void* search_start = next_tsnap + sizeof(struct task_snapshot);
		size_t remaining_size = buf_end - search_start;
		next_tsnap = memmem(search_start, remaining_size, &magic, sizeof(magic));
	}

	free(buf);

	return found_flag;
}

T_DECL(runaway_mode_microstackshot_flag,
    "check that mitigated processes show up in microstackshot",
    T_META_REQUIRES_SYSCTL_EQ("kern.monotonic.supported", 1),
    T_META_TAG_VM_NOT_ELIGIBLE, T_META_TIMEOUT(120))
{
	unsigned int pmi_counter;
	size_t sysctl_size = sizeof(pmi_counter);
	int ret = sysctlbyname(
		"kern.microstackshot.pmi_sample_counter",
		&pmi_counter, &sysctl_size, NULL, 0);
	if (ret == -1 && errno == ENOENT) {
		T_SKIP("no PMI support");
	} else {
		T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "query PMI counter");
	}
	uint64_t pmi_period;
	sysctl_size = sizeof(pmi_period);
	T_QUIET;
	T_ASSERT_POSIX_SUCCESS(sysctlbyname(
		    "kern.microstackshot.pmi_sample_period",
		    &pmi_period, &sysctl_size, NULL, 0),
	    "query PMI period");

	T_LOG("PMI counter: %u", pmi_counter);
	T_LOG("PMI period: %llu", pmi_period);

	if (pmi_period == 0) {
		T_SKIP("PMI microstackshots not enabled");
	}

	T_LOG("Enable mitigation mode on self\n");

	T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
	    0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");

	uint32_t iterations = 100;

	/* Over-spin to make it likely we get sampled at least once before failing */
	uint32_t multiplier = 10;
	uint64_t target_cycles = multiplier * pmi_period;

	T_LOG("Spinning for %d iterations or %lld*%d cycles or until self-sample is found\n",
	    iterations, pmi_period, multiplier);

	struct rusage_info_v6 ru = {};

	for (int i = 0; i < iterations; i++) {
		spin_thread(NULL);

		int rv = proc_pid_rusage(getpid(), RUSAGE_INFO_V6, (rusage_info_t *)&ru);
		T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "proc_pid_rusage");

		T_LOG("iteration %3d: %14lld / %14lld cycles executed (%.2f%%)\n", i,
		    ru.ri_cycles, target_cycles,
		    ((double)ru.ri_cycles) * 100.0 / (double)target_cycles);

		T_QUIET; T_ASSERT_NE(ru.ri_cycles, (uint64_t)0,
		    "should be able to measure cycles with proc_pid_rusage");

		bool found = search_for_self_microstackshot(false);
		if (ru.ri_cycles > target_cycles || found) {
			break;
		}
	}

	T_LOG("Complete, executed %lld cycles.  Disable mitigation mode.\n", ru.ri_cycles);

	T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
	    0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
	    "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");

	search_for_self_microstackshot(true);

	T_EXPECT_EQ(found_self, true,
	    "Should have found self in microstackshot buffer");
	T_EXPECT_EQ(found_flag, true,
	    "Should have found kTaskRunawayMitigation flag in microstackshot buffer");
}
#endif // defined(__arm64__)