1#include <darwintest.h> 2#include <darwintest_utils.h> 3#include <darwintest_multiprocess.h> 4#include <kern/debug.h> 5#include <kern/kern_cdata.h> 6#include <kern/block_hint.h> 7#include <kdd.h> 8#include <libproc.h> 9#include <os/atomic_private.h> 10#include <mach-o/dyld.h> 11#include <mach-o/dyld_images.h> 12#include <mach-o/dyld_priv.h> 13#include <sys/syscall.h> 14#include <sys/stackshot.h> 15#include <uuid/uuid.h> 16#include <servers/bootstrap.h> 17#include <pthread/workqueue_private.h> 18#include <dispatch/private.h> 19#include <stdalign.h> 20#include <TargetConditionals.h> 21#import <Foundation/NSTask.h> 22 23#import <zlib.h> 24#import <IOKit/IOKitLib.h> 25#import <IOKit/IOKitLibPrivate.h> 26#import <IOKit/IOKitKeysPrivate.h> 27#import "test_utils.h" 28 29 30 31T_GLOBAL_META( 32 T_META_NAMESPACE("xnu.stackshot"), 33 T_META_RADAR_COMPONENT_NAME("xnu"), 34 T_META_RADAR_COMPONENT_VERSION("stackshot"), 35 T_META_OWNER("jonathan_w_adams"), 36 T_META_CHECK_LEAKS(false), 37 T_META_ASROOT(true), 38 XNU_T_META_SOC_SPECIFIC 39 ); 40 41static const char *current_process_name(void); 42static void verify_stackshot_sharedcache_layout(struct dyld_uuid_info_64 *uuids, uint32_t uuid_count); 43static void parse_stackshot(uint64_t stackshot_parsing_flags, void *ssbuf, size_t sslen, NSDictionary *extra); 44static void parse_thread_group_stackshot(void **sbuf, size_t sslen); 45static uint64_t stackshot_timestamp(void *ssbuf, size_t sslen); 46static void initialize_thread(void); 47 48static uint64_t global_flags = 0; 49 50#define DEFAULT_STACKSHOT_BUFFER_SIZE (1024 * 1024) 51#define MAX_STACKSHOT_BUFFER_SIZE (6 * 1024 * 1024) 52 53#define SRP_SERVICE_NAME "com.apple.xnu.test.stackshot.special_reply_port" 54 55/* bit flags for parse_stackshot */ 56#define PARSE_STACKSHOT_DELTA 0x01 57#define PARSE_STACKSHOT_ZOMBIE 0x02 58#define PARSE_STACKSHOT_SHAREDCACHE_LAYOUT 0x04 59#define PARSE_STACKSHOT_DISPATCH_QUEUE_LABEL 0x08 60#define PARSE_STACKSHOT_TURNSTILEINFO 0x10 61#define PARSE_STACKSHOT_POSTEXEC 0x20 62#define PARSE_STACKSHOT_WAITINFO_CSEG 0x40 63#define PARSE_STACKSHOT_WAITINFO_SRP 0x80 64#define PARSE_STACKSHOT_TRANSLATED 0x100 65#define PARSE_STACKSHOT_SHAREDCACHE_FLAGS 0x200 66#define PARSE_STACKSHOT_EXEC_INPROGRESS 0x400 67#define PARSE_STACKSHOT_TRANSITIONING 0x800 68#define PARSE_STACKSHOT_ASYNCSTACK 0x1000 69#define PARSE_STACKSHOT_COMPACTINFO 0x2000 /* TODO: rdar://88789261 */ 70#define PARSE_STACKSHOT_DRIVERKIT 0x4000 71#define PARSE_STACKSHOT_THROTTLED_SP 0x8000 72#define PARSE_STACKSHOT_SUSPENDINFO 0x10000 73#define PARSE_STACKSHOT_TARGETPID 0x20000 74 75/* keys for 'extra' dictionary for parse_stackshot */ 76static const NSString* zombie_child_pid_key = @"zombie_child_pid"; // -> @(pid), required for PARSE_STACKSHOT_ZOMBIE 77static const NSString* postexec_child_unique_pid_key = @"postexec_child_unique_pid"; // -> @(unique_pid), required for PARSE_STACKSHOT_POSTEXEC 78static const NSString* cseg_expected_threadid_key = @"cseg_expected_threadid"; // -> @(tid), required for PARSE_STACKSHOT_WAITINFO_CSEG 79static const NSString* srp_expected_threadid_key = @"srp_expected_threadid"; // -> @(tid), this or ..._pid required for PARSE_STACKSHOT_WAITINFO_SRP 80static const NSString* srp_expected_pid_key = @"srp_expected_pid"; // -> @(pid), this or ..._threadid required for PARSE_STACKSHOT_WAITINFO_SRP 81static const NSString* translated_child_pid_key = @"translated_child_pid"; // -> @(pid), required for PARSE_STACKSHOT_TRANSLATED 82static const NSString* sharedcache_child_pid_key = @"sharedcache_child_pid"; // @(pid), required for PARSE_STACKSHOT_SHAREDCACHE_FLAGS 83static const NSString* sharedcache_child_sameaddr_key = @"sharedcache_child_sameaddr"; // @(0 or 1), required for PARSE_STACKSHOT_SHAREDCACHE_FLAGS 84static const NSString* exec_inprogress_pid_key = @"exec_inprogress_pid"; 85static const NSString* exec_inprogress_found_key = @"exec_inprogress_found"; // callback when inprogress is found 86static const NSString* transitioning_pid_key = @"transitioning_task_pid"; // -> @(pid), required for PARSE_STACKSHOT_TRANSITIONING 87static const NSString* asyncstack_expected_threadid_key = @"asyncstack_expected_threadid"; // -> @(tid), required for PARSE_STACKSHOT_ASYNCSTACK 88static const NSString* asyncstack_expected_stack_key = @"asyncstack_expected_stack"; // -> @[pc...]), expected PCs for asyncstack 89static const NSString* driverkit_found_key = @"driverkit_found_key"; // callback when driverkit process is found. argument is the process pid. 90static const NSString* sp_throttled_expected_ctxt_key = @"sp_throttled_expected_ctxt_key"; // -> @(ctxt), required for PARSE_STACKSHOT_THROTTLED_SP 91static const NSString* sp_throttled_expect_flag = @"sp_throttled_expect_flag"; // -> @(is_throttled), required for PARSE_STACKSHOT_THROTTLED_SP 92static const NSString* no_exclaves_key = @"no_exclaves"; 93 94#define TEST_STACKSHOT_QUEUE_LABEL "houston.we.had.a.problem" 95#define TEST_STACKSHOT_QUEUE_LABEL_LENGTH sizeof(TEST_STACKSHOT_QUEUE_LABEL) 96 97#define THROTTLED_SERVICE_NAME "com.apple.xnu.test.stackshot.throttled_service" 98 99static int64_t 100run_sysctl_test(const char *t, int64_t value) 101{ 102 char name[1024]; 103 int64_t result = 0; 104 size_t s = sizeof(value); 105 int rc; 106 107 snprintf(name, sizeof(name), "debug.test.%s", t); 108 rc = sysctlbyname(name, &result, &s, &value, s); 109 T_QUIET; T_ASSERT_POSIX_SUCCESS(rc, "sysctlbyname(%s)", name); 110 return result; 111} 112 113T_DECL(microstackshots, "test the microstackshot syscall", T_META_TAG_VM_PREFERRED) 114{ 115 void *buf = NULL; 116 unsigned int size = DEFAULT_STACKSHOT_BUFFER_SIZE; 117 118 while (1) { 119 buf = malloc(size); 120 T_QUIET; T_ASSERT_NOTNULL(buf, "allocated stackshot buffer"); 121 122#pragma clang diagnostic push 123#pragma clang diagnostic ignored "-Wdeprecated-declarations" 124 int len = syscall(SYS_microstackshot, buf, size, 125 (uint32_t) STACKSHOT_GET_MICROSTACKSHOT); 126#pragma clang diagnostic pop 127 if (len == ENOSYS) { 128 T_SKIP("microstackshot syscall failed, likely not compiled with CONFIG_TELEMETRY"); 129 } 130 if (len == -1 && errno == ENOSPC) { 131 /* syscall failed because buffer wasn't large enough, try again */ 132 free(buf); 133 buf = NULL; 134 size *= 2; 135 T_ASSERT_LE(size, (unsigned int)MAX_STACKSHOT_BUFFER_SIZE, 136 "growing stackshot buffer to sane size"); 137 continue; 138 } 139 T_ASSERT_POSIX_SUCCESS(len, "called microstackshot syscall"); 140 break; 141 } 142 143 T_EXPECT_EQ(*(uint32_t *)buf, 144 (uint32_t)STACKSHOT_MICRO_SNAPSHOT_MAGIC, 145 "magic value for microstackshot matches"); 146 147 free(buf); 148} 149 150struct scenario { 151 const char *name; 152 uint64_t flags; 153 bool quiet; 154 bool should_fail; 155 bool maybe_unsupported; 156 bool maybe_enomem; 157 bool no_recordfile; 158 pid_t target_pid; 159 bool target_kernel; 160 bool nocheck_recordfile; 161 uint64_t since_timestamp; 162 uint32_t size_hint; 163 dt_stat_time_t timer; 164}; 165 166static void 167quiet(struct scenario *scenario) 168{ 169 if (scenario->timer || scenario->quiet) { 170 T_QUIET; 171 } 172} 173 174static void 175take_stackshot(struct scenario *scenario, bool compress_ok, void (^cb)(void *buf, size_t size)) 176{ 177start: 178 initialize_thread(); 179 180 void *config = stackshot_config_create(); 181 quiet(scenario); 182 T_ASSERT_NOTNULL(config, "created stackshot config"); 183 184 int ret = stackshot_config_set_flags(config, scenario->flags | global_flags); 185 quiet(scenario); 186 T_ASSERT_POSIX_ZERO(ret, "set flags %#llx on stackshot config", scenario->flags); 187 188 if (scenario->size_hint > 0) { 189 ret = stackshot_config_set_size_hint(config, scenario->size_hint); 190 quiet(scenario); 191 T_ASSERT_POSIX_ZERO(ret, "set size hint %" PRIu32 " on stackshot config", 192 scenario->size_hint); 193 } 194 195 if (scenario->target_pid > 0) { 196 ret = stackshot_config_set_pid(config, scenario->target_pid); 197 quiet(scenario); 198 T_ASSERT_POSIX_ZERO(ret, "set target pid %d on stackshot config", 199 scenario->target_pid); 200 } else if (scenario->target_kernel) { 201 ret = stackshot_config_set_pid(config, 0); 202 quiet(scenario); 203 T_ASSERT_POSIX_ZERO(ret, "set kernel target on stackshot config"); 204 } 205 206 if (scenario->since_timestamp > 0) { 207 ret = stackshot_config_set_delta_timestamp(config, scenario->since_timestamp); 208 quiet(scenario); 209 T_ASSERT_POSIX_ZERO(ret, "set since timestamp %" PRIu64 " on stackshot config", 210 scenario->since_timestamp); 211 } 212 213 int retries_remaining = 5; 214 215retry: ; 216 uint64_t start_time = mach_absolute_time(); 217 ret = stackshot_capture_with_config(config); 218 uint64_t end_time = mach_absolute_time(); 219 220 if (scenario->should_fail) { 221 T_EXPECTFAIL; 222 T_ASSERT_POSIX_ZERO(ret, "called stackshot_capture_with_config"); 223 return; 224 } 225 226 if (ret == EBUSY || ret == ETIMEDOUT) { 227 if (retries_remaining > 0) { 228 if (!scenario->timer) { 229 T_LOG("stackshot_capture_with_config failed with %s (%d), retrying", 230 strerror(ret), ret); 231 } 232 233 retries_remaining--; 234 goto retry; 235 } else { 236 T_ASSERT_POSIX_ZERO(ret, 237 "called stackshot_capture_with_config (no retries remaining)"); 238 } 239 } else if ((ret == ENOTSUP) && scenario->maybe_unsupported) { 240 T_SKIP("kernel indicated this stackshot configuration is not supported"); 241 } else if ((ret == ENOMEM) && scenario->maybe_enomem) { 242 T_SKIP("insufficient available memory to run test"); 243 } else { 244 quiet(scenario); 245 T_ASSERT_POSIX_ZERO(ret, "called stackshot_capture_with_config"); 246 } 247 248 if (scenario->timer) { 249 dt_stat_mach_time_add(scenario->timer, end_time - start_time); 250 } 251 void *buf = stackshot_config_get_stackshot_buffer(config); 252 size_t size = stackshot_config_get_stackshot_size(config); 253 if (scenario->name && !scenario->no_recordfile) { 254 char sspath[MAXPATHLEN]; 255 strlcpy(sspath, scenario->name, sizeof(sspath)); 256 strlcat(sspath, ".kcdata", sizeof(sspath)); 257 T_QUIET; T_ASSERT_POSIX_ZERO(dt_resultfile(sspath, sizeof(sspath)), 258 "create result file path"); 259 260 if (!scenario->quiet) { 261 T_LOG("writing stackshot to %s", sspath); 262 } 263 264 FILE *f = fopen(sspath, "w"); 265 T_WITH_ERRNO; T_QUIET; T_ASSERT_NOTNULL(f, 266 "open stackshot output file"); 267 268 size_t written = fwrite(buf, size, 1, f); 269 T_QUIET; T_ASSERT_POSIX_SUCCESS(written, "wrote stackshot to file"); 270 271 fclose(f); 272 273 // the xnu lldbmacros include a kcdata dumper which is used by 274 // panic triage and other things to process the recorded data 275 // from panics. With `-s foo.ips`, this generates a panic 276 // report similar. It's really important that this continues to 277 // work. 278 // 279 // We also ship the same code as /usr/local/bin/kcdata. To make 280 // sure the *.ips continues to work without aborting or otherwise 281 // tripping over the current data being output by xnu, we do a 282 // `kcdata.py -s /dev/null` run on the *first* kcdata we get for 283 // a given test, and save the stdout/err to files that get 284 // reported in the test report. Typically it will tell you the 285 // shared cache UUID and maybe complain about missing exclaves 286 // data. 287 // 288 // This only works on full stackshots, so we skip it for DELTAs, 289 // and BridgeOS is missing python, so we make sure everything we 290 // need is executable before trying 291#define PYTHON3_PATH "/usr/local/bin/python3" 292#define KCDATA_PATH "/usr/local/bin/kcdata" 293 if (!(scenario->flags & STACKSHOT_COLLECT_DELTA_SNAPSHOT) && 294 !scenario->nocheck_recordfile && 295 access(PYTHON3_PATH, X_OK) == 0 && access(KCDATA_PATH, X_OK) == 0) { 296 297 scenario->nocheck_recordfile = true; // don't do this more than once per scenario 298 char outpath[MAXPATHLEN]; 299 strlcpy(outpath, scenario->name, sizeof(outpath)); 300 strlcat(outpath, ".kcdpy-out", sizeof(outpath)); 301 char errpath[MAXPATHLEN]; 302 strlcpy(errpath, scenario->name, sizeof(errpath)); 303 strlcat(errpath, ".kcdpy-err", sizeof(errpath)); 304 T_QUIET; T_ASSERT_POSIX_ZERO(dt_resultfile(outpath, sizeof(outpath)), "create py-out path"); 305 T_QUIET; T_ASSERT_POSIX_ZERO(dt_resultfile(errpath, sizeof(errpath)), "create py-err path"); 306 307 char *launch_tool_args[] = { 308 KCDATA_PATH, 309 "-s", 310 "/dev/null", 311 sspath, 312 NULL 313 }; 314 pid_t child_pid = -1; 315 int ret = dt_launch_tool(&child_pid, launch_tool_args, false, outpath, errpath); 316 T_WITH_ERRNO; T_EXPECT_EQ(ret, 0, "dt_launch_tool(\"" KCDATA_PATH " -s /dev/null kcdata\") should succeed"); 317 if (ret == 0) { 318 int exit_status = 0, signum = 0; 319 ret = dt_waitpid(child_pid, &exit_status, &signum, 60); 320 T_QUIET; T_EXPECT_EQ(ret, 1, "dt_waitpid() on "KCDATA_PATH); 321 if (ret == 1) { 322 T_EXPECT_EQ(exit_status, 0, "kcdata.py should successfully run against our output"); 323 T_QUIET; T_EXPECT_EQ(signum, 0, "kcdata.py shouldn't get a signal"); 324 } 325 } 326 } 327 } 328 cb(buf, size); 329 if (compress_ok) { 330 if (global_flags == 0) { 331 T_LOG("Restarting test with compression"); 332 global_flags |= STACKSHOT_DO_COMPRESS; 333 goto start; 334 } else { 335 global_flags = 0; 336 } 337 } 338 339 ret = stackshot_config_dealloc(config); 340 T_QUIET; T_EXPECT_POSIX_ZERO(ret, "deallocated stackshot config"); 341} 342 343T_DECL(simple_compressed, "take a simple compressed stackshot", T_META_TAG_VM_PREFERRED) 344{ 345 struct scenario scenario = { 346 .name = "kcdata_compressed", 347 .flags = (STACKSHOT_DO_COMPRESS | STACKSHOT_SAVE_LOADINFO | STACKSHOT_THREAD_WAITINFO | STACKSHOT_GET_GLOBAL_MEM_STATS | 348 STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 349 }; 350 351 T_LOG("taking compressed kcdata stackshot"); 352 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 353 parse_stackshot(0, ssbuf, sslen, nil); 354 }); 355} 356 357T_DECL(panic_compressed, "take a compressed stackshot with the same flags as a panic stackshot", T_META_TAG_VM_PREFERRED) 358{ 359 uint64_t stackshot_flags = (STACKSHOT_SAVE_KEXT_LOADINFO | 360 STACKSHOT_SAVE_LOADINFO | 361 STACKSHOT_KCDATA_FORMAT | 362 STACKSHOT_ENABLE_BT_FAULTING | 363 STACKSHOT_ENABLE_UUID_FAULTING | 364 STACKSHOT_DO_COMPRESS | 365 STACKSHOT_NO_IO_STATS | 366 STACKSHOT_THREAD_WAITINFO | 367#if TARGET_OS_MAC 368 STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT | 369#endif 370 STACKSHOT_DISABLE_LATENCY_INFO); 371 372 struct scenario scenario = { 373 .name = "kcdata_panic_compressed", 374 .flags = stackshot_flags, 375 }; 376 377 T_LOG("taking compressed kcdata stackshot with panic flags"); 378 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 379 parse_stackshot(0, ssbuf, sslen, nil); 380 }); 381} 382 383T_DECL(kcdata, "test that kcdata stackshots can be taken and parsed", T_META_TAG_VM_PREFERRED) 384{ 385 struct scenario scenario = { 386 .name = "kcdata", 387 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS | 388 STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 389 }; 390 391 T_LOG("taking kcdata stackshot"); 392 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 393 parse_stackshot(0, ssbuf, sslen, nil); 394 }); 395} 396 397static void 398get_stats(stackshot_stats_t *_Nonnull out) 399{ 400 size_t oldlen = sizeof (*out); 401 bzero(out, oldlen); 402 int result = sysctlbyname("kern.stackshot_stats", out, &oldlen, NULL, 0); 403 T_WITH_ERRNO; T_ASSERT_POSIX_SUCCESS(result, "reading \"kern.stackshot_stats\" sysctl should succeed"); 404 T_EXPECT_EQ(oldlen, sizeof (*out), "kernel should update full stats structure"); 405} 406 407static void 408log_stats(mach_timebase_info_data_t timebase, uint64_t now, const char *name, stackshot_stats_t stat) 409{ 410 uint64_t last_ago = (now - stat.ss_last_start) * timebase.numer / timebase.denom; 411 uint64_t last_duration = (stat.ss_last_end - stat.ss_last_start) * timebase.numer / timebase.denom; 412 uint64_t total_duration = (stat.ss_duration) * timebase.numer / timebase.denom; 413 414 uint64_t nanosec = 1000000000llu; 415 T_LOG("%s: %8lld stackshots, %10lld.%09lld total nsecs, last %lld.%09lld secs ago, %lld.%09lld secs long", 416 name, stat.ss_count, 417 total_duration / nanosec, total_duration % nanosec, 418 last_ago / nanosec, last_ago % nanosec, 419 last_duration / nanosec, last_duration % nanosec); 420} 421 422T_DECL(stats, "test that stackshot stats can be read out and change when a stackshot occurs", T_META_TAG_VM_PREFERRED) 423{ 424 mach_timebase_info_data_t timebase = {0, 0}; 425 mach_timebase_info(&timebase); 426 427 struct scenario scenario = { 428 .name = "kcdata", 429 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_KCDATA_FORMAT), 430 }; 431 432 stackshot_stats_t pre, post; 433 434 get_stats(&pre); 435 436 T_LOG("taking kcdata stackshot"); 437 take_stackshot(&scenario, true, ^(__unused void *ssbuf, __unused size_t sslen) { 438 (void)0; 439 }); 440 441 get_stats(&post); 442 443 uint64_t now = mach_absolute_time(); 444 445 log_stats(timebase, now, " pre", pre); 446 log_stats(timebase, now, " post", post); 447 448 int64_t delta_stackshots = (int64_t)(post.ss_count - pre.ss_count); 449 int64_t delta_duration = (int64_t)(post.ss_duration - pre.ss_duration) * (int64_t)timebase.numer / (int64_t)timebase.denom; 450 int64_t delta_nsec = delta_duration % 1000000000ll; 451 if (delta_nsec < 0) { 452 delta_nsec += 1000000000ll; 453 } 454 T_LOG("delta: %+8lld stackshots, %+10lld.%09lld total nsecs", delta_stackshots, delta_duration / 1000000000ll, delta_nsec); 455 456 T_EXPECT_LT(pre.ss_last_start, pre.ss_last_end, "pre: stackshot should take time"); 457 T_EXPECT_LT(pre.ss_count, post.ss_count, "stackshot count should increase when a stackshot is taken"); 458 T_EXPECT_LT(pre.ss_duration, post.ss_duration, "stackshot duration should increase when a stackshot is taken"); 459 T_EXPECT_LT(pre.ss_last_end, post.ss_last_start, "previous end should be less than new start after a stackshot"); 460 T_EXPECT_LT(post.ss_last_start, post.ss_last_end, "post: stackshot should take time"); 461} 462 463T_DECL(kcdata_faulting, "test that kcdata stackshots while faulting can be taken and parsed", T_META_TAG_VM_PREFERRED) 464{ 465 struct scenario scenario = { 466 .name = "faulting", 467 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 468 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT 469 | STACKSHOT_ENABLE_BT_FAULTING | STACKSHOT_ENABLE_UUID_FAULTING), 470 }; 471 472 T_LOG("taking faulting stackshot"); 473 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 474 parse_stackshot(0, ssbuf, sslen, nil); 475 }); 476} 477 478T_DECL(bad_flags, "test a poorly-formed stackshot syscall", T_META_TAG_VM_PREFERRED) 479{ 480 struct scenario scenario = { 481 .flags = STACKSHOT_SAVE_IN_KERNEL_BUFFER /* not allowed from user space */, 482 .should_fail = true, 483 }; 484 485 T_LOG("attempting to take stackshot with kernel-only flag"); 486 take_stackshot(&scenario, true, ^(__unused void *ssbuf, __unused size_t sslen) { 487 T_ASSERT_FAIL("stackshot data callback called"); 488 }); 489} 490 491T_DECL(delta, "test delta stackshots", T_META_TAG_VM_PREFERRED) 492{ 493 struct scenario scenario = { 494 .name = "delta", 495 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 496 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 497 }; 498 499 T_LOG("taking full stackshot"); 500 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 501 uint64_t stackshot_time = stackshot_timestamp(ssbuf, sslen); 502 503 T_LOG("taking delta stackshot since time %" PRIu64, stackshot_time); 504 505 parse_stackshot(0, ssbuf, sslen, nil); 506 507 struct scenario delta_scenario = { 508 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 509 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT 510 | STACKSHOT_COLLECT_DELTA_SNAPSHOT), 511 .since_timestamp = stackshot_time 512 }; 513 514 take_stackshot(&delta_scenario, false, ^(void *dssbuf, size_t dsslen) { 515 parse_stackshot(PARSE_STACKSHOT_DELTA, dssbuf, dsslen, nil); 516 }); 517 }); 518} 519 520T_DECL(shared_cache_layout, "test stackshot inclusion of shared cache layout", T_META_TAG_VM_PREFERRED) 521{ 522 struct scenario scenario = { 523 .name = "shared_cache_layout", 524 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 525 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT | 526 STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT), 527 }; 528 529 size_t shared_cache_length; 530 const void *cache_header = _dyld_get_shared_cache_range(&shared_cache_length); 531 if (cache_header == NULL) { 532 T_SKIP("Device not running with shared cache, skipping test..."); 533 } 534 535 if (shared_cache_length == 0) { 536 T_SKIP("dyld reports that currently running shared cache has zero length"); 537 } 538 539 T_LOG("taking stackshot with STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT set"); 540 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 541 parse_stackshot(PARSE_STACKSHOT_SHAREDCACHE_LAYOUT, ssbuf, sslen, nil); 542 }); 543} 544 545T_DECL(stress, "test that taking stackshots for 60 seconds doesn't crash the system", T_META_TAG_VM_PREFERRED) 546{ 547 uint64_t max_diff_time = 60ULL /* seconds */ * 1000000000ULL; 548 uint64_t start_time; 549 550 struct scenario scenario = { 551 .name = "stress", 552 .quiet = true, 553 .flags = (STACKSHOT_KCDATA_FORMAT | 554 STACKSHOT_THREAD_WAITINFO | 555 STACKSHOT_SAVE_LOADINFO | 556 STACKSHOT_SAVE_KEXT_LOADINFO | 557 STACKSHOT_GET_GLOBAL_MEM_STATS | 558 STACKSHOT_SAVE_IMP_DONATION_PIDS | 559 STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT | 560 STACKSHOT_THREAD_GROUP | 561 STACKSHOT_SAVE_JETSAM_COALITIONS | 562 STACKSHOT_ASID | 563 STACKSHOT_EXCLAVES | 564 0), 565 }; 566 567 start_time = clock_gettime_nsec_np(CLOCK_MONOTONIC); 568 while (clock_gettime_nsec_np(CLOCK_MONOTONIC) - start_time < max_diff_time) { 569 take_stackshot(&scenario, false, ^(void * __unused ssbuf, 570 size_t __unused sslen) { 571 printf("."); 572 fflush(stdout); 573 }); 574 575 /* 576 * After the first stackshot, there's no point in continuing to 577 * write them to disk, and it wears down the SSDs. 578 */ 579 scenario.no_recordfile = true; 580 581 /* Leave some time for the testing infrastructure to catch up */ 582 usleep(10000); 583 584 } 585 printf("\n"); 586} 587 588T_DECL(dispatch_queue_label, "test that kcdata stackshots contain libdispatch queue labels", T_META_TAG_VM_PREFERRED) 589{ 590 struct scenario scenario = { 591 .name = "kcdata", 592 .flags = (STACKSHOT_GET_DQ | STACKSHOT_KCDATA_FORMAT), 593 }; 594 dispatch_semaphore_t child_ready_sem, parent_done_sem; 595 dispatch_queue_t dq; 596 597#if TARGET_OS_WATCH 598 T_SKIP("This test is flaky on watches: 51663346"); 599#endif 600 601 child_ready_sem = dispatch_semaphore_create(0); 602 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "dqlabel child semaphore"); 603 604 parent_done_sem = dispatch_semaphore_create(0); 605 T_QUIET; T_ASSERT_NOTNULL(parent_done_sem, "dqlabel parent semaphore"); 606 607 dq = dispatch_queue_create(TEST_STACKSHOT_QUEUE_LABEL, NULL); 608 T_QUIET; T_ASSERT_NOTNULL(dq, "dispatch queue"); 609 610 /* start the helper thread */ 611 dispatch_async(dq, ^{ 612 dispatch_semaphore_signal(child_ready_sem); 613 614 dispatch_semaphore_wait(parent_done_sem, DISPATCH_TIME_FOREVER); 615 }); 616 617 /* block behind the child starting up */ 618 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 619 620 T_LOG("taking kcdata stackshot with libdispatch queue labels"); 621 take_stackshot(&scenario, true, ^(void *ssbuf, size_t sslen) { 622 parse_stackshot(PARSE_STACKSHOT_DISPATCH_QUEUE_LABEL, ssbuf, sslen, nil); 623 }); 624 625 dispatch_semaphore_signal(parent_done_sem); 626} 627 628#define CACHEADDR_ENV "STACKSHOT_TEST_DYLDADDR" 629T_HELPER_DECL(spawn_reslide_child, "child process to spawn with alternate slide") 630{ 631 size_t shared_cache_len; 632 const void *addr, *prevaddr; 633 uintmax_t v; 634 char *endptr; 635 636 const char *cacheaddr_env = getenv(CACHEADDR_ENV); 637 T_QUIET; T_ASSERT_NOTNULL(cacheaddr_env, "getenv("CACHEADDR_ENV")"); 638 errno = 0; 639 endptr = NULL; 640 v = strtoumax(cacheaddr_env, &endptr, 16); /* read hex value */ 641 T_WITH_ERRNO; T_QUIET; T_ASSERT_NE(v, 0l, "getenv(%s) = \"%s\" should be a non-zero hex number", CACHEADDR_ENV, cacheaddr_env); 642 T_QUIET; T_ASSERT_EQ(*endptr, 0, "getenv(%s) = \"%s\" endptr \"%s\" should be empty", CACHEADDR_ENV, cacheaddr_env, endptr); 643 644 prevaddr = (const void *)v; 645 addr = _dyld_get_shared_cache_range(&shared_cache_len); 646 T_QUIET; T_ASSERT_NOTNULL(addr, "shared cache address"); 647 648 T_QUIET; T_ASSERT_POSIX_SUCCESS(kill(getppid(), (addr == prevaddr) ? SIGUSR2 : SIGUSR1), "signaled parent to take stackshot"); 649 for (;;) { 650 (void) pause(); /* parent will kill -9 us */ 651 } 652} 653 654T_DECL(shared_cache_flags, "tests stackshot's task_ss_flags for the shared cache", T_META_TAG_VM_PREFERRED) 655{ 656 posix_spawnattr_t attr; 657 char *env_addr; 658 char path[PATH_MAX]; 659 __block bool child_same_addr = false; 660 661 uint32_t path_size = sizeof(path); 662 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 663 char *args[] = { path, "-n", "spawn_reslide_child", NULL }; 664 pid_t pid; 665 size_t shared_cache_len; 666 const void *addr; 667 668 dispatch_source_t child_diffsig_src, child_samesig_src; 669 dispatch_semaphore_t child_ready_sem = dispatch_semaphore_create(0); 670 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "shared_cache child semaphore"); 671 672 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 673 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 674 675 signal(SIGUSR1, SIG_IGN); 676 signal(SIGUSR2, SIG_IGN); 677 child_samesig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 678 T_QUIET; T_ASSERT_NOTNULL(child_samesig_src, "dispatch_source_create (child_samesig_src)"); 679 child_diffsig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR2, 0, signal_processing_q); 680 T_QUIET; T_ASSERT_NOTNULL(child_diffsig_src, "dispatch_source_create (child_diffsig_src)"); 681 682 /* child will signal us depending on if their addr is the same or different */ 683 dispatch_source_set_event_handler(child_samesig_src, ^{ child_same_addr = false; dispatch_semaphore_signal(child_ready_sem); }); 684 dispatch_source_set_event_handler(child_diffsig_src, ^{ child_same_addr = true; dispatch_semaphore_signal(child_ready_sem); }); 685 dispatch_activate(child_samesig_src); 686 dispatch_activate(child_diffsig_src); 687 688 addr = _dyld_get_shared_cache_range(&shared_cache_len); 689 T_QUIET; T_ASSERT_NOTNULL(addr, "shared cache address"); 690 691 T_QUIET; T_ASSERT_POSIX_SUCCESS(asprintf(&env_addr, "%p", addr), "asprintf of env_addr succeeded"); 692 T_QUIET; T_ASSERT_POSIX_SUCCESS(setenv(CACHEADDR_ENV, env_addr, true), "setting "CACHEADDR_ENV" to %s", env_addr); 693 694 T_QUIET; T_ASSERT_POSIX_ZERO(posix_spawnattr_init(&attr), "posix_spawnattr_init"); 695 T_QUIET; T_ASSERT_POSIX_ZERO(posix_spawnattr_setflags(&attr, _POSIX_SPAWN_RESLIDE), "posix_spawnattr_setflags"); 696 int sp_ret = posix_spawn(&pid, path, NULL, &attr, args, environ); 697 T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", args[0], pid); 698 699 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 700 T_LOG("received signal from child (%s), capturing stackshot", child_same_addr ? "same shared cache addr" : "different shared cache addr"); 701 702 struct scenario scenario = { 703 .name = "shared_cache_flags", 704 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 705 | STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT 706 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 707 }; 708 709 take_stackshot(&scenario, false, ^( void *ssbuf, size_t sslen) { 710 int status; 711 /* First kill the child so we can reap it */ 712 T_QUIET; T_ASSERT_POSIX_SUCCESS(kill(pid, SIGKILL), "killing spawned process"); 713 T_QUIET; T_ASSERT_POSIX_SUCCESS(waitpid(pid, &status, 0), "waitpid on spawned child"); 714 T_QUIET; T_ASSERT_EQ(!!WIFSIGNALED(status), 1, "waitpid status should be signalled"); 715 T_QUIET; T_ASSERT_EQ(WTERMSIG(status), SIGKILL, "waitpid status should be SIGKILLed"); 716 717 parse_stackshot(PARSE_STACKSHOT_SHAREDCACHE_FLAGS, ssbuf, sslen, 718 @{sharedcache_child_pid_key: @(pid), sharedcache_child_sameaddr_key: @(child_same_addr ? 1 : 0)}); 719 }); 720} 721 722T_DECL(transitioning_tasks, "test that stackshot contains transitioning task info", T_META_BOOTARGS_SET("enable_proc_exit_lpexit_spin=1"), T_META_TAG_VM_PREFERRED) 723{ 724 int32_t sysctlValue = -1, numAttempts =0; 725 char path[PATH_MAX]; 726 uint32_t path_size = sizeof(path); 727 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 728 char *args[] = { path, "-n", "exec_child_preexec", NULL }; 729 730 dispatch_source_t child_sig_src; 731 dispatch_semaphore_t child_ready_sem = dispatch_semaphore_create(0); 732 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "exec child semaphore"); 733 734 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 735 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 736 737 pid_t pid; 738 739 signal(SIGUSR1, SIG_IGN); 740 child_sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 741 T_QUIET; T_ASSERT_NOTNULL(child_sig_src, "dispatch_source_create (child_sig_src)"); 742 743 dispatch_source_set_event_handler(child_sig_src, ^{ dispatch_semaphore_signal(child_ready_sem); }); 744 dispatch_activate(child_sig_src); 745 746 T_ASSERT_POSIX_SUCCESS(sysctlbyname("debug.proc_exit_lpexit_spin_pid", NULL, NULL, &sysctlValue, sizeof(sysctlValue)), "set debug.proc_exit_lpexit_spin_pid=-1"); 747 748 int proc_exit_spin_pos = 0 ; 749 750 while (0 == sysctlbyname("debug.proc_exit_lpexit_spin_pos", NULL, NULL, &proc_exit_spin_pos, sizeof(proc_exit_spin_pos))) { 751 752 T_LOG(" ##### Testing while spinning in proc_exit at position %d ##### ", proc_exit_spin_pos); 753 754 int sp_ret = posix_spawn(&pid, args[0], NULL, NULL, args, NULL); 755 T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", args[0], pid); 756 757 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 758 759 struct proc_uniqidentifierinfo proc_info_data = { }; 760 int retval = proc_pidinfo(getpid(), PROC_PIDUNIQIDENTIFIERINFO, 0, &proc_info_data, sizeof(proc_info_data)); 761 T_QUIET; T_EXPECT_POSIX_SUCCESS(retval, "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO"); 762 T_QUIET; T_ASSERT_EQ_INT(retval, (int) sizeof(proc_info_data), "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO returned data"); 763 764 T_ASSERT_POSIX_SUCCESS(kill(pid, SIGUSR1), "signaled pre-exec child to exec"); 765 766 /* wait for a signal from post-exec child */ 767 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 768 769 T_ASSERT_POSIX_SUCCESS(sysctlbyname("debug.proc_exit_lpexit_spin_pid", NULL, NULL, &pid, sizeof(pid)), "set debug.proc_exit_lpexit_spin_pid = %d, ", pid); 770 771 T_ASSERT_POSIX_SUCCESS(kill(pid, SIGKILL), "kill post-exec child %d", pid); 772 773 sysctlValue = 0; 774 size_t len = sizeof(sysctlValue); 775 while (numAttempts < 5) { 776 T_ASSERT_POSIX_SUCCESS(sysctlbyname("debug.proc_exit_lpexit_spinning", &sysctlValue, &len, NULL, 0), "retrieve debug.proc_exit_lpexit_spinning"); 777 if (sysctlValue != 1) numAttempts++; 778 else break; 779 sleep(1); 780 } 781 782 T_ASSERT_EQ_UINT(sysctlValue, 1, "find spinning task in proc_exit()"); 783 784 struct scenario scenario = { 785 .name = "transitioning_tasks", 786 .flags = (STACKSHOT_KCDATA_FORMAT) 787 }; 788 789 take_stackshot(&scenario, false, ^( void *ssbuf, size_t sslen) { 790 parse_stackshot(PARSE_STACKSHOT_TRANSITIONING, ssbuf, sslen, @{transitioning_pid_key: @(pid)}); 791 792 // Kill the child 793 int sysctlValueB = -1; 794 T_ASSERT_POSIX_SUCCESS(sysctlbyname("debug.proc_exit_lpexit_spin_pid", NULL, NULL, &sysctlValueB, sizeof(sysctlValueB)), "set debug.proc_exit_lpexit_spin_pid=-1"); 795 sleep(1); 796 size_t blen = sizeof(sysctlValueB); 797 T_ASSERT_POSIX_SUCCESS(sysctlbyname("debug.proc_exit_lpexit_spinning", &sysctlValueB, &blen, NULL, 0), "retrieve debug.proc_exit_lpexit_spinning"); 798 T_ASSERT_EQ_UINT(sysctlValueB, 0, "make sure nothing is spining in proc_exit()"); 799 int status; 800 T_ASSERT_POSIX_SUCCESS(waitpid(pid, &status, 0), "waitpid on post-exec child"); 801 }); 802 803 proc_exit_spin_pos++; 804 } 805 806} 807 808static void *stuck_sysctl_thread(void *arg) { 809 int val = 1; 810 dispatch_semaphore_t child_thread_started = *(dispatch_semaphore_t *)arg; 811 812 dispatch_semaphore_signal(child_thread_started); 813 T_ASSERT_POSIX_SUCCESS(sysctlbyname("kern.wedge_thread", NULL, NULL, &val, sizeof(val)), "wedge child thread"); 814 815 return NULL; 816} 817 818T_HELPER_DECL(zombie_child, "child process to sample as a zombie") 819{ 820 pthread_t pthread; 821 dispatch_semaphore_t child_thread_started = dispatch_semaphore_create(0); 822 T_QUIET; T_ASSERT_NOTNULL(child_thread_started, "zombie child thread semaphore"); 823 824 /* spawn another thread to get stuck in the kernel, then call exit() to become a zombie */ 825 T_QUIET; T_ASSERT_POSIX_SUCCESS(pthread_create(&pthread, NULL, stuck_sysctl_thread, &child_thread_started), "pthread_create"); 826 827 dispatch_semaphore_wait(child_thread_started, DISPATCH_TIME_FOREVER); 828 829 /* sleep for a bit in the hope of ensuring that the other thread has called the sysctl before we signal the parent */ 830 usleep(100); 831 T_ASSERT_POSIX_SUCCESS(kill(getppid(), SIGUSR1), "signaled parent to take stackshot"); 832 833 exit(0); 834} 835 836T_DECL(zombie, "tests a stackshot of a zombie task with a thread stuck in the kernel", 837 T_META_ENABLED(false), /* test is too flaky to run by default, but transitioning_tasks covers this case as well */ 838 T_META_TAG_VM_PREFERRED) 839{ 840 char path[PATH_MAX]; 841 uint32_t path_size = sizeof(path); 842 T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 843 char *args[] = { path, "-n", "zombie_child", NULL }; 844 845 dispatch_source_t child_sig_src; 846 dispatch_semaphore_t child_ready_sem = dispatch_semaphore_create(0); 847 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "zombie child semaphore"); 848 849 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 850 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 851 852 pid_t pid; 853 854 T_LOG("spawning a child"); 855 856 signal(SIGUSR1, SIG_IGN); 857 child_sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 858 T_QUIET; T_ASSERT_NOTNULL(child_sig_src, "dispatch_source_create (child_sig_src)"); 859 860 dispatch_source_set_event_handler(child_sig_src, ^{ dispatch_semaphore_signal(child_ready_sem); }); 861 dispatch_activate(child_sig_src); 862 863 int sp_ret = posix_spawn(&pid, args[0], NULL, NULL, args, NULL); 864 T_QUIET; T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", args[0], pid); 865 866 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 867 868 T_LOG("received signal from child, capturing stackshot"); 869 870 struct proc_bsdshortinfo bsdshortinfo; 871 int retval, iterations_to_wait = 10; 872 873 while (iterations_to_wait > 0) { 874 retval = proc_pidinfo(pid, PROC_PIDT_SHORTBSDINFO, 0, &bsdshortinfo, sizeof(bsdshortinfo)); 875 if ((retval == 0) && errno == ESRCH) { 876 T_LOG("unable to find child using proc_pidinfo, assuming zombie"); 877 break; 878 } 879 880 T_QUIET; T_WITH_ERRNO; T_ASSERT_GT(retval, 0, "proc_pidinfo(PROC_PIDT_SHORTBSDINFO) returned a value > 0"); 881 T_QUIET; T_ASSERT_EQ(retval, (int)sizeof(bsdshortinfo), "proc_pidinfo call for PROC_PIDT_SHORTBSDINFO returned expected size"); 882 883 if (bsdshortinfo.pbsi_flags & PROC_FLAG_INEXIT) { 884 T_LOG("child proc info marked as in exit"); 885 break; 886 } 887 888 iterations_to_wait--; 889 if (iterations_to_wait == 0) { 890 /* 891 * This will mark the test as failed but let it continue so we 892 * don't leave a process stuck in the kernel. 893 */ 894 T_FAIL("unable to discover that child is marked as exiting"); 895 } 896 897 /* Give the child a few more seconds to make it to exit */ 898 sleep(5); 899 } 900 901 /* Give the child some more time to make it through exit */ 902 sleep(10); 903 904 struct scenario scenario = { 905 .name = "zombie", 906 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 907 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 908 }; 909 910 take_stackshot(&scenario, false, ^( void *ssbuf, size_t sslen) { 911 /* First unwedge the child so we can reap it */ 912 int val = 1, status; 913 T_ASSERT_POSIX_SUCCESS(sysctlbyname("kern.unwedge_thread", NULL, NULL, &val, sizeof(val)), "unwedge child"); 914 915 T_QUIET; T_ASSERT_POSIX_SUCCESS(waitpid(pid, &status, 0), "waitpid on zombie child"); 916 917 parse_stackshot(PARSE_STACKSHOT_ZOMBIE, ssbuf, sslen, @{zombie_child_pid_key: @(pid)}); 918 }); 919} 920 921T_HELPER_DECL(exec_child_preexec, "child process pre-exec") 922{ 923 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 924 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 925 926 signal(SIGUSR1, SIG_IGN); 927 dispatch_source_t parent_sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 928 T_QUIET; T_ASSERT_NOTNULL(parent_sig_src, "dispatch_source_create (child_sig_src)"); 929 dispatch_source_set_event_handler(parent_sig_src, ^{ 930 931 // Parent took a timestamp then signaled us: exec into the next process 932 933 char path[PATH_MAX]; 934 uint32_t path_size = sizeof(path); 935 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 936 char *args[] = { path, "-n", "exec_child_postexec", NULL }; 937 938 T_QUIET; T_ASSERT_POSIX_ZERO(execve(args[0], args, NULL), "execing into exec_child_postexec"); 939 }); 940 dispatch_activate(parent_sig_src); 941 942 T_ASSERT_POSIX_SUCCESS(kill(getppid(), SIGUSR1), "signaled parent to take timestamp"); 943 944 sleep(100); 945 // Should never get here 946 T_FAIL("Received signal to exec from parent"); 947} 948 949T_HELPER_DECL(exec_child_postexec, "child process post-exec to sample") 950{ 951 T_ASSERT_POSIX_SUCCESS(kill(getppid(), SIGUSR1), "signaled parent to take stackshot"); 952 sleep(100); 953 // Should never get here 954 T_FAIL("Killed by parent"); 955} 956 957T_DECL(exec, "test getting full task snapshots for a task that execs", T_META_TAG_VM_PREFERRED) 958{ 959 char path[PATH_MAX]; 960 uint32_t path_size = sizeof(path); 961 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 962 char *args[] = { path, "-n", "exec_child_preexec", NULL }; 963 964 dispatch_source_t child_sig_src; 965 dispatch_semaphore_t child_ready_sem = dispatch_semaphore_create(0); 966 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "exec child semaphore"); 967 968 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 969 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 970 971 pid_t pid; 972 973 T_LOG("spawning a child"); 974 975 signal(SIGUSR1, SIG_IGN); 976 child_sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 977 T_QUIET; T_ASSERT_NOTNULL(child_sig_src, "dispatch_source_create (child_sig_src)"); 978 979 dispatch_source_set_event_handler(child_sig_src, ^{ dispatch_semaphore_signal(child_ready_sem); }); 980 dispatch_activate(child_sig_src); 981 982 int sp_ret = posix_spawn(&pid, args[0], NULL, NULL, args, NULL); 983 T_QUIET; T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", args[0], pid); 984 985 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 986 uint64_t start_time = mach_absolute_time(); 987 988 struct proc_uniqidentifierinfo proc_info_data = { }; 989 int retval = proc_pidinfo(getpid(), PROC_PIDUNIQIDENTIFIERINFO, 0, &proc_info_data, sizeof(proc_info_data)); 990 T_QUIET; T_EXPECT_POSIX_SUCCESS(retval, "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO"); 991 T_QUIET; T_ASSERT_EQ_INT(retval, (int) sizeof(proc_info_data), "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO returned data"); 992 uint64_t unique_pid = proc_info_data.p_uniqueid; 993 994 T_LOG("received signal from pre-exec child, unique_pid is %llu, timestamp is %llu", unique_pid, start_time); 995 996 T_ASSERT_POSIX_SUCCESS(kill(pid, SIGUSR1), "signaled pre-exec child to exec"); 997 998 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 999 1000 T_LOG("received signal from post-exec child, capturing stackshot"); 1001 1002 struct scenario scenario = { 1003 .name = "exec", 1004 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 1005 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT 1006 | STACKSHOT_COLLECT_DELTA_SNAPSHOT), 1007 .since_timestamp = start_time 1008 }; 1009 1010 take_stackshot(&scenario, false, ^( void *ssbuf, size_t sslen) { 1011 // Kill the child 1012 int status; 1013 T_ASSERT_POSIX_SUCCESS(kill(pid, SIGKILL), "kill post-exec child %d", pid); 1014 T_ASSERT_POSIX_SUCCESS(waitpid(pid, &status, 0), "waitpid on post-exec child"); 1015 1016 parse_stackshot(PARSE_STACKSHOT_POSTEXEC | PARSE_STACKSHOT_DELTA, ssbuf, sslen, @{postexec_child_unique_pid_key: @(unique_pid)}); 1017 }); 1018} 1019 1020T_DECL( 1021 exec_inprogress, 1022 "test stackshots of processes in the middle of exec", 1023 T_META_ENABLED(false), /* rdar://111691318 */ 1024 T_META_TAG_VM_PREFERRED) 1025{ 1026 pid_t pid; 1027 /* a BASH quine which execs itself as long as the parent doesn't exit */ 1028 char *bash_prog = "[[ $PPID -ne 1 ]] && exec /bin/bash -c \"$0\" \"$0\""; 1029 char *args[] = { "/bin/bash", "-c", bash_prog, bash_prog, NULL }; 1030 1031 posix_spawnattr_t sattr; 1032 T_ASSERT_POSIX_ZERO(posix_spawnattr_init(&sattr), "posix_spawnattr_init"); 1033 T_ASSERT_POSIX_ZERO(posix_spawn(&pid, args[0], NULL, &sattr, args, NULL), "spawn exec_inprogress_child"); 1034 1035 struct scenario scenario = { 1036 .name = "exec_inprogress", 1037 .flags = (STACKSHOT_KCDATA_FORMAT), 1038 .target_pid = pid, 1039 }; 1040 1041 int tries = 0; 1042 int tries_limit = 30; 1043 __block bool found = false; 1044 __block uint64_t cid1 = 0, cid2 = 0; 1045 1046 for (tries = 0; !found && tries < tries_limit; tries++) { 1047 take_stackshot(&scenario, false, 1048 ^( void *ssbuf, size_t sslen) { 1049 parse_stackshot(PARSE_STACKSHOT_EXEC_INPROGRESS | PARSE_STACKSHOT_TARGETPID, 1050 ssbuf, sslen, @{ 1051 exec_inprogress_pid_key: @(pid), 1052 exec_inprogress_found_key: ^(uint64_t id1, uint64_t id2) { found = true; cid1 = id1; cid2 = id2; }}); 1053 }); 1054 } 1055 T_QUIET; T_ASSERT_POSIX_SUCCESS(kill(pid, SIGKILL), "killing exec loop"); 1056 T_ASSERT_TRUE(found, "able to find our execing process mid-exec in %d tries", tries); 1057 T_ASSERT_NE(cid1, cid2, "container IDs for in-progress exec are unique"); 1058 T_PASS("found mid-exec process in %d tries", tries); 1059} 1060 1061#ifdef _LP64 1062#if __has_feature(ptrauth_calls) 1063#define __ptrauth_swift_async_context_parent \ 1064 __ptrauth(ptrauth_key_process_independent_data, 1, 0xbda2) 1065#define __ptrauth_swift_async_context_resume \ 1066 __ptrauth(ptrauth_key_function_pointer, 1, 0xd707) 1067#else 1068#define __ptrauth_swift_async_context_parent 1069#define __ptrauth_swift_async_context_resume 1070#endif 1071// Add 1 to match the symbolication aid added by the stackshot backtracer. 1072#define asyncstack_frame(x) ((uintptr_t)(void *)ptrauth_strip((void *)(x), ptrauth_key_function_pointer) + 1) 1073 1074// This struct fakes the Swift AsyncContext struct which is used by 1075// the Swift concurrency runtime. We only care about the first 2 fields. 1076struct fake_async_context { 1077 struct fake_async_context* __ptrauth_swift_async_context_parent next; 1078 void(*__ptrauth_swift_async_context_resume resume_pc)(void); 1079}; 1080 1081static void 1082level1_func() 1083{ 1084} 1085static void 1086level2_func() 1087{ 1088} 1089 1090// Create a chain of fake async contexts; sync with asyncstack_expected_stack below 1091static alignas(16) struct fake_async_context level1 = { 0, level1_func }; 1092static alignas(16) struct fake_async_context level2 = { &level1, level2_func }; 1093 1094struct async_test_semaphores { 1095 dispatch_semaphore_t child_ready_sem; /* signal parent we're ready */ 1096 dispatch_semaphore_t child_exit_sem; /* parent tells us to go away */ 1097}; 1098 1099#define ASYNCSTACK_THREAD_NAME "asyncstack_thread" 1100 1101static void __attribute__((noinline, not_tail_called)) 1102expect_asyncstack(void *arg) 1103{ 1104 struct async_test_semaphores *async_ts = arg; 1105 1106 T_QUIET; T_ASSERT_POSIX_ZERO(pthread_setname_np(ASYNCSTACK_THREAD_NAME), 1107 "set thread name to %s", ASYNCSTACK_THREAD_NAME); 1108 1109 /* Tell the main thread we're all set up, then wait for permission to exit */ 1110 dispatch_semaphore_signal(async_ts->child_ready_sem); 1111 dispatch_semaphore_wait(async_ts->child_exit_sem, DISPATCH_TIME_FOREVER); 1112 usleep(1); /* make sure we don't tailcall semaphore_wait */ 1113} 1114 1115static void * 1116asyncstack_thread(void *arg) 1117{ 1118 uint64_t *fp = __builtin_frame_address(0); 1119 // We cannot use a variable of pointer type, because this ABI is valid 1120 // on arm64_32 where pointers are 32bits, but the context pointer will 1121 // still be stored in a 64bits slot on the stack. 1122#if __has_feature(ptrauth_calls) 1123#define __stack_context_auth __ptrauth(ptrauth_key_process_dependent_data, 1, \ 1124 0xc31a) 1125 struct fake_async_context * __stack_context_auth ctx = &level2; 1126#else // __has_feature(ptrauth_calls) 1127 /* struct fake_async_context * */uint64_t ctx = (uintptr_t)&level2; 1128#endif // !__has_feature(ptrauth_calls) 1129 1130 // The signature of an async frame on the OS stack is: 1131 // [ <AsyncContext address>, <Saved FP | (1<<60)>, <return address> ] 1132 // The Async context must be right before the saved FP on the stack. This 1133 // should happen naturally in an optimized build as it is the only 1134 // variable on the stack. 1135 // This function cannot use T_ASSERT_* becuse it changes the stack 1136 // layout. 1137 assert((uintptr_t)fp - (uintptr_t)&ctx == 8); 1138 1139 // Modify the saved FP on the stack to include the async frame marker 1140 *fp |= (0x1ULL << 60); 1141 expect_asyncstack(arg); 1142 return NULL; 1143} 1144 1145T_DECL(asyncstack, "test swift async stack entries", T_META_TAG_VM_PREFERRED) 1146{ 1147 struct scenario scenario = { 1148 .name = "asyncstack", 1149 .flags = STACKSHOT_KCDATA_FORMAT | STACKSHOT_SAVE_LOADINFO, 1150 }; 1151 struct async_test_semaphores async_ts = { 1152 .child_ready_sem = dispatch_semaphore_create(0), 1153 .child_exit_sem = dispatch_semaphore_create(0), 1154 }; 1155 T_QUIET; T_ASSERT_NOTNULL(async_ts.child_ready_sem, "child_ready_sem alloc"); 1156 T_QUIET; T_ASSERT_NOTNULL(async_ts.child_exit_sem, "child_exit_sem alloc"); 1157 1158 pthread_t pthread; 1159 __block uint64_t threadid = 0; 1160 T_QUIET; T_ASSERT_POSIX_ZERO(pthread_create(&pthread, NULL, asyncstack_thread, &async_ts), "pthread_create"); 1161 T_QUIET; T_ASSERT_POSIX_ZERO(pthread_threadid_np(pthread, &threadid), "pthread_threadid_np"); 1162 1163 dispatch_semaphore_wait(async_ts.child_ready_sem, DISPATCH_TIME_FOREVER); 1164 1165 take_stackshot(&scenario, true, ^( void *ssbuf, size_t sslen) { 1166 parse_stackshot(PARSE_STACKSHOT_ASYNCSTACK, ssbuf, sslen, @{ 1167 asyncstack_expected_threadid_key: @(threadid), 1168 asyncstack_expected_stack_key: @[ @(asyncstack_frame(level2_func)), @(asyncstack_frame(level1_func)) ], 1169 }); 1170 }); 1171 1172 dispatch_semaphore_signal(async_ts.child_exit_sem); 1173 T_QUIET; T_ASSERT_POSIX_ZERO(pthread_join(pthread, NULL), "wait for thread"); 1174 1175} 1176#endif /* #ifdef _LP64 */ 1177 1178static uint32_t 1179get_user_promotion_basepri(void) 1180{ 1181 mach_msg_type_number_t count = THREAD_POLICY_STATE_COUNT; 1182 struct thread_policy_state thread_policy; 1183 boolean_t get_default = FALSE; 1184 mach_port_t thread_port = pthread_mach_thread_np(pthread_self()); 1185 1186 kern_return_t kr = thread_policy_get(thread_port, THREAD_POLICY_STATE, 1187 (thread_policy_t)&thread_policy, &count, &get_default); 1188 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "thread_policy_get"); 1189 return thread_policy.thps_user_promotion_basepri; 1190} 1191 1192static int 1193get_pri(thread_t thread_port) 1194{ 1195 kern_return_t kr; 1196 1197 thread_extended_info_data_t extended_info; 1198 mach_msg_type_number_t count = THREAD_EXTENDED_INFO_COUNT; 1199 kr = thread_info(thread_port, THREAD_EXTENDED_INFO, 1200 (thread_info_t)&extended_info, &count); 1201 1202 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "thread_info"); 1203 1204 return extended_info.pth_curpri; 1205} 1206 1207 1208T_DECL(turnstile_singlehop, "turnstile single hop test", T_META_TAG_VM_PREFERRED) 1209{ 1210 dispatch_queue_t dq1, dq2; 1211 dispatch_semaphore_t sema_x; 1212 dispatch_queue_attr_t dq1_attr, dq2_attr; 1213 __block qos_class_t main_qos = 0; 1214 __block int main_relpri = 0, main_relpri2 = 0, main_afterpri = 0; 1215 struct scenario scenario = { 1216 .name = "turnstile_singlehop", 1217 .flags = (STACKSHOT_THREAD_WAITINFO | STACKSHOT_KCDATA_FORMAT), 1218 }; 1219 dq1_attr = dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_SERIAL, QOS_CLASS_UTILITY, 0); 1220 dq2_attr = dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_SERIAL, QOS_CLASS_USER_INITIATED, 0); 1221 pthread_mutex_t lock_a = PTHREAD_MUTEX_INITIALIZER; 1222 pthread_mutex_t lock_b = PTHREAD_MUTEX_INITIALIZER; 1223 1224 pthread_mutex_t *lockap = &lock_a, *lockbp = &lock_b; 1225 1226 dq1 = dispatch_queue_create("q1", dq1_attr); 1227 dq2 = dispatch_queue_create("q2", dq2_attr); 1228 sema_x = dispatch_semaphore_create(0); 1229 1230 pthread_mutex_lock(lockap); 1231 dispatch_async(dq1, ^{ 1232 pthread_mutex_lock(lockbp); 1233 T_ASSERT_POSIX_SUCCESS(pthread_get_qos_class_np(pthread_self(), &main_qos, &main_relpri), "get qos class"); 1234 T_LOG("The priority of q1 is %d\n", get_pri(mach_thread_self())); 1235 dispatch_semaphore_signal(sema_x); 1236 pthread_mutex_lock(lockap); 1237 }); 1238 dispatch_semaphore_wait(sema_x, DISPATCH_TIME_FOREVER); 1239 1240 T_LOG("Async1 completed"); 1241 1242 pthread_set_qos_class_self_np(QOS_CLASS_UTILITY, 0); 1243 T_ASSERT_POSIX_SUCCESS(pthread_get_qos_class_np(pthread_self(), &main_qos, &main_relpri), "get qos class"); 1244 T_LOG("The priority of main is %d\n", get_pri(mach_thread_self())); 1245 main_relpri = get_pri(mach_thread_self()); 1246 1247 dispatch_async(dq2, ^{ 1248 T_ASSERT_POSIX_SUCCESS(pthread_get_qos_class_np(pthread_self(), &main_qos, &main_relpri2), "get qos class"); 1249 T_LOG("The priority of q2 is %d\n", get_pri(mach_thread_self())); 1250 dispatch_semaphore_signal(sema_x); 1251 pthread_mutex_lock(lockbp); 1252 }); 1253 dispatch_semaphore_wait(sema_x, DISPATCH_TIME_FOREVER); 1254 1255 T_LOG("Async2 completed"); 1256 1257 while (1) { 1258 main_afterpri = (int) get_user_promotion_basepri(); 1259 if (main_relpri != main_afterpri) { 1260 T_LOG("Success with promotion pri is %d", main_afterpri); 1261 break; 1262 } 1263 1264 usleep(100); 1265 } 1266 1267 take_stackshot(&scenario, true, ^( void *ssbuf, size_t sslen) { 1268 parse_stackshot(PARSE_STACKSHOT_TURNSTILEINFO, ssbuf, sslen, nil); 1269 }); 1270} 1271 1272 1273static void 1274expect_instrs_cycles_in_stackshot(void *ssbuf, size_t sslen) 1275{ 1276 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 1277 1278 bool in_task = false; 1279 bool in_thread = false; 1280 bool saw_instrs_cycles = false; 1281 iter = kcdata_iter_next(iter); 1282 1283 KCDATA_ITER_FOREACH(iter) { 1284 switch (kcdata_iter_type(iter)) { 1285 case KCDATA_TYPE_CONTAINER_BEGIN: 1286 switch (kcdata_iter_container_type(iter)) { 1287 case STACKSHOT_KCCONTAINER_TASK: 1288 in_task = true; 1289 saw_instrs_cycles = false; 1290 break; 1291 1292 case STACKSHOT_KCCONTAINER_THREAD: 1293 in_thread = true; 1294 saw_instrs_cycles = false; 1295 break; 1296 1297 default: 1298 break; 1299 } 1300 break; 1301 1302 case STACKSHOT_KCTYPE_INSTRS_CYCLES: 1303 saw_instrs_cycles = true; 1304 break; 1305 1306 case KCDATA_TYPE_CONTAINER_END: 1307 if (in_thread) { 1308 T_QUIET; T_EXPECT_TRUE(saw_instrs_cycles, 1309 "saw instructions and cycles in thread"); 1310 in_thread = false; 1311 } else if (in_task) { 1312 T_QUIET; T_EXPECT_TRUE(saw_instrs_cycles, 1313 "saw instructions and cycles in task"); 1314 in_task = false; 1315 } 1316 1317 default: 1318 break; 1319 } 1320 } 1321} 1322 1323static void 1324skip_if_monotonic_unsupported(void) 1325{ 1326 int supported = 0; 1327 size_t supported_size = sizeof(supported); 1328 int ret = sysctlbyname("kern.monotonic.supported", &supported, 1329 &supported_size, 0, 0); 1330 if (ret < 0 || !supported) { 1331 T_SKIP("monotonic is unsupported"); 1332 } 1333} 1334 1335T_DECL(instrs_cycles, "test a getting instructions and cycles in stackshot", T_META_TAG_VM_PREFERRED) 1336{ 1337 skip_if_monotonic_unsupported(); 1338 1339 struct scenario scenario = { 1340 .name = "instrs-cycles", 1341 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_INSTRS_CYCLES 1342 | STACKSHOT_KCDATA_FORMAT), 1343 }; 1344 1345 T_LOG("attempting to take stackshot with instructions and cycles"); 1346 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1347 parse_stackshot(0, ssbuf, sslen, nil); 1348 expect_instrs_cycles_in_stackshot(ssbuf, sslen); 1349 }); 1350} 1351 1352T_DECL(delta_instrs_cycles, 1353 "test delta stackshots with instructions and cycles", T_META_TAG_VM_PREFERRED) 1354{ 1355 skip_if_monotonic_unsupported(); 1356 1357 struct scenario scenario = { 1358 .name = "delta-instrs-cycles", 1359 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_INSTRS_CYCLES 1360 | STACKSHOT_KCDATA_FORMAT), 1361 }; 1362 1363 T_LOG("taking full stackshot"); 1364 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1365 uint64_t stackshot_time = stackshot_timestamp(ssbuf, sslen); 1366 1367 T_LOG("taking delta stackshot since time %" PRIu64, stackshot_time); 1368 1369 parse_stackshot(0, ssbuf, sslen, nil); 1370 expect_instrs_cycles_in_stackshot(ssbuf, sslen); 1371 1372 struct scenario delta_scenario = { 1373 .name = "delta-instrs-cycles-next", 1374 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_INSTRS_CYCLES 1375 | STACKSHOT_KCDATA_FORMAT 1376 | STACKSHOT_COLLECT_DELTA_SNAPSHOT), 1377 .since_timestamp = stackshot_time, 1378 }; 1379 1380 take_stackshot(&delta_scenario, false, ^(void *dssbuf, size_t dsslen) { 1381 parse_stackshot(PARSE_STACKSHOT_DELTA, dssbuf, dsslen, nil); 1382 expect_instrs_cycles_in_stackshot(dssbuf, dsslen); 1383 }); 1384 }); 1385} 1386 1387static void 1388check_thread_groups_supported() 1389{ 1390 int err; 1391 int supported = 0; 1392 size_t supported_size = sizeof(supported); 1393 err = sysctlbyname("kern.thread_groups_supported", &supported, &supported_size, NULL, 0); 1394 1395 if (err || !supported) 1396 T_SKIP("thread groups not supported on this system"); 1397} 1398 1399T_DECL(thread_groups, "test getting thread groups in stackshot", T_META_TAG_VM_PREFERRED) 1400{ 1401 check_thread_groups_supported(); 1402 1403 struct scenario scenario = { 1404 .name = "thread-groups", 1405 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_THREAD_GROUP 1406 | STACKSHOT_KCDATA_FORMAT), 1407 }; 1408 1409 T_LOG("attempting to take stackshot with thread group flag"); 1410 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1411 parse_thread_group_stackshot(ssbuf, sslen); 1412 }); 1413} 1414 1415T_DECL(compactinfo, "test compactinfo inclusion", T_META_TAG_VM_PREFERRED) 1416{ 1417 struct scenario scenario = { 1418 .name = "compactinfo", 1419 .target_pid = getpid(), 1420 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_SAVE_DYLD_COMPACTINFO 1421 | STACKSHOT_KCDATA_FORMAT), 1422 }; 1423 1424 T_LOG("attempting to take stackshot with compactinfo flag"); 1425 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1426 parse_stackshot(PARSE_STACKSHOT_COMPACTINFO | PARSE_STACKSHOT_TARGETPID, ssbuf, sslen, nil); 1427 }); 1428} 1429 1430T_DECL(suspendinfo, "test task suspend info inclusion", T_META_TAG_VM_PREFERRED) 1431{ 1432 struct scenario scenario = { 1433 .name = "suspendinfo", 1434 .target_pid = getpid(), 1435 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_KCDATA_FORMAT), 1436 }; 1437 1438 T_LOG("attempting to take stackshot with suspendinfo flag"); 1439 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1440 parse_stackshot(PARSE_STACKSHOT_SUSPENDINFO | PARSE_STACKSHOT_TARGETPID, ssbuf, sslen, nil); 1441 }); 1442} 1443 1444static NSMutableSet * find_driverkit_pids(io_registry_entry_t root) { 1445 NSMutableSet * driverkit_pids = [NSMutableSet setWithCapacity:3]; 1446 io_registry_entry_t current = IO_OBJECT_NULL; 1447 io_iterator_t iter = IO_OBJECT_NULL; 1448 1449 T_EXPECT_MACH_SUCCESS(IORegistryEntryGetChildIterator(root, kIOServicePlane, &iter), "get registry iterator"); 1450 1451 while ((current = IOIteratorNext(iter)) != IO_OBJECT_NULL) { 1452 if (_IOObjectConformsTo(current, "IOUserServer", kIOClassNameOverrideNone)) { 1453 CFMutableDictionaryRef cfProperties = NULL; 1454 NSMutableDictionary * properties; 1455 NSString * client_creator_info; 1456 NSArray<NSString *> *creator_info_array; 1457 pid_t pid; 1458 1459 T_QUIET; T_EXPECT_MACH_SUCCESS(IORegistryEntryCreateCFProperties(current, &cfProperties, kCFAllocatorDefault, kNilOptions), "get properties"); 1460 properties = CFBridgingRelease(cfProperties); 1461 T_QUIET; T_ASSERT_NOTNULL(properties, "properties is not null"); 1462 client_creator_info = properties[@kIOUserClientCreatorKey]; 1463 creator_info_array = [client_creator_info componentsSeparatedByString:@","]; 1464 if ([creator_info_array[0] hasPrefix:@"pid"]) { 1465 NSArray<NSString *> *pid_info = [creator_info_array[0] componentsSeparatedByString:@" "]; 1466 T_QUIET; T_ASSERT_EQ(pid_info.count, 2UL, "Get pid info components from %s", creator_info_array[0].UTF8String); 1467 pid = pid_info[1].intValue; 1468 } else { 1469 T_ASSERT_FAIL("No pid info in client creator info: %s", client_creator_info.UTF8String); 1470 } 1471 T_LOG("Found driver pid %d", pid); 1472 [driverkit_pids addObject:[NSNumber numberWithInt:pid]]; 1473 } else { 1474 [driverkit_pids unionSet:find_driverkit_pids(current)]; 1475 } 1476 IOObjectRelease(current); 1477 } 1478 1479 IOObjectRelease(iter); 1480 return driverkit_pids; 1481} 1482 1483T_DECL(driverkit, "test driverkit inclusion", T_META_TAG_VM_PREFERRED) 1484{ 1485 struct scenario scenario = { 1486 .name = "driverkit", 1487 .target_kernel = true, 1488 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_KCDATA_FORMAT 1489 | STACKSHOT_INCLUDE_DRIVER_THREADS_IN_KERNEL), 1490 }; 1491 1492 io_registry_entry_t root = IORegistryGetRootEntry(kIOMainPortDefault); 1493 NSMutableSet * driverkit_pids = find_driverkit_pids(root); 1494 IOObjectRelease(root); 1495 1496 T_LOG("expecting to find %lu driverkit processes", [driverkit_pids count]); 1497 T_LOG("attempting to take stackshot with STACKSHOT_INCLUDE_DRIVER_THREADS_IN_KERNEL flag"); 1498 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1499 parse_stackshot(PARSE_STACKSHOT_DRIVERKIT | PARSE_STACKSHOT_TARGETPID, ssbuf, sslen, @{ 1500 driverkit_found_key: ^(pid_t pid) { 1501 [driverkit_pids removeObject:[NSNumber numberWithInt:pid]]; 1502 }}); 1503 }); 1504 1505 T_EXPECT_EQ([driverkit_pids count], (NSUInteger)0, "found expected number of driverkit processes"); 1506} 1507 1508static void 1509parse_page_table_asid_stackshot(void **ssbuf, size_t sslen) 1510{ 1511 bool seen_asid = false; 1512 bool seen_page_table_snapshot = false; 1513 bool seen_task = false; 1514 int container = 0; 1515 int task_container = -1; 1516 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 1517 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, 1518 "buffer provided is a stackshot"); 1519 1520 iter = kcdata_iter_next(iter); 1521 KCDATA_ITER_FOREACH(iter) { 1522 switch (kcdata_iter_type(iter)) { 1523 /* There's a slight chance that we see a transit version of this task 1524 * in the stackshot, so we want to make sure to check both */ 1525 case KCDATA_TYPE_CONTAINER_BEGIN: { 1526 container++; 1527 if (kcdata_iter_container_type(iter) == STACKSHOT_KCCONTAINER_TASK) { 1528 seen_asid = seen_page_table_snapshot = false; 1529 task_container = container; 1530 } 1531 break; 1532 } 1533 case KCDATA_TYPE_CONTAINER_END: { 1534 if (container == task_container) { 1535 task_container = -1; 1536 seen_task = true; 1537 T_ASSERT_TRUE(seen_page_table_snapshot, "check that we have seen a page table snapshot"); 1538 T_ASSERT_TRUE(seen_asid, "check that we have seen an ASID"); 1539 } 1540 container--; 1541 break; 1542 } 1543 case KCDATA_TYPE_ARRAY: { 1544 T_QUIET; 1545 T_ASSERT_TRUE(kcdata_iter_array_valid(iter), 1546 "checked that array is valid"); 1547 1548 if (kcdata_iter_array_elem_type(iter) != STACKSHOT_KCTYPE_PAGE_TABLES) { 1549 continue; 1550 } 1551 1552 T_ASSERT_FALSE(seen_page_table_snapshot, "check that we haven't yet seen a page table snapshot"); 1553 seen_page_table_snapshot = true; 1554 1555 T_ASSERT_EQ((size_t) kcdata_iter_array_elem_size(iter), sizeof(uint64_t), 1556 "check that each element of the pagetable dump is the expected size"); 1557 1558 uint64_t *pt_array = kcdata_iter_payload(iter); 1559 uint32_t elem_count = kcdata_iter_array_elem_count(iter); 1560 uint32_t j; 1561 bool nonzero_tte = false; 1562 for (j = 0; j < elem_count;) { 1563 T_QUIET; T_ASSERT_LE(j + 4, elem_count, "check for valid page table segment header"); 1564 uint64_t pa = pt_array[j]; 1565 uint64_t num_entries = pt_array[j + 1]; 1566 uint64_t start_va = pt_array[j + 2]; 1567 uint64_t end_va = pt_array[j + 3]; 1568 1569 T_QUIET; T_ASSERT_NE(pa, (uint64_t) 0, "check that the pagetable physical address is non-zero"); 1570 T_QUIET; T_ASSERT_EQ(pa % (num_entries * sizeof(uint64_t)), (uint64_t) 0, "check that the pagetable physical address is correctly aligned"); 1571 T_QUIET; T_ASSERT_NE(num_entries, (uint64_t) 0, "check that a pagetable region has more than 0 entries"); 1572 T_QUIET; T_ASSERT_LE(j + 4 + num_entries, (uint64_t) elem_count, "check for sufficient space in page table array"); 1573 T_QUIET; T_ASSERT_GT(end_va, start_va, "check for valid VA bounds in page table segment header"); 1574 1575 for (uint32_t k = j + 4; k < (j + 4 + num_entries); ++k) { 1576 if (pt_array[k] != 0) { 1577 nonzero_tte = true; 1578 T_QUIET; T_ASSERT_EQ((pt_array[k] >> 48) & 0xf, (uint64_t) 0, "check that bits[48:51] of arm64 TTE are clear"); 1579 // L0-L2 table and non-compressed L3 block entries should always have bit 1 set; assumes L0-L2 blocks will not be used outside the kernel 1580 bool table = ((pt_array[k] & 0x2) != 0); 1581 if (table) { 1582 T_QUIET; T_ASSERT_NE(pt_array[k] & ((1ULL << 48) - 1) & ~((1ULL << 12) - 1), (uint64_t) 0, "check that arm64 TTE physical address is non-zero"); 1583 } else { // should be a compressed PTE 1584 T_QUIET; T_ASSERT_NE(pt_array[k] & 0xC000000000000000ULL, (uint64_t) 0, "check that compressed PTE has at least one of bits [63:62] set"); 1585 T_QUIET; T_ASSERT_EQ(pt_array[k] & ~0xC000000000000000ULL, (uint64_t) 0, "check that compressed PTE has no other bits besides [63:62] set"); 1586 } 1587 } 1588 } 1589 1590 j += (4 + num_entries); 1591 } 1592 T_ASSERT_TRUE(nonzero_tte, "check that we saw at least one non-empty TTE"); 1593 T_ASSERT_EQ(j, elem_count, "check that page table dump size matches extent of last header"); 1594 break; 1595 } 1596 case STACKSHOT_KCTYPE_ASID: { 1597 T_ASSERT_FALSE(seen_asid, "check that we haven't yet seen an ASID"); 1598 seen_asid = true; 1599 } 1600 } 1601 } 1602 1603 T_QUIET; T_ASSERT_TRUE(seen_task, "check that we have seen a complete task container"); 1604} 1605 1606T_DECL(dump_page_tables, "test stackshot page table dumping support", T_META_TAG_VM_PREFERRED) 1607{ 1608 struct scenario scenario = { 1609 .name = "asid-page-tables", 1610 .flags = (STACKSHOT_KCDATA_FORMAT | STACKSHOT_ASID | STACKSHOT_PAGE_TABLES), 1611 .size_hint = (9ull << 20), // 9 MB 1612 .target_pid = getpid(), 1613 .maybe_unsupported = true, 1614 .maybe_enomem = true, 1615 }; 1616 1617 T_LOG("attempting to take stackshot with ASID and page table flags"); 1618 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1619 parse_page_table_asid_stackshot(ssbuf, sslen); 1620 }); 1621} 1622 1623 1624 1625static void stackshot_verify_current_proc_uuid_info(void **ssbuf, size_t sslen, uint64_t expected_offset, const struct proc_uniqidentifierinfo *proc_info_data) 1626{ 1627 const uuid_t *current_uuid = (const uuid_t *)(&proc_info_data->p_uuid); 1628 1629 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 1630 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, "buffer provided is a stackshot"); 1631 1632 iter = kcdata_iter_next(iter); 1633 1634 KCDATA_ITER_FOREACH(iter) { 1635 switch (kcdata_iter_type(iter)) { 1636 case KCDATA_TYPE_ARRAY: { 1637 T_QUIET; T_ASSERT_TRUE(kcdata_iter_array_valid(iter), "checked that array is valid"); 1638 if (kcdata_iter_array_elem_type(iter) == KCDATA_TYPE_LIBRARY_LOADINFO64) { 1639 struct user64_dyld_uuid_info *info = (struct user64_dyld_uuid_info *) kcdata_iter_payload(iter); 1640 if (uuid_compare(*current_uuid, info->imageUUID) == 0) { 1641 T_ASSERT_EQ(expected_offset, info->imageLoadAddress, "found matching UUID with matching binary offset"); 1642 return; 1643 } 1644 } else if (kcdata_iter_array_elem_type(iter) == KCDATA_TYPE_LIBRARY_LOADINFO) { 1645 struct user32_dyld_uuid_info *info = (struct user32_dyld_uuid_info *) kcdata_iter_payload(iter); 1646 if (uuid_compare(*current_uuid, info->imageUUID) == 0) { 1647 T_ASSERT_EQ(expected_offset, ((uint64_t) info->imageLoadAddress), "found matching UUID with matching binary offset"); 1648 return; 1649 } 1650 } 1651 break; 1652 } 1653 default: 1654 break; 1655 } 1656 } 1657 1658 T_FAIL("failed to find matching UUID in stackshot data"); 1659} 1660 1661T_DECL(translated, 1662 "tests translated bit is set correctly", 1663 T_META_TAG_VM_PREFERRED, 1664 T_META_ENABLED(false /* rdar://133956022 */)) 1665{ 1666#if !(TARGET_OS_OSX && TARGET_CPU_ARM64) 1667 T_SKIP("Only valid on Apple silicon Macs") 1668#endif 1669 // Get path of stackshot_translated_child helper binary 1670 char path[PATH_MAX]; 1671 uint32_t path_size = sizeof(path); 1672 T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 1673 char* binary_name = strrchr(path, '/'); 1674 if (binary_name) binary_name++; 1675 T_QUIET; T_ASSERT_NOTNULL(binary_name, "Find basename in path '%s'", path); 1676 strlcpy(binary_name, "stackshot_translated_child", path_size - (binary_name - path)); 1677 char *args[] = { path, NULL }; 1678 1679 dispatch_source_t child_sig_src; 1680 dispatch_semaphore_t child_ready_sem = dispatch_semaphore_create(0); 1681 T_QUIET; T_ASSERT_NOTNULL(child_ready_sem, "exec child semaphore"); 1682 1683 dispatch_queue_t signal_processing_q = dispatch_queue_create("signal processing queue", NULL); 1684 T_QUIET; T_ASSERT_NOTNULL(signal_processing_q, "signal processing queue"); 1685 1686 signal(SIGUSR1, SIG_IGN); 1687 child_sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, signal_processing_q); 1688 T_QUIET; T_ASSERT_NOTNULL(child_sig_src, "dispatch_source_create (child_sig_src)"); 1689 1690 dispatch_source_set_event_handler(child_sig_src, ^{ dispatch_semaphore_signal(child_ready_sem); }); 1691 dispatch_activate(child_sig_src); 1692 1693 // Spawn child 1694 pid_t pid; 1695 T_LOG("spawning translated child"); 1696 T_QUIET; T_ASSERT_POSIX_ZERO(posix_spawn(&pid, args[0], NULL, NULL, args, NULL), "spawned process '%s' with PID %d", args[0], pid); 1697 1698 // Wait for the the child to spawn up 1699 dispatch_semaphore_wait(child_ready_sem, DISPATCH_TIME_FOREVER); 1700 1701 // Make sure the child is running and is translated 1702 int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, pid }; 1703 struct kinfo_proc process_info; 1704 size_t bufsize = sizeof(process_info); 1705 T_QUIET; T_ASSERT_POSIX_SUCCESS(sysctl(mib, (unsigned)(sizeof(mib)/sizeof(int)), &process_info, &bufsize, NULL, 0), "get translated child process info"); 1706 T_QUIET; T_ASSERT_GT(bufsize, (size_t)0, "process info is not empty"); 1707 T_QUIET; T_ASSERT_TRUE((process_info.kp_proc.p_flag & P_TRANSLATED), "KERN_PROC_PID reports child is translated"); 1708 1709 T_LOG("capturing stackshot"); 1710 1711 struct scenario scenario = { 1712 .name = "translated", 1713 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 1714 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 1715 }; 1716 1717 take_stackshot(&scenario, true, ^( void *ssbuf, size_t sslen) { 1718 parse_stackshot(PARSE_STACKSHOT_TRANSLATED, ssbuf, sslen, @{translated_child_pid_key: @(pid)}); 1719 }); 1720 1721 // Kill the child 1722 int status; 1723 T_QUIET; T_ASSERT_POSIX_SUCCESS(kill(pid, SIGTERM), "kill translated child"); 1724 T_QUIET; T_ASSERT_POSIX_SUCCESS(waitpid(pid, &status, 0), "waitpid on translated child"); 1725 1726} 1727 1728T_DECL(proc_uuid_info, "tests that the main binary UUID for a proc is always populated", T_META_TAG_VM_PREFERRED) 1729{ 1730 struct proc_uniqidentifierinfo proc_info_data = { }; 1731 mach_msg_type_number_t count; 1732 kern_return_t kernel_status; 1733 task_dyld_info_data_t task_dyld_info; 1734 struct dyld_all_image_infos *target_infos; 1735 int retval; 1736 bool found_image_in_image_infos = false; 1737 uint64_t expected_mach_header_offset = 0; 1738 1739 /* Find the UUID of our main binary */ 1740 retval = proc_pidinfo(getpid(), PROC_PIDUNIQIDENTIFIERINFO, 0, &proc_info_data, sizeof(proc_info_data)); 1741 T_QUIET; T_EXPECT_POSIX_SUCCESS(retval, "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO"); 1742 T_QUIET; T_ASSERT_EQ_INT(retval, (int) sizeof(proc_info_data), "proc_pidinfo PROC_PIDUNIQIDENTIFIERINFO returned data"); 1743 1744 uuid_string_t str = {}; 1745 uuid_unparse(*(uuid_t*)&proc_info_data.p_uuid, str); 1746 T_LOG("Found current UUID is %s", str); 1747 1748 /* Find the location of the dyld image info metadata */ 1749 count = TASK_DYLD_INFO_COUNT; 1750 kernel_status = task_info(mach_task_self(), TASK_DYLD_INFO, (task_info_t)&task_dyld_info, &count); 1751 T_QUIET; T_ASSERT_EQ(kernel_status, KERN_SUCCESS, "retrieve task_info for TASK_DYLD_INFO"); 1752 1753 target_infos = (struct dyld_all_image_infos *)task_dyld_info.all_image_info_addr; 1754 1755 /* Find our binary in the dyld image info array */ 1756 for (int i = 0; i < (int) target_infos->uuidArrayCount; i++) { 1757 if (uuid_compare(target_infos->uuidArray[i].imageUUID, *(uuid_t*)&proc_info_data.p_uuid) == 0) { 1758 expected_mach_header_offset = (uint64_t) target_infos->uuidArray[i].imageLoadAddress; 1759 found_image_in_image_infos = true; 1760 } 1761 } 1762 1763 T_ASSERT_TRUE(found_image_in_image_infos, "found binary image in dyld image info list"); 1764 1765 /* Overwrite the dyld image info data so the kernel has to fallback to the UUID stored in the proc structure */ 1766 target_infos->uuidArrayCount = 0; 1767 1768 struct scenario scenario = { 1769 .name = "proc_uuid_info", 1770 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_KCDATA_FORMAT), 1771 .target_pid = getpid(), 1772 }; 1773 1774 T_LOG("attempting to take stackshot for current PID"); 1775 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1776 stackshot_verify_current_proc_uuid_info(ssbuf, sslen, expected_mach_header_offset, &proc_info_data); 1777 }); 1778} 1779 1780T_DECL(cseg_waitinfo, "test that threads stuck in the compressor report correct waitinfo", T_META_TAG_VM_PREFERRED) 1781{ 1782 struct scenario scenario = { 1783 .name = "cseg_waitinfo", 1784 .quiet = false, 1785 .flags = (STACKSHOT_THREAD_WAITINFO | STACKSHOT_KCDATA_FORMAT), 1786 }; 1787 __block uint64_t thread_id = 0; 1788 1789 dispatch_queue_t dq = dispatch_queue_create("com.apple.stackshot.cseg_waitinfo", NULL); 1790 dispatch_semaphore_t child_ok = dispatch_semaphore_create(0); 1791 1792 dispatch_async(dq, ^{ 1793 pthread_threadid_np(NULL, &thread_id); 1794 dispatch_semaphore_signal(child_ok); 1795 int val = 1; 1796 T_ASSERT_POSIX_SUCCESS(sysctlbyname("kern.cseg_wedge_thread", NULL, NULL, &val, sizeof(val)), "wedge child thread"); 1797 }); 1798 1799 dispatch_semaphore_wait(child_ok, DISPATCH_TIME_FOREVER); 1800 sleep(1); 1801 1802 T_LOG("taking stackshot"); 1803 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1804 int val = 1; 1805 T_ASSERT_POSIX_SUCCESS(sysctlbyname("kern.cseg_unwedge_thread", NULL, NULL, &val, sizeof(val)), "unwedge child thread"); 1806 parse_stackshot(PARSE_STACKSHOT_WAITINFO_CSEG, ssbuf, sslen, @{cseg_expected_threadid_key: @(thread_id)}); 1807 }); 1808} 1809 1810static void 1811srp_send( 1812 mach_port_t send_port, 1813 mach_port_t reply_port, 1814 mach_port_t msg_port) 1815{ 1816 kern_return_t ret = 0; 1817 1818 struct test_msg { 1819 mach_msg_header_t header; 1820 mach_msg_body_t body; 1821 mach_msg_port_descriptor_t port_descriptor; 1822 }; 1823 struct test_msg send_msg = { 1824 .header = { 1825 .msgh_remote_port = send_port, 1826 .msgh_local_port = reply_port, 1827 .msgh_bits = MACH_MSGH_BITS_SET(MACH_MSG_TYPE_COPY_SEND, 1828 reply_port ? MACH_MSG_TYPE_MAKE_SEND_ONCE : 0, 1829 MACH_MSG_TYPE_MOVE_SEND, 1830 MACH_MSGH_BITS_COMPLEX), 1831 .msgh_id = 0x100, 1832 .msgh_size = sizeof(send_msg), 1833 }, 1834 .body = { 1835 .msgh_descriptor_count = 1, 1836 }, 1837 .port_descriptor = { 1838 .name = msg_port, 1839 .disposition = MACH_MSG_TYPE_MOVE_RECEIVE, 1840 .type = MACH_MSG_PORT_DESCRIPTOR, 1841 }, 1842 }; 1843 1844 if (msg_port == MACH_PORT_NULL) { 1845 send_msg.body.msgh_descriptor_count = 0; 1846 } 1847 1848 ret = mach_msg(&(send_msg.header), 1849 MACH_SEND_MSG | 1850 MACH_SEND_TIMEOUT | 1851 MACH_SEND_OVERRIDE, 1852 send_msg.header.msgh_size, 1853 0, 1854 MACH_PORT_NULL, 1855 10000, 1856 0); 1857 1858 T_ASSERT_MACH_SUCCESS(ret, "client mach_msg"); 1859} 1860 1861T_HELPER_DECL(srp_client, 1862 "Client used for the special_reply_port test") 1863{ 1864 pid_t ppid = getppid(); 1865 dispatch_semaphore_t can_continue = dispatch_semaphore_create(0); 1866 dispatch_queue_t dq = dispatch_queue_create("client_signalqueue", NULL); 1867 dispatch_source_t sig_src; 1868 1869 mach_msg_return_t mr; 1870 mach_port_t service_port; 1871 mach_port_t conn_port; 1872 mach_port_t special_reply_port; 1873 mach_port_options_t opts = { 1874 .flags = MPO_INSERT_SEND_RIGHT, 1875 }; 1876 1877 signal(SIGUSR1, SIG_IGN); 1878 sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, dq); 1879 1880 dispatch_source_set_event_handler(sig_src, ^{ 1881 dispatch_semaphore_signal(can_continue); 1882 }); 1883 dispatch_activate(sig_src); 1884 1885 /* lookup the mach service port for the parent */ 1886 kern_return_t kr = bootstrap_look_up(bootstrap_port, 1887 SRP_SERVICE_NAME, &service_port); 1888 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "client bootstrap_look_up"); 1889 1890 /* create the send-once right (special reply port) and message to send to the server */ 1891 kr = mach_port_construct(mach_task_self(), &opts, 0ull, &conn_port); 1892 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_port_construct"); 1893 1894 special_reply_port = thread_get_special_reply_port(); 1895 T_QUIET; T_ASSERT_TRUE(MACH_PORT_VALID(special_reply_port), "get_thread_special_reply_port"); 1896 1897 /* send the message with the special reply port */ 1898 srp_send(service_port, special_reply_port, conn_port); 1899 1900 /* signal the parent to continue */ 1901 kill(ppid, SIGUSR1); 1902 1903 struct { 1904 mach_msg_header_t header; 1905 mach_msg_body_t body; 1906 mach_msg_port_descriptor_t port_descriptor; 1907 } rcv_msg = { 1908 .header = 1909 { 1910 .msgh_remote_port = MACH_PORT_NULL, 1911 .msgh_local_port = special_reply_port, 1912 .msgh_size = sizeof(rcv_msg), 1913 }, 1914 }; 1915 1916 /* wait on the reply from the parent (that we will never receive) */ 1917 mr = mach_msg(&(rcv_msg.header), 1918 (MACH_RCV_MSG | MACH_RCV_SYNC_WAIT), 1919 0, 1920 rcv_msg.header.msgh_size, 1921 special_reply_port, 1922 MACH_MSG_TIMEOUT_NONE, 1923 service_port); 1924 1925 /* not expected to execute as parent will SIGKILL client... */ 1926 T_LOG("client process exiting after sending message to parent (server)"); 1927} 1928 1929enum srp_test_type { 1930 SRP_TEST_THREAD, /* expect waiter on current thread */ 1931 SRP_TEST_PID, /* expect waiter on current PID */ 1932 SRP_TEST_EITHER, /* waiter could be on either */ 1933}; 1934 1935static void 1936check_srp_test(const char *name, enum srp_test_type ty) 1937{ 1938 struct scenario scenario = { 1939 .name = name, 1940 .quiet = false, 1941 .flags = (STACKSHOT_THREAD_WAITINFO | STACKSHOT_KCDATA_FORMAT), 1942 }; 1943 uint64_t thread_id = 0; 1944 pthread_threadid_np(NULL, &thread_id); 1945 if (ty == SRP_TEST_THREAD) { 1946 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1947 parse_stackshot(PARSE_STACKSHOT_WAITINFO_SRP, ssbuf, sslen, 1948 @{srp_expected_threadid_key: @(thread_id)}); 1949 }); 1950 } else if (ty == SRP_TEST_PID) { 1951 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1952 parse_stackshot(PARSE_STACKSHOT_WAITINFO_SRP, ssbuf, sslen, 1953 @{srp_expected_pid_key: @(getpid())}); 1954 }); 1955 } else { 1956 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 1957 parse_stackshot(PARSE_STACKSHOT_WAITINFO_SRP, ssbuf, sslen, 1958 @{srp_expected_pid_key: @(getpid()), srp_expected_threadid_key: @(thread_id)}); 1959 }); 1960 } 1961 1962} 1963 1964 1965/* 1966 * Tests the stackshot wait info plumbing for synchronous IPC that doesn't use kevent on the server. 1967 * 1968 * (part 1): tests the scenario where a client sends a request that includes a special reply port 1969 * to a server that doesn't receive the message and doesn't copy the send-once right 1970 * into its address space as a result. for this case the special reply port is enqueued 1971 * in a port and we check which task has that receive right and use that info. (rdar://60440338) 1972 * (part 2): tests the scenario where a client sends a request that includes a special reply port 1973 * to a server that receives the message and copies in the send-once right, but doesn't 1974 * reply to the client. for this case the special reply port is copied out and the kernel 1975 * stashes the info about which task copied out the send once right. (rdar://60440592) 1976 * (part 3): tests the same as part 2, but uses kevents, which allow for 1977 * priority inheritance 1978 */ 1979T_DECL(special_reply_port, "test that tasks using special reply ports have correct waitinfo", T_META_TAG_VM_PREFERRED) 1980{ 1981 dispatch_semaphore_t can_continue = dispatch_semaphore_create(0); 1982 dispatch_queue_t dq = dispatch_queue_create("signalqueue", NULL); 1983 dispatch_queue_t machdq = dispatch_queue_create("machqueue", NULL); 1984 dispatch_source_t sig_src; 1985 char path[PATH_MAX]; 1986 uint32_t path_size = sizeof(path); 1987 T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 1988 char *client_args[] = { path, "-n", "srp_client", NULL }; 1989 pid_t client_pid; 1990 int sp_ret; 1991 kern_return_t kr; 1992 mach_port_t port; 1993 1994 /* setup the signal handler in the parent (server) */ 1995 T_LOG("setup sig handlers"); 1996 signal(SIGUSR1, SIG_IGN); 1997 sig_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_SIGNAL, SIGUSR1, 0, dq); 1998 1999 dispatch_source_set_event_handler(sig_src, ^{ 2000 dispatch_semaphore_signal(can_continue); 2001 }); 2002 dispatch_activate(sig_src); 2003 2004 /* register with the mach service name so the client can lookup and send a message to the parent (server) */ 2005 T_LOG("Server about to check in"); 2006 kr = bootstrap_check_in(bootstrap_port, SRP_SERVICE_NAME, &port); 2007 T_ASSERT_MACH_SUCCESS(kr, "server bootstrap_check_in"); 2008 2009 T_LOG("Launching client"); 2010 sp_ret = posix_spawn(&client_pid, client_args[0], NULL, NULL, client_args, NULL); 2011 T_QUIET; T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", client_args[0], client_pid); 2012 T_LOG("Spawned client as PID %d", client_pid); 2013 2014 dispatch_semaphore_wait(can_continue, DISPATCH_TIME_FOREVER); 2015 T_LOG("Ready to take stackshot, but waiting 1s for the coast to clear"); 2016 2017 /* 2018 * can_continue indicates the client has signaled us, but we want to make 2019 * sure they've actually blocked sending their mach message. It's cheesy, but 2020 * sleep() works for this. 2021 */ 2022 sleep(1); 2023 2024 /* 2025 * take the stackshot without calling receive to verify that the stackshot wait 2026 * info shows our (the server) thread for the scenario where the server has yet to 2027 * receive the message. 2028 */ 2029 T_LOG("Taking stackshot for part 1 coverage"); 2030 check_srp_test("srp", SRP_TEST_THREAD); 2031 2032 /* 2033 * receive the message from the client (which should copy the send once right into 2034 * our address space). 2035 */ 2036 struct { 2037 mach_msg_header_t header; 2038 mach_msg_body_t body; 2039 mach_msg_port_descriptor_t port_descriptor; 2040 } rcv_msg = { 2041 .header = 2042 { 2043 .msgh_remote_port = MACH_PORT_NULL, 2044 .msgh_local_port = port, 2045 .msgh_size = sizeof(rcv_msg), 2046 }, 2047 }; 2048 2049 T_LOG("server: starting sync receive\n"); 2050 2051 mach_msg_return_t mr; 2052 mr = mach_msg(&(rcv_msg.header), 2053 (MACH_RCV_MSG | MACH_RCV_TIMEOUT), 2054 0, 2055 4096, 2056 port, 2057 10000, 2058 MACH_PORT_NULL); 2059 T_QUIET; T_ASSERT_MACH_SUCCESS(mr, "mach_msg() recieve of message from client"); 2060 2061 /* 2062 * take the stackshot to verify that the stackshot wait info shows our (the server) PID 2063 * for the scenario where the server has received the message and copied in the send-once right. 2064 */ 2065 T_LOG("Taking stackshot for part 2 coverage"); 2066 check_srp_test("srp", SRP_TEST_PID); 2067 2068 /* cleanup - kill the client */ 2069 T_ASSERT_POSIX_SUCCESS(kill(client_pid, SIGKILL), "killing client"); 2070 T_ASSERT_POSIX_SUCCESS(waitpid(client_pid, NULL, 0), "waiting for the client to exit"); 2071 2072 // do it again, but using kevents 2073 T_LOG("Launching client"); 2074 sp_ret = posix_spawn(&client_pid, client_args[0], NULL, NULL, client_args, NULL); 2075 T_QUIET; T_ASSERT_POSIX_ZERO(sp_ret, "spawned process '%s' with PID %d", client_args[0], client_pid); 2076 T_LOG("Spawned client as PID %d", client_pid); 2077 2078 dispatch_semaphore_wait(can_continue, DISPATCH_TIME_FOREVER); 2079 T_LOG("Ready to take stackshot, but waiting 1s for the coast to clear"); 2080 2081 /* 2082 * can_continue indicates the client has signaled us, but we want to make 2083 * sure they've actually blocked sending their mach message. It's cheesy, but 2084 * sleep() works for this. 2085 */ 2086 sleep(1); 2087 2088 dispatch_mach_t dispatch_mach = dispatch_mach_create(SRP_SERVICE_NAME, machdq, 2089 ^(dispatch_mach_reason_t reason, 2090 dispatch_mach_msg_t message, 2091 mach_error_t error __unused) { 2092 switch (reason) { 2093 case DISPATCH_MACH_MESSAGE_RECEIVED: { 2094 size_t size = 0; 2095 mach_msg_header_t *msg __unused = dispatch_mach_msg_get_msg(message, &size); 2096 T_LOG("server: recieved %ld byte message", size); 2097 check_srp_test("turnstile_port_thread", SRP_TEST_THREAD); 2098 T_LOG("server: letting client go"); 2099 // drop the message on the ground, we'll kill the client later 2100 dispatch_semaphore_signal(can_continue); 2101 break; 2102 } 2103 default: 2104 break; 2105 } 2106 }); 2107 2108 dispatch_mach_connect(dispatch_mach, port, MACH_PORT_NULL, NULL); 2109 2110 dispatch_semaphore_wait(can_continue, DISPATCH_TIME_FOREVER); 2111 2112 /* cleanup - kill the client */ 2113 T_ASSERT_POSIX_SUCCESS(kill(client_pid, SIGKILL), "killing client"); 2114 T_ASSERT_POSIX_SUCCESS(waitpid(client_pid, NULL, 0), "waiting for the client to exit"); 2115} 2116 2117T_HELPER_DECL(throtlled_sp_client, 2118 "client that uses a connection port to send a message to a server") 2119{ 2120 mach_port_t conn_port, service_port, reply_port, *stash; 2121 mach_msg_type_number_t stash_cnt = 0; 2122 2123 kern_return_t kr = mach_ports_lookup(mach_task_self(), &stash, &stash_cnt); 2124 T_ASSERT_MACH_SUCCESS(kr, "mach_ports_lookup"); 2125 2126 service_port = stash[0]; 2127 T_ASSERT_TRUE(MACH_PORT_VALID(service_port), "valid service port"); 2128 mig_deallocate((vm_address_t)stash, stash_cnt * sizeof(stash[0])); 2129 2130 mach_port_options_t opts = { 2131 .flags = MPO_INSERT_SEND_RIGHT 2132 | MPO_CONNECTION_PORT, 2133 .service_port_name = service_port, 2134 }; 2135 2136 kr = mach_port_construct(mach_task_self(), &opts, 0ull, &conn_port); 2137 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_port_construct"); 2138 2139 mach_port_options_t opts2 = { 2140 .flags = MPO_REPLY_PORT 2141 }; 2142 kr = mach_port_construct(mach_task_self(), &opts2, 0ull, &reply_port); 2143 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_port_construct"); 2144 2145 /* XPC-like check-in message */ 2146 struct { 2147 mach_msg_header_t header; 2148 mach_msg_port_descriptor_t recvp; 2149 mach_msg_port_descriptor_t sendp; 2150 } checkin_message = { 2151 .header = 2152 { 2153 .msgh_remote_port = service_port, 2154 .msgh_local_port = MACH_PORT_NULL, 2155 .msgh_size = sizeof(checkin_message), 2156 .msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0), 2157 }, 2158 .recvp = 2159 { 2160 .type = MACH_MSG_PORT_DESCRIPTOR, 2161 .name = conn_port, 2162 .disposition = MACH_MSG_TYPE_MOVE_RECEIVE, 2163 }, 2164 .sendp = 2165 { 2166 .type = MACH_MSG_PORT_DESCRIPTOR, 2167 .name = reply_port, 2168 .disposition = MACH_MSG_TYPE_MAKE_SEND, 2169 } 2170 }; 2171 dispatch_mach_msg_t dmsg = dispatch_mach_msg_create((mach_msg_header_t *)&checkin_message, sizeof(checkin_message), 2172 DISPATCH_MACH_MSG_DESTRUCTOR_DEFAULT, NULL); 2173 2174 dispatch_queue_t machdq = dispatch_queue_create("machqueue", NULL); 2175 dispatch_mach_t dchannel = dispatch_mach_create(THROTTLED_SERVICE_NAME, machdq, 2176 ^(dispatch_mach_reason_t reason, 2177 dispatch_mach_msg_t message __unused, 2178 mach_error_t error __unused) { 2179 switch (reason) { 2180 case DISPATCH_MACH_CONNECTED: 2181 T_LOG("mach channel connected"); 2182 break; 2183 case DISPATCH_MACH_MESSAGE_SENT: 2184 T_LOG("sent mach message"); 2185 break; 2186 default: 2187 T_ASSERT_FAIL("Unexpected reply to channel reason %lu", reason); 2188 } 2189 }); 2190 dispatch_mach_connect(dchannel, reply_port, service_port, dmsg); 2191 dispatch_release(dmsg); 2192 2193 struct { 2194 mach_msg_header_t header; 2195 uint64_t request_id; 2196 } request = { 2197 .header = 2198 { 2199 .msgh_size = sizeof(request), 2200 .msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, MACH_MSG_TYPE_MAKE_SEND_ONCE), 2201 }, 2202 .request_id = 1, 2203 }; 2204 dispatch_mach_msg_t dmsg2 = dispatch_mach_msg_create((mach_msg_header_t *)&request, sizeof(request), 2205 DISPATCH_MACH_MSG_DESTRUCTOR_DEFAULT, NULL); 2206 2207 dispatch_mach_reason_t reason; 2208 mach_error_t error; 2209 2210 /* send the check-in message and the request message */ 2211 dispatch_mach_msg_t dreply = dispatch_mach_send_with_result_and_wait_for_reply(dchannel, 2212 dmsg2, 0, DISPATCH_MACH_SEND_DEFAULT, &reason, &error); 2213 dispatch_release(dmsg2); 2214 2215 /* not expected to execute as parent will SIGKILL client */ 2216 T_ASSERT_FAIL("client process exiting after receiving %s reply", dreply ? "non-null" : "null"); 2217} 2218 2219static void 2220check_throttled_sp(const char *test_name, uint64_t context, bool is_throttled) 2221{ 2222 struct scenario scenario = { 2223 .name = test_name, 2224 .quiet = false, 2225 .flags = (STACKSHOT_THREAD_WAITINFO | STACKSHOT_KCDATA_FORMAT), 2226 }; 2227 2228 T_LOG("taking stackshot %s", test_name); 2229 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 2230 parse_stackshot(PARSE_STACKSHOT_THROTTLED_SP, ssbuf, sslen, 2231 @{sp_throttled_expected_ctxt_key: @(context), 2232 sp_throttled_expect_flag: @(is_throttled)}); 2233 }); 2234} 2235 2236/* Take stackshot when a client is blocked on the service port of a process, in the scenario when 2237 * the process with the receive right for the service port is: 2238 * (a) Monitoring the service port using kevents 2239 * (b) Not monitoring the service port 2240 */ 2241T_DECL(throttled_sp, 2242 "test that service port throttled flag is propagated to the stackshot correctly", T_META_TAG_VM_PREFERRED) 2243{ 2244 mach_port_t service_port; 2245 __block dispatch_semaphore_t can_continue = dispatch_semaphore_create(0); 2246 2247 char path[PATH_MAX]; 2248 uint32_t path_size = sizeof(path); 2249 T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath"); 2250 char *client_args[] = { path, "-n", "throtlled_sp_client", NULL }; 2251 2252 __block uint64_t thread_id = 0; 2253 pid_t client_pid; 2254 int mark_throttled; 2255 2256 struct mach_service_port_info sp_info = {}; 2257 strcpy(sp_info.mspi_string_name, THROTTLED_SERVICE_NAME); 2258 sp_info.mspi_domain_type = (uint8_t)1; 2259 kern_return_t kr; 2260 2261 mach_port_options_t opts = { 2262 .flags = MPO_SERVICE_PORT | MPO_INSERT_SEND_RIGHT | MPO_CONTEXT_AS_GUARD | MPO_STRICT | MPO_TEMPOWNER, 2263 .service_port_info = &sp_info, 2264 }; 2265 2266 kr = mach_port_construct(mach_task_self(), &opts, 0ull, &service_port); 2267 T_ASSERT_MACH_SUCCESS(kr, "mach_port_construct %u", service_port); 2268 2269 /* Setup a dispatch source to monitor the service port similar to how launchd does. */ 2270 dispatch_queue_t machdq = dispatch_queue_create("machqueue", NULL); 2271 dispatch_source_t mach_src = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, service_port, 2272 DISPATCH_MACH_RECV_SYNC_PEEK, machdq); 2273 dispatch_source_set_event_handler(mach_src, ^{ 2274 pthread_threadid_np(NULL, &thread_id); 2275 dispatch_semaphore_signal(can_continue); 2276 }); 2277 dispatch_activate(mach_src); 2278 2279 /* Stash the port in task to make sure child also gets it */ 2280 kr = mach_ports_register(mach_task_self(), &service_port, 1); 2281 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_ports_register service port"); 2282 2283 mark_throttled = 1; 2284 kr = mach_port_set_attributes(mach_task_self(), service_port, MACH_PORT_SERVICE_THROTTLED, (mach_port_info_t)(&mark_throttled), 2285 MACH_PORT_SERVICE_THROTTLED_COUNT); 2286 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mark service port as throttled"); 2287 2288 int rc = posix_spawn(&client_pid, client_args[0], NULL, NULL, client_args, NULL); 2289 T_QUIET; T_ASSERT_POSIX_ZERO(rc, "spawned process '%s' with PID %d", client_args[0], client_pid); 2290 T_LOG("Spawned client as PID %d", client_pid); 2291 2292 dispatch_semaphore_wait(can_continue, DISPATCH_TIME_FOREVER); 2293 2294 /* The service port has received the check-in message. Take stackshot for scenario (a). */ 2295 check_throttled_sp("throttled_service_port_monitored", thread_id, true); 2296 2297 /* This simulates a throttled spawn when the service port is no longer monitored. */ 2298 dispatch_source_cancel(mach_src); 2299 2300 /* Take stackshot for scenario (b) */ 2301 check_throttled_sp("throttled_service_port_unmonitored", (uint64_t)getpid(), true); 2302 2303 mark_throttled = 0; 2304 kr = mach_port_set_attributes(mach_task_self(), service_port, MACH_PORT_SERVICE_THROTTLED, (mach_port_info_t)(&mark_throttled), 2305 MACH_PORT_SERVICE_THROTTLED_COUNT); 2306 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "unmark service port as throttled"); 2307 2308 /* Throttled flag should not be set when the port is not throttled. */ 2309 check_throttled_sp("unthrottled_service_port_unmonitored", (uint64_t)getpid(), false); 2310 2311 /* cleanup - kill the client */ 2312 T_ASSERT_POSIX_SUCCESS(kill(client_pid, SIGKILL), "killing client"); 2313 T_ASSERT_POSIX_SUCCESS(waitpid(client_pid, NULL, 0), "waiting for the client to exit"); 2314} 2315 2316 2317char *const clpc_path = "/usr/local/bin/clpc"; 2318char *const clpcctrl_path = "/usr/local/bin/clpcctrl"; 2319 2320static void 2321run_clpc(char *const argv[]) { 2322 posix_spawnattr_t sattr; 2323 pid_t pid; 2324 int wstatus; 2325 2326 T_QUIET; T_ASSERT_POSIX_ZERO(posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL), "spawn clpcctrl"); 2327 T_QUIET; T_ASSERT_POSIX_SUCCESS(waitpid(pid, &wstatus, 0), "wait for clpcctrl"); 2328 T_QUIET; T_ASSERT_TRUE(WIFEXITED(wstatus), "clpcctrl exited normally"); 2329 T_QUIET; T_ASSERT_POSIX_ZERO(WEXITSTATUS(wstatus), "clpcctrl exited successfully"); 2330 2331 uint64_t sched_recommended_cores = 1; 2332 size_t sched_recommended_cores_sz = sizeof(uint64_t); 2333 T_QUIET; T_ASSERT_POSIX_SUCCESS( 2334 sysctlbyname("kern.sched_recommended_cores", &sched_recommended_cores, &sched_recommended_cores_sz, NULL, 0), 2335 "get kern.sched_recommended_cores"); 2336 T_LOG("Recommended cores: 0x%llx", sched_recommended_cores); 2337} 2338 2339static void 2340restore_clpc() { 2341 /* 2342 * For some reason, the new CLPC utility always returns with a nonzero 2343 * exit status when re-enabling dynamic control. So, we use the old 2344 * one here. 2345 */ 2346 run_clpc((char *const []) { clpcctrl_path, "-d", NULL }); 2347} 2348 2349struct cpu_cluster { 2350 int type; 2351 uint64_t mask; 2352}; 2353 2354static NSArray* 2355get_cpu_clusters() { 2356 NSTask *task = [[NSTask alloc] init]; 2357 [task setLaunchPath:[NSString stringWithUTF8String:clpc_path]]; 2358 [task setArguments:@[@"topologies", @"-f", @"json"]]; 2359 2360 NSPipe *pipe = [NSPipe pipe]; 2361 [task setStandardOutput:pipe]; 2362 [task setStandardError:nil]; 2363 2364 [task launch]; 2365 [task waitUntilExit]; 2366 2367 NSData *data = [[pipe fileHandleForReading] readDataToEndOfFile]; 2368 NSString *data_string = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; 2369 2370 /* 2371 * The CLPC util outputs the CPU and ANE topology as JSON objects _not_ 2372 * separated by a comma, so we have to fix it up... 2373 */ 2374 data_string = [data_string stringByReplacingOccurrencesOfString:@"\n}\n" withString:@"\n},\n"]; 2375 data_string = [NSString stringWithFormat:@"[%@]", data_string]; 2376 data = [data_string dataUsingEncoding:NSUTF8StringEncoding]; 2377 2378 T_QUIET; T_ASSERT_EQ(task.terminationStatus, 0, "clpc exit status"); 2379 2380 NSError *jsonError = nil; 2381 NSArray *json = [NSJSONSerialization JSONObjectWithData:data options:0 error:&jsonError]; 2382 2383 if (jsonError) { 2384 T_FAIL("clpc topologies failed. output: %s\nerror: %s", 2385 [data_string cStringUsingEncoding:NSUTF8StringEncoding], 2386 [[jsonError localizedDescription] cStringUsingEncoding:NSUTF8StringEncoding]); 2387 T_END; 2388 } 2389 2390 NSMutableArray* out = [[NSMutableArray alloc] init]; 2391 struct cpu_cluster cluster; 2392 2393 for (NSDictionary *cluster_json in json[0][@"CPU Topology"][@"Clusters"]) { 2394 cluster = (struct cpu_cluster) { 2395 .type = [cluster_json[@"Type"] intValue] + 1, 2396 .mask = [cluster_json[@"CoreMask"] unsignedLongLongValue] 2397 }; 2398 [out addObject:[NSValue valueWithBytes:&cluster objCType:@encode(struct cpu_cluster)]]; 2399 } 2400 2401 return out; 2402} 2403 2404void test_stackshot_cpu_info(void *ssbuf, size_t sslen, int exp_cpus, NSArray *exp_cluster_types) { 2405 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 2406 bool seen_cpu = false, seen_buffer = false; 2407 int singlethread_override = 0; 2408 size_t singlethread_override_sz = sizeof(singlethread_override); 2409 T_QUIET; T_ASSERT_POSIX_SUCCESS( 2410 sysctlbyname("kern.stackshot_single_thread", &singlethread_override, &singlethread_override_sz, NULL, 0), 2411 "get kern.stackshot_single_thread"); 2412 if (singlethread_override) { 2413 T_LOG("skipping cpu count/type check due to single-thread override (kern.stackshot_single_thread=1)"); 2414 return; 2415 } 2416 2417 KCDATA_ITER_FOREACH(iter) { 2418 if (kcdata_iter_type(iter) != KCDATA_TYPE_ARRAY) { 2419 continue; 2420 } 2421 2422 int n_elems = kcdata_iter_array_elem_count(iter); 2423 2424 switch (kcdata_iter_array_elem_type(iter)) { 2425 case STACKSHOT_KCTYPE_LATENCY_INFO_CPU: 2426 seen_cpu = true; 2427 2428 /* Check ncpus */ 2429 if (exp_cpus != -1) { 2430 T_QUIET; T_ASSERT_EQ(exp_cpus, n_elems, "Expected number of CPUs matches number of CPUs used for stackshot"); 2431 } 2432 2433 if (exp_cluster_types == nil) { 2434 continue; 2435 } 2436 2437 /* Check cluster types */ 2438 struct stackshot_latency_cpu *latencies = (struct stackshot_latency_cpu *) kcdata_iter_payload(iter); 2439 for (int i = 0; i < n_elems; i++) { 2440 NSNumber *cluster_type = [NSNumber numberWithInt:latencies[i].cluster_type]; 2441 T_QUIET; T_ASSERT_TRUE([exp_cluster_types containsObject:cluster_type], "Type of CPU cluster in expected CPU cluster types"); 2442 } 2443 break; 2444 case STACKSHOT_KCTYPE_LATENCY_INFO_BUFFER: 2445 seen_buffer = true; 2446 2447 if (exp_cluster_types == nil) { 2448 continue; 2449 } 2450 2451 /* Check that we have a buffer for each cluster */ 2452 struct stackshot_latency_buffer *buffers = (struct stackshot_latency_buffer *) kcdata_iter_payload(iter); 2453 for (int i = 0; i < n_elems; i++) { 2454 if (buffers[i].size == 0) { 2455 continue; 2456 } 2457 NSNumber *cluster_type = [NSNumber numberWithInt:buffers[i].cluster_type]; 2458 T_QUIET; T_ASSERT_TRUE([exp_cluster_types containsObject:cluster_type], "Type of CPU cluster for buffer in expected cluster types"); 2459 } 2460 break; 2461 default: 2462 /* Not either of these, continue; */ 2463 break; 2464 } 2465 } 2466 2467 T_QUIET; T_ASSERT_TRUE(seen_cpu || !is_development_kernel(), "Seen CPU latency info or is release kernel"); 2468 T_QUIET; T_ASSERT_TRUE(seen_buffer || !is_development_kernel(), "Seen buffer info or is release kernel"); 2469} 2470 2471static void 2472test_stackshot_with_clpcctrl(const char *name, char *const argv[], int exp_cpus, NSArray *exp_cluster_types) { 2473 run_clpc(argv); 2474 struct scenario scenario = { 2475 .name = name, 2476 .flags = (STACKSHOT_KCDATA_FORMAT | STACKSHOT_SAVE_LOADINFO | 2477 STACKSHOT_THREAD_WAITINFO | STACKSHOT_GET_GLOBAL_MEM_STATS) 2478 }; 2479 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 2480 parse_stackshot(0, ssbuf, sslen, nil); 2481 test_stackshot_cpu_info(ssbuf, sslen, exp_cpus, exp_cluster_types); 2482 }); 2483} 2484 2485#define N_CLUSTER_TYPES 2 2486 2487T_DECL(core_masks, 2488 "test that stackshot works under various core masks on ARM systems", 2489 T_META_REQUIRES_SYSCTL_EQ("hw.optional.arm64", 1), 2490 T_META_REQUIRES_SYSCTL_NE("kern.kasan.available", 1), /* rdar://115577993 */ 2491 XNU_T_META_REQUIRES_DEVELOPMENT_KERNEL, 2492 T_META_REQUIRE_NOT_VIRTUALIZED, 2493 T_META_RUN_CONCURRENTLY(false), 2494 T_META_TAG_VM_NOT_ELIGIBLE, 2495 T_META_ENABLED(!TARGET_OS_VISION)) // disable for visionOS: device may not be stable with many cores masked off (127904530) 2496{ 2497 /* 2498 * Make sure we're not in a release kernel 2499 * (cannot check with T_META; only one sysctl T_META at a time will work) 2500 */ 2501 if (!is_development_kernel()) { 2502 T_SKIP("test was not run because kernel is release; cannot set core masks"); 2503 return; 2504 } 2505 2506 /* 2507 * rdar://115577993 - CLPC compiles as release in KASAN-variant builds, 2508 * preventing clpcctrl from working. For now, skip this. (Cannot check 2509 * with T_META; only one sysctl T_META at a time will work) 2510 */ 2511 int kasan_avail = 0; 2512 size_t kasan_avail_sz = sizeof(kasan_avail); 2513 sysctlbyname("kern.kasan.available", &kasan_avail, &kasan_avail_sz, NULL, 0); 2514 if (kasan_avail) { 2515 T_SKIP("test was not run because kernel is KASAN; cannot set core masks (see rdar://115577993)"); 2516 return; 2517 } 2518 2519 /* Check nperflevels to see if we're on an AMP system */ 2520 int nperflevels = 1; 2521 size_t nperflevels_sz = sizeof(int); 2522 T_ASSERT_POSIX_SUCCESS( 2523 sysctlbyname("hw.nperflevels", &nperflevels, &nperflevels_sz, NULL, 0), 2524 "get hw.nperflevels"); 2525 if (nperflevels == 1) { 2526 T_SKIP("On SMP system, skipping stackshot core_masks tests"); 2527 } 2528 2529 T_ATEND(restore_clpc); 2530 2531 uint64_t cluster_masks[N_CLUSTER_TYPES] = {0}; 2532 NSArray* clusters = get_cpu_clusters(); 2533 for (NSValue *data in clusters) { 2534 struct cpu_cluster cluster; 2535 [data getValue:&cluster]; 2536 2537 T_QUIET; T_ASSERT_LT(cluster.type - 1, N_CLUSTER_TYPES, "valid cluster type"); 2538 cluster_masks[cluster.type - 1] |= cluster.mask; 2539 } 2540 2541 NSMutableArray* cluster_types = [[NSMutableArray alloc] init]; 2542 char const* scenario_names[] = { 2543 "core_masks_amp_ecpus", 2544 "core_masks_amp_pcpus", 2545 }; 2546 for (int type = 0; type < N_CLUSTER_TYPES; type++) { 2547 if (!cluster_masks[type]) { 2548 continue; 2549 } 2550 2551 NSNumber *cluster_type_num = [NSNumber numberWithInt:(type + 1)]; 2552 [cluster_types addObject:cluster_type_num]; 2553 2554 char mask_str[19]; 2555 sprintf(mask_str, "0x%llx", cluster_masks[type]); 2556 2557 test_stackshot_with_clpcctrl( 2558 scenario_names[type], 2559 (char *const[]) {clpc_path, "control", "-C", mask_str, NULL}, 2560 -1, @[cluster_type_num]); 2561 } 2562 2563 T_ASSERT_GE((int) [cluster_types count], 2, "at least two cluster types"); 2564 2565 test_stackshot_with_clpcctrl( 2566 "core_masks_amp_allcpus", 2567 (char *const[]) {clpc_path, "control", "-C", "all", NULL}, 2568 -1, cluster_types); 2569} 2570 2571#pragma mark performance tests 2572 2573#define SHOULD_REUSE_SIZE_HINT 0x01 2574#define SHOULD_USE_DELTA 0x02 2575#define SHOULD_TARGET_SELF 0x04 2576 2577static void 2578stackshot_perf(unsigned int options) 2579{ 2580 struct scenario scenario = { 2581 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_GET_GLOBAL_MEM_STATS 2582 | STACKSHOT_SAVE_IMP_DONATION_PIDS | STACKSHOT_KCDATA_FORMAT), 2583 }; 2584 2585 dt_stat_t size = dt_stat_create("bytes", "size"); 2586 dt_stat_time_t duration = dt_stat_time_create("duration"); 2587 scenario.timer = duration; 2588 2589 if (options & SHOULD_TARGET_SELF) { 2590 scenario.target_pid = getpid(); 2591 } 2592 2593 while (!dt_stat_stable(duration) || !dt_stat_stable(size)) { 2594 __block uint64_t last_time = 0; 2595 __block uint32_t size_hint = 0; 2596 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 2597 dt_stat_add(size, (double)sslen); 2598 last_time = stackshot_timestamp(ssbuf, sslen); 2599 size_hint = (uint32_t)sslen; 2600 }); 2601 if (options & SHOULD_USE_DELTA) { 2602 scenario.since_timestamp = last_time; 2603 scenario.flags |= STACKSHOT_COLLECT_DELTA_SNAPSHOT; 2604 } 2605 if (options & SHOULD_REUSE_SIZE_HINT) { 2606 scenario.size_hint = size_hint; 2607 } 2608 } 2609 2610 dt_stat_finalize(duration); 2611 dt_stat_finalize(size); 2612} 2613 2614static void 2615stackshot_flag_perf_noclobber(uint64_t flag, char *flagname) 2616{ 2617 struct scenario scenario = { 2618 .quiet = true, 2619 .flags = (flag | STACKSHOT_KCDATA_FORMAT), 2620 }; 2621 2622 dt_stat_t duration = dt_stat_create("nanoseconds per thread", "%s_duration", flagname); 2623 dt_stat_t size = dt_stat_create("bytes per thread", "%s_size", flagname); 2624 T_LOG("Testing \"%s\" = 0x%" PRIx64, flagname, flag); 2625 2626 while (!dt_stat_stable(duration) || !dt_stat_stable(size)) { 2627 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 2628 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 2629 unsigned long no_threads = 0; 2630 mach_timebase_info_data_t timebase = {0, 0}; 2631 uint64_t stackshot_duration = 0; 2632 int found = 0; 2633 T_QUIET; T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, "stackshot buffer"); 2634 2635 KCDATA_ITER_FOREACH(iter) { 2636 switch(kcdata_iter_type(iter)) { 2637 case STACKSHOT_KCTYPE_THREAD_SNAPSHOT: { 2638 found |= 1; 2639 no_threads ++; 2640 break; 2641 } 2642 case STACKSHOT_KCTYPE_STACKSHOT_DURATION: { 2643 struct stackshot_duration *ssd = kcdata_iter_payload(iter); 2644 stackshot_duration = ssd->stackshot_duration; 2645 found |= 2; 2646 break; 2647 } 2648 case KCDATA_TYPE_TIMEBASE: { 2649 found |= 4; 2650 mach_timebase_info_data_t *tb = kcdata_iter_payload(iter); 2651 memcpy(&timebase, tb, sizeof(timebase)); 2652 break; 2653 } 2654 } 2655 } 2656 2657 T_QUIET; T_ASSERT_EQ(found, 0x7, "found everything needed"); 2658 2659 uint64_t ns = (stackshot_duration * timebase.numer) / timebase.denom; 2660 uint64_t per_thread_ns = ns / no_threads; 2661 uint64_t per_thread_size = sslen / no_threads; 2662 2663 dt_stat_add(duration, per_thread_ns); 2664 dt_stat_add(size, per_thread_size); 2665 }); 2666 } 2667 2668 dt_stat_finalize(duration); 2669 dt_stat_finalize(size); 2670} 2671 2672static void 2673stackshot_flag_perf(uint64_t flag, char *flagname) 2674{ 2675 /* 2676 * STACKSHOT_NO_IO_STATS disables data collection, so set it for 2677 * more accurate perfdata collection. 2678 */ 2679 flag |= STACKSHOT_NO_IO_STATS; 2680 2681 stackshot_flag_perf_noclobber(flag, flagname); 2682} 2683 2684 2685T_DECL(flag_perf, "test stackshot performance with different flags set", T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2686{ 2687 stackshot_flag_perf_noclobber(STACKSHOT_NO_IO_STATS, "baseline"); 2688 stackshot_flag_perf_noclobber(0, "io_stats"); 2689 2690 stackshot_flag_perf(STACKSHOT_THREAD_WAITINFO, "thread_waitinfo"); 2691 stackshot_flag_perf(STACKSHOT_GET_DQ, "get_dq"); 2692 stackshot_flag_perf(STACKSHOT_SAVE_LOADINFO, "save_loadinfo"); 2693 stackshot_flag_perf(STACKSHOT_GET_GLOBAL_MEM_STATS, "get_global_mem_stats"); 2694 stackshot_flag_perf(STACKSHOT_SAVE_KEXT_LOADINFO, "save_kext_loadinfo"); 2695 stackshot_flag_perf(STACKSHOT_SAVE_IMP_DONATION_PIDS, "save_imp_donation_pids"); 2696 stackshot_flag_perf(STACKSHOT_ENABLE_BT_FAULTING, "enable_bt_faulting"); 2697 stackshot_flag_perf(STACKSHOT_COLLECT_SHAREDCACHE_LAYOUT, "collect_sharedcache_layout"); 2698 stackshot_flag_perf(STACKSHOT_ENABLE_UUID_FAULTING, "enable_uuid_faulting"); 2699 stackshot_flag_perf(STACKSHOT_THREAD_GROUP, "thread_group"); 2700 stackshot_flag_perf(STACKSHOT_SAVE_JETSAM_COALITIONS, "save_jetsam_coalitions"); 2701 stackshot_flag_perf(STACKSHOT_INSTRS_CYCLES, "instrs_cycles"); 2702 stackshot_flag_perf(STACKSHOT_ASID, "asid"); 2703 stackshot_flag_perf(STACKSHOT_EXCLAVES, "all_exclaves"); 2704 stackshot_flag_perf(STACKSHOT_EXCLAVES | STACKSHOT_ASID, "all_exclaves_and_asid"); 2705 stackshot_flag_perf(STACKSHOT_SKIP_EXCLAVES, "skip_exclaves"); 2706} 2707 2708T_DECL(perf_no_size_hint, "test stackshot performance with no size hint", 2709 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2710{ 2711 stackshot_perf(0); 2712} 2713 2714T_DECL(perf_size_hint, "test stackshot performance with size hint", 2715 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2716{ 2717 stackshot_perf(SHOULD_REUSE_SIZE_HINT); 2718} 2719 2720T_DECL(perf_process, "test stackshot performance targeted at process", 2721 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2722{ 2723 stackshot_perf(SHOULD_REUSE_SIZE_HINT | SHOULD_TARGET_SELF); 2724} 2725 2726T_DECL(perf_delta, "test delta stackshot performance", 2727 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2728{ 2729 stackshot_perf(SHOULD_REUSE_SIZE_HINT | SHOULD_USE_DELTA); 2730} 2731 2732T_DECL(perf_delta_no_exclaves, "test delta stackshot performance without Exclaves", 2733 T_META_REQUIRES_SYSCTL_EQ("kern.exclaves_status", 1), 2734 T_META_REQUIRES_SYSCTL_EQ("kern.exclaves_inspection_status", 1), 2735 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2736{ 2737 stackshot_perf(SHOULD_REUSE_SIZE_HINT | SHOULD_USE_DELTA | STACKSHOT_SKIP_EXCLAVES); 2738} 2739 2740T_DECL(perf_delta_process, "test delta stackshot performance targeted at a process", 2741 T_META_TAG_PERF, T_META_TAG_VM_NOT_ELIGIBLE) 2742{ 2743 stackshot_perf(SHOULD_REUSE_SIZE_HINT | SHOULD_USE_DELTA | SHOULD_TARGET_SELF); 2744} 2745 2746T_DECL(stackshot_entitlement_report_test, "test stackshot entitlement report", T_META_TAG_VM_PREFERRED) 2747{ 2748 int sysctlValue = 1; 2749 T_ASSERT_POSIX_SUCCESS( 2750 sysctlbyname("debug.stackshot_entitlement_send_batch", NULL, NULL, &sysctlValue, sizeof(sysctlValue)), 2751 "set debug.stackshot_entitlement_send_batch=1"); 2752 // having a way to verify that the coreanalytics event was received would be even better 2753 // See rdar://74197197 2754 T_PASS("entitlement test ran"); 2755} 2756 2757static void 2758expect_os_build_version_in_stackshot(void *ssbuf, size_t sslen) 2759{ 2760 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 2761 2762 bool saw_os_build_version = false; 2763 iter = kcdata_iter_next(iter); 2764 2765 KCDATA_ITER_FOREACH(iter) { 2766 switch (kcdata_iter_type(iter)) { 2767 case STACKSHOT_KCTYPE_OS_BUILD_VERSION: 2768 saw_os_build_version = true; 2769 T_LOG("Found os build version in stackshot: %s", kcdata_iter_payload(iter)); 2770 return; 2771 2772 default: 2773 break; 2774 } 2775 } 2776 2777 T_ASSERT_FAIL("didn't see os build version in stackshot"); 2778} 2779 2780T_DECL(os_build_version, "test stackshot contains os build version", T_META_TAG_VM_PREFERRED) 2781{ 2782 2783 struct scenario scenario = { 2784 .name = "os-build-version", 2785 .flags = (STACKSHOT_SAVE_LOADINFO | STACKSHOT_KCDATA_FORMAT), 2786 }; 2787 2788 T_LOG("attempting to take stackshot with an os build version"); 2789 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 2790 expect_os_build_version_in_stackshot(ssbuf, sslen); 2791 }); 2792} 2793 2794static uint64_t 2795stackshot_timestamp(void *ssbuf, size_t sslen) 2796{ 2797 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 2798 2799 uint32_t type = kcdata_iter_type(iter); 2800 if (type != KCDATA_BUFFER_BEGIN_STACKSHOT && type != KCDATA_BUFFER_BEGIN_DELTA_STACKSHOT) { 2801 T_ASSERT_FAIL("invalid kcdata type %u", kcdata_iter_type(iter)); 2802 } 2803 2804 iter = kcdata_iter_find_type(iter, KCDATA_TYPE_MACH_ABSOLUTE_TIME); 2805 T_QUIET; 2806 T_ASSERT_TRUE(kcdata_iter_valid(iter), "timestamp found in stackshot"); 2807 2808 return *(uint64_t *)kcdata_iter_payload(iter); 2809} 2810 2811#define TEST_THREAD_NAME "stackshot_test_thread" 2812 2813static void 2814parse_thread_group_stackshot(void **ssbuf, size_t sslen) 2815{ 2816 bool seen_thread_group_snapshot = false; 2817 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 2818 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, 2819 "buffer provided is a stackshot"); 2820 2821 NSMutableSet *thread_groups = [[NSMutableSet alloc] init]; 2822 2823 iter = kcdata_iter_next(iter); 2824 KCDATA_ITER_FOREACH(iter) { 2825 switch (kcdata_iter_type(iter)) { 2826 case KCDATA_TYPE_ARRAY: { 2827 T_QUIET; 2828 T_ASSERT_TRUE(kcdata_iter_array_valid(iter), 2829 "checked that array is valid"); 2830 2831 if (kcdata_iter_array_elem_type(iter) != STACKSHOT_KCTYPE_THREAD_GROUP_SNAPSHOT) { 2832 continue; 2833 } 2834 2835 seen_thread_group_snapshot = true; 2836 2837 if (kcdata_iter_array_elem_size(iter) >= sizeof(struct thread_group_snapshot_v3)) { 2838 struct thread_group_snapshot_v3 *tgs_array = kcdata_iter_payload(iter); 2839 for (uint32_t j = 0; j < kcdata_iter_array_elem_count(iter); j++) { 2840 struct thread_group_snapshot_v3 *tgs = tgs_array + j; 2841 [thread_groups addObject:@(tgs->tgs_id)]; 2842 } 2843 } 2844 else { 2845 struct thread_group_snapshot *tgs_array = kcdata_iter_payload(iter); 2846 for (uint32_t j = 0; j < kcdata_iter_array_elem_count(iter); j++) { 2847 struct thread_group_snapshot *tgs = tgs_array + j; 2848 [thread_groups addObject:@(tgs->tgs_id)]; 2849 } 2850 } 2851 break; 2852 } 2853 } 2854 } 2855 KCDATA_ITER_FOREACH(iter) { 2856 NSError *error = nil; 2857 2858 switch (kcdata_iter_type(iter)) { 2859 2860 case KCDATA_TYPE_CONTAINER_BEGIN: { 2861 T_QUIET; 2862 T_ASSERT_TRUE(kcdata_iter_container_valid(iter), 2863 "checked that container is valid"); 2864 2865 if (kcdata_iter_container_type(iter) != STACKSHOT_KCCONTAINER_THREAD) { 2866 break; 2867 } 2868 2869 NSDictionary *container = parseKCDataContainer(&iter, &error); 2870 T_QUIET; T_ASSERT_NOTNULL(container, "parsed thread container from stackshot"); 2871 T_QUIET; T_ASSERT_NULL(error, "error unset after parsing container"); 2872 2873 int tg = [container[@"thread_snapshots"][@"thread_group"] intValue]; 2874 2875 T_ASSERT_TRUE([thread_groups containsObject:@(tg)], "check that the thread group the thread is in exists"); 2876 2877 break; 2878 }; 2879 2880 } 2881 } 2882 T_ASSERT_TRUE(seen_thread_group_snapshot, "check that we have seen a thread group snapshot"); 2883} 2884 2885static void 2886verify_stackshot_sharedcache_layout(struct dyld_uuid_info_64 *uuids, uint32_t uuid_count) 2887{ 2888 uuid_t cur_shared_cache_uuid; 2889 __block uint32_t lib_index = 0, libs_found = 0; 2890 2891 _dyld_get_shared_cache_uuid(cur_shared_cache_uuid); 2892 int result = dyld_shared_cache_iterate_text(cur_shared_cache_uuid, ^(const dyld_shared_cache_dylib_text_info* info) { 2893 T_QUIET; T_ASSERT_LT(lib_index, uuid_count, "dyld_shared_cache_iterate_text exceeded number of libraries returned by kernel"); 2894 2895 libs_found++; 2896 struct dyld_uuid_info_64 *cur_stackshot_uuid_entry = &uuids[lib_index]; 2897 T_QUIET; T_ASSERT_EQ(memcmp(info->dylibUuid, cur_stackshot_uuid_entry->imageUUID, sizeof(info->dylibUuid)), 0, 2898 "dyld returned UUID doesn't match kernel returned UUID"); 2899 T_QUIET; T_ASSERT_EQ(info->loadAddressUnslid, cur_stackshot_uuid_entry->imageLoadAddress, 2900 "dyld returned load address doesn't match kernel returned load address"); 2901 lib_index++; 2902 }); 2903 2904 T_ASSERT_EQ(result, 0, "iterate shared cache layout"); 2905 T_ASSERT_EQ(libs_found, uuid_count, "dyld iterator returned same number of libraries as kernel"); 2906 2907 T_LOG("verified %d libraries from dyld shared cache", libs_found); 2908} 2909 2910static void 2911check_shared_cache_uuid(uuid_t imageUUID) 2912{ 2913 static uuid_t shared_cache_uuid; 2914 static dispatch_once_t read_shared_cache_uuid; 2915 2916 dispatch_once(&read_shared_cache_uuid, ^{ 2917 T_QUIET; 2918 T_ASSERT_TRUE(_dyld_get_shared_cache_uuid(shared_cache_uuid), "retrieve current shared cache UUID"); 2919 }); 2920 T_QUIET; T_ASSERT_EQ(uuid_compare(shared_cache_uuid, imageUUID), 0, 2921 "dyld returned UUID doesn't match kernel returned UUID for system shared cache"); 2922} 2923 2924/* 2925 * extra dictionary contains data relevant for the given flags: 2926 * PARSE_STACKSHOT_ZOMBIE: zombie_child_pid_key -> @(pid) 2927 * PARSE_STACKSHOT_POSTEXEC: postexec_child_unique_pid_key -> @(unique_pid) 2928 */ 2929static void 2930parse_stackshot(uint64_t stackshot_parsing_flags, void *ssbuf, size_t sslen, NSDictionary *extra) 2931{ 2932 bool delta = (stackshot_parsing_flags & PARSE_STACKSHOT_DELTA); 2933 bool expect_sharedcache_child = (stackshot_parsing_flags & PARSE_STACKSHOT_SHAREDCACHE_FLAGS); 2934 bool expect_zombie_child = (stackshot_parsing_flags & PARSE_STACKSHOT_ZOMBIE); 2935 bool expect_postexec_child = (stackshot_parsing_flags & PARSE_STACKSHOT_POSTEXEC); 2936 bool expect_cseg_waitinfo = (stackshot_parsing_flags & PARSE_STACKSHOT_WAITINFO_CSEG); 2937 bool expect_translated_child = (stackshot_parsing_flags & PARSE_STACKSHOT_TRANSLATED); 2938 bool expect_shared_cache_layout = false; 2939 bool expect_shared_cache_uuid = !delta; 2940 bool expect_dispatch_queue_label = (stackshot_parsing_flags & PARSE_STACKSHOT_DISPATCH_QUEUE_LABEL); 2941 bool expect_turnstile_lock = (stackshot_parsing_flags & PARSE_STACKSHOT_TURNSTILEINFO); 2942 bool expect_srp_waitinfo = (stackshot_parsing_flags & PARSE_STACKSHOT_WAITINFO_SRP); 2943 bool expect_sp_throttled = (stackshot_parsing_flags & PARSE_STACKSHOT_THROTTLED_SP); 2944 bool expect_exec_inprogress = (stackshot_parsing_flags & PARSE_STACKSHOT_EXEC_INPROGRESS); 2945 bool expect_transitioning_task = (stackshot_parsing_flags & PARSE_STACKSHOT_TRANSITIONING); 2946 bool expect_asyncstack = (stackshot_parsing_flags & PARSE_STACKSHOT_ASYNCSTACK); 2947 bool expect_driverkit = (stackshot_parsing_flags & PARSE_STACKSHOT_DRIVERKIT); 2948 bool expect_suspendinfo = (stackshot_parsing_flags & PARSE_STACKSHOT_SUSPENDINFO); 2949 bool found_zombie_child = false, found_postexec_child = false, found_shared_cache_layout = false, found_shared_cache_uuid = false; 2950 bool found_translated_child = false, found_transitioning_task = false; 2951 bool found_dispatch_queue_label = false, found_turnstile_lock = false; 2952 bool found_cseg_waitinfo = false, found_srp_waitinfo = false; 2953 bool found_sharedcache_child = false, found_sharedcache_badflags = false, found_sharedcache_self = false; 2954 bool found_asyncstack = false; 2955 bool found_throttled_service = false; 2956 bool found_exclaves = false; 2957 bool expect_single_task = (stackshot_parsing_flags & PARSE_STACKSHOT_TARGETPID); 2958 uint64_t srp_expected_threadid = 0; 2959 pid_t zombie_child_pid = -1, srp_expected_pid = -1, sharedcache_child_pid = -1, throttled_service_ctx = -1; 2960 pid_t translated_child_pid = -1, transistioning_task_pid = -1; 2961 bool sharedcache_child_sameaddr = false, is_throttled = false; 2962 uint64_t postexec_child_unique_pid = 0, cseg_expected_threadid = 0; 2963 uint64_t sharedcache_child_flags = 0, sharedcache_self_flags = 0; 2964 uint64_t asyncstack_threadid = 0; 2965 NSArray *asyncstack_stack = nil; 2966 char *inflatedBufferBase = NULL; 2967 pid_t exec_inprogress_pid = -1; 2968 void (^exec_inprogress_cb)(uint64_t, uint64_t) = NULL; 2969 int exec_inprogress_found = 0; 2970 uint64_t exec_inprogress_containerid = 0; 2971 void (^driverkit_cb)(pid_t) = NULL; 2972 NSMutableDictionary *sharedCaches = [NSMutableDictionary new]; 2973 uint64_t expected_num_threads = 0, expected_num_tasks = 0, found_percpu_threads = 0, found_tasks = 0, found_percpu_tasks = 0; 2974 NSMutableSet *seen_tasks = [NSMutableSet new]; 2975 2976 if (expect_shared_cache_uuid) { 2977 uuid_t shared_cache_uuid; 2978 if (!_dyld_get_shared_cache_uuid(shared_cache_uuid)) { 2979 T_LOG("Skipping verifying shared cache UUID in stackshot data because not running with a shared cache"); 2980 expect_shared_cache_uuid = false; 2981 } 2982 } 2983 2984 if (stackshot_parsing_flags & PARSE_STACKSHOT_SHAREDCACHE_LAYOUT) { 2985 size_t shared_cache_length = 0; 2986 const void *cache_header = _dyld_get_shared_cache_range(&shared_cache_length); 2987 T_QUIET; T_ASSERT_NOTNULL(cache_header, "current process running with shared cache"); 2988 T_QUIET; T_ASSERT_GT(shared_cache_length, sizeof(struct _dyld_cache_header), "valid shared cache length populated by _dyld_get_shared_cache_range"); 2989 2990 if (_dyld_shared_cache_is_locally_built()) { 2991 T_LOG("device running with locally built shared cache, expect shared cache layout"); 2992 expect_shared_cache_layout = true; 2993 } else { 2994 T_LOG("device running with B&I built shared-cache, no shared cache layout expected"); 2995 } 2996 } 2997 2998 if (expect_sharedcache_child) { 2999 NSNumber* pid_num = extra[sharedcache_child_pid_key]; 3000 NSNumber* sameaddr_num = extra[sharedcache_child_sameaddr_key]; 3001 T_QUIET; T_ASSERT_NOTNULL(pid_num, "sharedcache child pid provided"); 3002 T_QUIET; T_ASSERT_NOTNULL(sameaddr_num, "sharedcache child addrsame provided"); 3003 sharedcache_child_pid = [pid_num intValue]; 3004 T_QUIET; T_ASSERT_GT(sharedcache_child_pid, 0, "sharedcache child pid greater than zero"); 3005 sharedcache_child_sameaddr = [sameaddr_num intValue]; 3006 T_QUIET; T_ASSERT_GE([sameaddr_num intValue], 0, "sharedcache child sameaddr is boolean (0 or 1)"); 3007 T_QUIET; T_ASSERT_LE([sameaddr_num intValue], 1, "sharedcache child sameaddr is boolean (0 or 1)"); 3008 } 3009 3010 if (expect_transitioning_task) { 3011 NSNumber* pid_num = extra[transitioning_pid_key]; 3012 T_ASSERT_NOTNULL(pid_num, "transitioning task pid provided"); 3013 transistioning_task_pid = [pid_num intValue]; 3014 } 3015 3016 if (expect_zombie_child) { 3017 NSNumber* pid_num = extra[zombie_child_pid_key]; 3018 T_QUIET; T_ASSERT_NOTNULL(pid_num, "zombie child pid provided"); 3019 zombie_child_pid = [pid_num intValue]; 3020 T_QUIET; T_ASSERT_GT(zombie_child_pid, 0, "zombie child pid greater than zero"); 3021 } 3022 3023 if (expect_postexec_child) { 3024 NSNumber* unique_pid_num = extra[postexec_child_unique_pid_key]; 3025 T_QUIET; T_ASSERT_NOTNULL(unique_pid_num, "postexec child unique pid provided"); 3026 postexec_child_unique_pid = [unique_pid_num unsignedLongLongValue]; 3027 T_QUIET; T_ASSERT_GT(postexec_child_unique_pid, 0ull, "postexec child unique pid greater than zero"); 3028 } 3029 3030 if (expect_cseg_waitinfo) { 3031 NSNumber* tid_num = extra[cseg_expected_threadid_key]; 3032 T_QUIET; T_ASSERT_NOTNULL(tid_num, "cseg's expected thread id provided"); 3033 cseg_expected_threadid = tid_num.unsignedLongValue; 3034 T_QUIET; T_ASSERT_GT(cseg_expected_threadid, UINT64_C(0), "compressor segment thread is present"); 3035 } 3036 3037 if (expect_srp_waitinfo) { 3038 NSNumber* threadid_num = extra[srp_expected_threadid_key]; 3039 NSNumber* pid_num = extra[srp_expected_pid_key]; 3040 T_QUIET; T_ASSERT_TRUE(threadid_num != nil || pid_num != nil, "expected SRP threadid or pid"); 3041 if (threadid_num != nil) { 3042 srp_expected_threadid = [threadid_num unsignedLongLongValue]; 3043 T_QUIET; T_ASSERT_GT(srp_expected_threadid, 0ull, "srp_expected_threadid greater than zero"); 3044 } 3045 if (pid_num != nil) { 3046 srp_expected_pid = [pid_num intValue]; 3047 T_QUIET; T_ASSERT_GT(srp_expected_pid, 0, "srp_expected_pid greater than zero"); 3048 } 3049 T_LOG("looking for SRP pid: %d threadid: %llu", srp_expected_pid, srp_expected_threadid); 3050 } 3051 3052 if (expect_sp_throttled) { 3053 NSNumber* ctx = extra[sp_throttled_expected_ctxt_key]; 3054 T_QUIET; T_ASSERT_TRUE(ctx != nil, "expected pid"); 3055 throttled_service_ctx = [ctx intValue]; 3056 T_QUIET; T_ASSERT_GT(throttled_service_ctx, 0, "expected pid greater than zero"); 3057 3058 NSNumber *throttled = extra[sp_throttled_expect_flag]; 3059 T_QUIET; T_ASSERT_TRUE(throttled != nil, "expected flag value"); 3060 is_throttled = ([throttled intValue] != 0); 3061 3062 T_LOG("Looking for service with ctxt: %d, thottled:%d", throttled_service_ctx, is_throttled); 3063 } 3064 3065 if (expect_translated_child) { 3066 NSNumber* pid_num = extra[translated_child_pid_key]; 3067 T_QUIET; T_ASSERT_NOTNULL(pid_num, "translated child pid provided"); 3068 translated_child_pid = [pid_num intValue]; 3069 T_QUIET; T_ASSERT_GT(translated_child_pid, 0, "translated child pid greater than zero"); 3070 } 3071 if (expect_exec_inprogress) { 3072 NSNumber* pid_num = extra[exec_inprogress_pid_key]; 3073 T_QUIET; T_ASSERT_NOTNULL(pid_num, "exec inprogress pid provided"); 3074 exec_inprogress_pid = [pid_num intValue]; 3075 T_QUIET; T_ASSERT_GT(exec_inprogress_pid, 0, "exec inprogress pid greater than zero"); 3076 3077 exec_inprogress_cb = extra[exec_inprogress_found_key]; 3078 T_QUIET; T_ASSERT_NOTNULL(exec_inprogress_cb, "exec inprogress found callback provided"); 3079 } 3080 if (expect_driverkit) { 3081 driverkit_cb = extra[driverkit_found_key]; 3082 T_QUIET; T_ASSERT_NOTNULL(driverkit_cb, "driverkit found callback provided"); 3083 } 3084 3085 if (expect_asyncstack) { 3086 NSNumber* threadid_id = extra[asyncstack_expected_threadid_key]; 3087 T_QUIET; T_ASSERT_NOTNULL(threadid_id, "asyncstack threadid provided"); 3088 asyncstack_threadid = [threadid_id unsignedLongLongValue]; 3089 asyncstack_stack = extra[asyncstack_expected_stack_key]; 3090 T_QUIET; T_ASSERT_NOTNULL(asyncstack_stack, "asyncstack expected stack provided"); 3091 } 3092 3093 kcdata_iter_t iter = kcdata_iter(ssbuf, sslen); 3094 if (delta) { 3095 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_DELTA_STACKSHOT, 3096 "buffer provided is a delta stackshot"); 3097 3098 iter = kcdata_iter_next(iter); 3099 } else { 3100 if (kcdata_iter_type(iter) != KCDATA_BUFFER_BEGIN_COMPRESSED) { 3101 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, 3102 "buffer provided is a stackshot"); 3103 3104 iter = kcdata_iter_next(iter); 3105 } else { 3106 /* we are dealing with a compressed buffer */ 3107 iter = kcdata_iter_next(iter); 3108 uint64_t compression_type = 0, totalout = 0, totalin = 0; 3109 3110 uint64_t *data; 3111 char *desc; 3112 for (int i = 0; i < 3; i ++) { 3113 kcdata_iter_get_data_with_desc(iter, &desc, (void **)&data, NULL); 3114 if (strcmp(desc, "kcd_c_type") == 0) { 3115 compression_type = *data; 3116 } else if (strcmp(desc, "kcd_c_totalout") == 0){ 3117 totalout = *data; 3118 } else if (strcmp(desc, "kcd_c_totalin") == 0){ 3119 totalin = *data; 3120 } 3121 3122 iter = kcdata_iter_next(iter); 3123 } 3124 3125 T_ASSERT_EQ(compression_type, UINT64_C(1), "zlib compression is used"); 3126 T_ASSERT_GT(totalout, UINT64_C(0), "successfully gathered how long the compressed buffer is"); 3127 T_ASSERT_GT(totalin, UINT64_C(0), "successfully gathered how long the uncompressed buffer will be at least"); 3128 3129 /* progress to the next kcdata item */ 3130 T_ASSERT_EQ(kcdata_iter_type(iter), KCDATA_BUFFER_BEGIN_STACKSHOT, "compressed stackshot found"); 3131 3132 char *bufferBase = kcdata_iter_payload(iter); 3133 3134 /* 3135 * zlib is used, allocate a buffer based on the metadata, plus 3136 * extra scratch space (+12.5%) in case totalin was inconsistent 3137 */ 3138 size_t inflatedBufferSize = totalin + (totalin >> 3); 3139 inflatedBufferBase = malloc(inflatedBufferSize); 3140 T_QUIET; T_WITH_ERRNO; T_ASSERT_NOTNULL(inflatedBufferBase, "allocated temporary output buffer"); 3141 3142 z_stream zs; 3143 memset(&zs, 0, sizeof(zs)); 3144 T_QUIET; T_ASSERT_EQ(inflateInit(&zs), Z_OK, "inflateInit OK"); 3145 zs.next_in = (unsigned char *)bufferBase; 3146 T_QUIET; T_ASSERT_LE(totalout, (uint64_t)UINT_MAX, "stackshot is not too large"); 3147 zs.avail_in = (uInt)totalout; 3148 zs.next_out = (unsigned char *)inflatedBufferBase; 3149 T_QUIET; T_ASSERT_LE(inflatedBufferSize, (size_t)UINT_MAX, "output region is not too large"); 3150 zs.avail_out = (uInt)inflatedBufferSize; 3151 T_ASSERT_EQ(inflate(&zs, Z_FINISH), Z_STREAM_END, "inflated buffer"); 3152 inflateEnd(&zs); 3153 3154 T_ASSERT_EQ((uint64_t)zs.total_out, totalin, "expected number of bytes inflated"); 3155 3156 /* copy the data after the compressed area */ 3157 T_QUIET; T_ASSERT_GE((void *)bufferBase, ssbuf, 3158 "base of compressed stackshot is after the returned stackshot buffer"); 3159 size_t header_size = (size_t)(bufferBase - (char *)ssbuf); 3160 size_t data_after_compressed_size = sslen - totalout - header_size; 3161 T_QUIET; T_ASSERT_LE(data_after_compressed_size, 3162 inflatedBufferSize - zs.total_out, 3163 "footer fits in the buffer"); 3164 memcpy(inflatedBufferBase + zs.total_out, 3165 bufferBase + totalout, 3166 data_after_compressed_size); 3167 3168 iter = kcdata_iter(inflatedBufferBase, inflatedBufferSize); 3169 } 3170 } 3171 3172 KCDATA_ITER_FOREACH(iter) { 3173 NSError *error = nil; 3174 3175 switch (kcdata_iter_type(iter)) { 3176 case KCDATA_TYPE_ARRAY: { 3177 T_QUIET; 3178 T_ASSERT_TRUE(kcdata_iter_array_valid(iter), 3179 "checked that array is valid"); 3180 3181 NSMutableDictionary *array = parseKCDataArray(iter, &error); 3182 T_QUIET; T_ASSERT_NOTNULL(array, "parsed array from stackshot"); 3183 T_QUIET; T_ASSERT_NULL(error, "error unset after parsing array"); 3184 3185 if (kcdata_iter_array_elem_type(iter) == STACKSHOT_KCTYPE_SYS_SHAREDCACHE_LAYOUT) { 3186 struct dyld_uuid_info_64 *shared_cache_uuids = kcdata_iter_payload(iter); 3187 uint32_t uuid_count = kcdata_iter_array_elem_count(iter); 3188 T_ASSERT_NOTNULL(shared_cache_uuids, "parsed shared cache layout array"); 3189 T_ASSERT_GT(uuid_count, 0, "returned valid number of UUIDs from shared cache"); 3190 verify_stackshot_sharedcache_layout(shared_cache_uuids, uuid_count); 3191 found_shared_cache_layout = true; 3192 } 3193 3194 break; 3195 } 3196 case KCDATA_TYPE_CONTAINER_BEGIN: { 3197 T_QUIET; 3198 T_ASSERT_TRUE(kcdata_iter_container_valid(iter), 3199 "checked that container is valid"); 3200 3201 uint64_t containerid = kcdata_iter_container_id(iter); 3202 uint32_t container_type = kcdata_iter_container_type(iter); 3203 3204 if (container_type == STACKSHOT_KCCONTAINER_SHAREDCACHE) { 3205 NSDictionary *container = parseKCDataContainer(&iter, &error); 3206 T_QUIET; T_ASSERT_NOTNULL(container, "parsed sharedcache container from stackshot"); 3207 T_QUIET; T_ASSERT_NULL(error, "error unset after parsing sharedcache container"); 3208 T_QUIET; T_EXPECT_EQ(sharedCaches[@(containerid)], nil, "sharedcache containerid %lld should be unique", containerid); 3209 sharedCaches[@(containerid)] = container; 3210 break; 3211 } 3212 3213 if (container_type == STACKSHOT_KCCONTAINER_EXCLAVES) { 3214 found_exclaves = true; 3215 break; 3216 } 3217 3218 /* 3219 * treat containers other than tasks/transitioning_tasks 3220 * as expanded in-line. 3221 */ 3222 if (container_type != STACKSHOT_KCCONTAINER_TASK && 3223 container_type != STACKSHOT_KCCONTAINER_TRANSITIONING_TASK) { 3224 T_LOG("container skipped: %d", container_type); 3225 break; 3226 } 3227 NSDictionary *container = parseKCDataContainer(&iter, &error); 3228 T_QUIET; T_ASSERT_NOTNULL(container, "parsed task/transitioning_task container from stackshot"); 3229 T_QUIET; T_ASSERT_NULL(error, "error unset after parsing container"); 3230 3231 found_tasks++; 3232 3233 NSDictionary* task_snapshot = container[@"task_snapshots"][@"task_snapshot"]; 3234 NSDictionary* task_delta_snapshot = container[@"task_snapshots"][@"task_delta_snapshot"]; 3235 NSDictionary* transitioning_task_snapshot = container[@"transitioning_task_snapshots"][@"transitioning_task_snapshot"]; 3236 3237 NSNumber *task_pid = NULL; 3238 if (task_snapshot) { 3239 task_pid = task_snapshot[@"ts_unique_pid"]; 3240 } else if(task_delta_snapshot) { 3241 task_pid = task_snapshot[@"tds_unique_pid"]; 3242 } else if(transitioning_task_snapshot) { 3243 task_pid = transitioning_task_snapshot[@"tts_pid"]; 3244 } 3245 3246 if (task_pid && [seen_tasks containsObject:task_pid]) { 3247 T_QUIET; T_ASSERT_FALSE([seen_tasks containsObject:task_pid], "No duplicate PIDs in stackshot"); 3248 [seen_tasks addObject:task_pid]; 3249 } 3250 3251 /* 3252 * Having processed the container, we now only check it 3253 * if it's the correct type. 3254 */ 3255 if ((!expect_transitioning_task && (container_type != STACKSHOT_KCCONTAINER_TASK)) || 3256 (expect_transitioning_task && (container_type != STACKSHOT_KCCONTAINER_TRANSITIONING_TASK))) { 3257 break; 3258 } 3259 if (!expect_transitioning_task) { 3260 T_QUIET; T_ASSERT_TRUE(!!task_snapshot != !!task_delta_snapshot, "Either task_snapshot xor task_delta_snapshot provided"); 3261 } 3262 3263 if (expect_dispatch_queue_label && !found_dispatch_queue_label) { 3264 for (id thread_key in container[@"task_snapshots"][@"thread_snapshots"]) { 3265 NSMutableDictionary *thread = container[@"task_snapshots"][@"thread_snapshots"][thread_key]; 3266 NSString *dql = thread[@"dispatch_queue_label"]; 3267 3268 if ([dql isEqualToString:@TEST_STACKSHOT_QUEUE_LABEL]) { 3269 found_dispatch_queue_label = true; 3270 break; 3271 } 3272 } 3273 } 3274 3275 if (expect_transitioning_task && !found_transitioning_task) { 3276 if (transitioning_task_snapshot) { 3277 uint64_t the_pid = [transitioning_task_snapshot[@"tts_pid"] unsignedLongLongValue]; 3278 if (the_pid == (uint64_t)transistioning_task_pid) { 3279 found_transitioning_task = true; 3280 3281 T_PASS("FOUND Transitioning task %llu has a transitioning task snapshot", (uint64_t) transistioning_task_pid); 3282 break; 3283 } 3284 } 3285 } 3286 3287 if (expect_postexec_child && !found_postexec_child) { 3288 if (task_snapshot) { 3289 uint64_t unique_pid = [task_snapshot[@"ts_unique_pid"] unsignedLongLongValue]; 3290 if (unique_pid == postexec_child_unique_pid) { 3291 found_postexec_child = true; 3292 3293 T_PASS("post-exec child %llu has a task snapshot", postexec_child_unique_pid); 3294 3295 break; 3296 } 3297 } 3298 3299 if (task_delta_snapshot) { 3300 uint64_t unique_pid = [task_delta_snapshot[@"tds_unique_pid"] unsignedLongLongValue]; 3301 if (unique_pid == postexec_child_unique_pid) { 3302 found_postexec_child = true; 3303 3304 T_FAIL("post-exec child %llu shouldn't have a delta task snapshot", postexec_child_unique_pid); 3305 3306 break; 3307 } 3308 } 3309 } 3310 3311 int pid = [task_snapshot[@"ts_pid"] intValue]; 3312 3313 if (pid && expect_shared_cache_uuid && !found_shared_cache_uuid) { 3314 id ptr = container[@"task_snapshots"][@"shared_cache_dyld_load_info"]; 3315 if (ptr) { 3316 id uuid = ptr[@"imageUUID"]; 3317 3318 uint8_t uuid_p[16]; 3319 for (unsigned int i = 0; i < 16; i ++) { 3320 NSNumber *uuidByte = uuid[i]; 3321 uuid_p[i] = (uint8_t)uuidByte.charValue; 3322 } 3323 3324 check_shared_cache_uuid(uuid_p); 3325 3326 uint64_t baseAddress = (uint64_t)((NSNumber *)ptr[@"imageSlidBaseAddress"]).longLongValue; 3327 uint64_t firstMapping = (uint64_t)((NSNumber *)ptr[@"sharedCacheSlidFirstMapping"]).longLongValue; 3328 3329 T_EXPECT_LE(baseAddress, firstMapping, 3330 "in per-task shared_cache_dyld_load_info, " 3331 "baseAddress <= firstMapping"); 3332 T_EXPECT_GE(baseAddress + (7ull << 32) + (1ull << 29), 3333 firstMapping, 3334 "in per-task shared_cache_dyld_load_info, " 3335 "baseAddress + 28.5gig >= firstMapping"); 3336 3337 size_t shared_cache_len; 3338 const void *addr = _dyld_get_shared_cache_range(&shared_cache_len); 3339 T_EXPECT_EQ((uint64_t)addr, firstMapping, 3340 "SlidFirstMapping should match shared_cache_range"); 3341 3342 /* 3343 * check_shared_cache_uuid() will assert on failure, so if 3344 * we get here, then we have found the shared cache UUID 3345 * and it's correct 3346 */ 3347 found_shared_cache_uuid = true; 3348 } 3349 } 3350 3351 if (expect_sharedcache_child) { 3352 uint64_t task_flags = [task_snapshot[@"ts_ss_flags"] unsignedLongLongValue]; 3353 uint64_t sharedregion_flags = (task_flags & (kTaskSharedRegionNone | kTaskSharedRegionSystem | kTaskSharedRegionOther)); 3354 id sharedregion_info = container[@"task_snapshots"][@"shared_cache_dyld_load_info"]; 3355 id sharedcache_id = container[@"task_snapshots"][@"sharedCacheID"]; 3356 if (!found_sharedcache_badflags) { 3357 T_QUIET; T_EXPECT_NE(sharedregion_flags, 0ll, "one of the kTaskSharedRegion flags should be set on all tasks"); 3358 bool multiple = (sharedregion_flags & (sharedregion_flags - 1)) != 0; 3359 T_QUIET; T_EXPECT_FALSE(multiple, "only one kTaskSharedRegion flag should be set on each task"); 3360 found_sharedcache_badflags = (sharedregion_flags == 0 || multiple); 3361 } 3362 if (pid == 0) { 3363 T_ASSERT_EQ(sharedregion_flags, (uint64_t)kTaskSharedRegionNone, "Kernel proc (pid 0) should have no shared region"); 3364 } else if (pid == sharedcache_child_pid) { 3365 found_sharedcache_child = true; 3366 sharedcache_child_flags = sharedregion_flags; 3367 } else if (pid == getpid()) { 3368 found_sharedcache_self = true; 3369 sharedcache_self_flags = sharedregion_flags; 3370 } 3371 if (sharedregion_flags == kTaskSharedRegionOther && !(task_flags & kTaskSharedRegionInfoUnavailable)) { 3372 T_QUIET; T_EXPECT_NOTNULL(sharedregion_info, "kTaskSharedRegionOther should have a shared_cache_dyld_load_info struct"); 3373 T_QUIET; T_EXPECT_NOTNULL(sharedcache_id, "kTaskSharedRegionOther should have a sharedCacheID"); 3374 if (sharedcache_id != nil) { 3375 T_QUIET; T_EXPECT_NOTNULL(sharedCaches[sharedcache_id], "sharedCacheID %d should exist", [sharedcache_id intValue]); 3376 } 3377 } else { 3378 if ((sharedregion_flags == kTaskSharedRegionOther) && (task_flags & kTaskSharedRegionInfoUnavailable)) { 3379 T_LOG("kTaskSharedRegionOther does not have shared region info available."); 3380 } 3381 T_QUIET; T_EXPECT_NULL(sharedregion_info, "non-kTaskSharedRegionOther should have no shared_cache_dyld_load_info struct"); 3382 T_QUIET; T_EXPECT_NULL(sharedcache_id, "non-kTaskSharedRegionOther should have no sharedCacheID"); 3383 } 3384 } 3385 3386 if (expect_zombie_child && (pid == zombie_child_pid)) { 3387 found_zombie_child = true; 3388 3389 expected_num_tasks += 1; 3390 3391 uint64_t task_flags = [task_snapshot[@"ts_ss_flags"] unsignedLongLongValue]; 3392 T_ASSERT_TRUE((task_flags & kTerminatedSnapshot) == kTerminatedSnapshot, "child zombie marked as terminated"); 3393 3394 continue; 3395 } 3396 3397 if (expect_translated_child && (pid == translated_child_pid)) { 3398 found_translated_child = true; 3399 3400 uint64_t task_flags = [task_snapshot[@"ts_ss_flags"] unsignedLongLongValue]; 3401 T_EXPECT_BITS_SET(task_flags, kTaskIsTranslated, "child marked as translated"); 3402 3403 continue; 3404 } 3405 if (expect_exec_inprogress && (pid == exec_inprogress_pid || pid == -exec_inprogress_pid)) { 3406 exec_inprogress_found++; 3407 T_LOG("found exec task with pid %d, instance %d", pid, exec_inprogress_found); 3408 T_QUIET; T_ASSERT_LE(exec_inprogress_found, 2, "no more than two with the expected pid"); 3409 if (exec_inprogress_found == 2) { 3410 T_LOG("found 2 tasks with pid %d", exec_inprogress_pid); 3411 exec_inprogress_cb(containerid, exec_inprogress_containerid); 3412 } else { 3413 exec_inprogress_containerid = containerid; 3414 } 3415 } 3416 if (expect_driverkit && driverkit_cb != NULL) { 3417 driverkit_cb(pid); 3418 } 3419 if (expect_cseg_waitinfo) { 3420 NSArray *winfos = container[@"task_snapshots"][@"thread_waitinfo"]; 3421 3422 for (id i in winfos) { 3423 NSNumber *waitType = i[@"wait_type"]; 3424 NSNumber *owner = i[@"owner"]; 3425 if (waitType.intValue == kThreadWaitCompressor && 3426 owner.unsignedLongValue == cseg_expected_threadid) { 3427 found_cseg_waitinfo = true; 3428 break; 3429 } 3430 } 3431 } 3432 3433 if (expect_srp_waitinfo) { 3434 NSArray *tinfos = container[@"task_snapshots"][@"thread_turnstileinfo"]; 3435 NSArray *winfos = container[@"task_snapshots"][@"thread_waitinfo"]; 3436 for (id i in tinfos) { 3437 if (!found_srp_waitinfo) { 3438 bool found_thread = false; 3439 bool found_pid = false; 3440 if (([i[@"turnstile_flags"] intValue] & STACKSHOT_TURNSTILE_STATUS_THREAD) && 3441 [i[@"turnstile_context"] unsignedLongLongValue] == srp_expected_threadid && 3442 srp_expected_threadid != 0) { 3443 found_thread = true; 3444 } 3445 if (([i[@"turnstile_flags"] intValue] & STACKSHOT_TURNSTILE_STATUS_BLOCKED_ON_TASK) && 3446 [i[@"turnstile_context"] intValue] == srp_expected_pid && 3447 srp_expected_pid != -1) { 3448 found_pid = true; 3449 } 3450 if (found_pid || found_thread) { 3451 T_LOG("found SRP %s %lld waiter: %d", (found_thread ? "thread" : "pid"), 3452 [i[@"turnstile_context"] unsignedLongLongValue], [i[@"waiter"] intValue]); 3453 /* we found something that is blocking the correct threadid */ 3454 for (id j in winfos) { 3455 if ([j[@"waiter"] intValue] == [i[@"waiter"] intValue] && 3456 [j[@"wait_type"] intValue] == kThreadWaitPortReceive) { 3457 found_srp_waitinfo = true; 3458 T_EXPECT_EQ([j[@"wait_flags"] intValue], STACKSHOT_WAITINFO_FLAGS_SPECIALREPLY, 3459 "SRP waitinfo should be marked as a special reply"); 3460 break; 3461 } 3462 } 3463 3464 if (found_srp_waitinfo) { 3465 break; 3466 } 3467 } 3468 } 3469 } 3470 } 3471 3472 if (expect_sp_throttled) { 3473 NSArray *tinfos = container[@"task_snapshots"][@"thread_turnstileinfo"]; 3474 for (id i in tinfos) { 3475 if (([i[@"turnstile_flags"] intValue] & STACKSHOT_TURNSTILE_STATUS_PORTFLAGS) 3476 && [i[@"turnstile_context"] intValue] == throttled_service_ctx) { 3477 int portlabel_id = [i[@"portlabel_id"] intValue]; 3478 T_LOG("[pid:%d] Turnstile (flags = 0x%x, ctx = %d, portlabel_id = %d)", pid, 3479 [i[@"turnstile_flags"] intValue], [i[@"turnstile_context"] intValue], portlabel_id); 3480 for (id portid in container[@"task_snapshots"][@"portlabels"]) { 3481 if (portlabel_id != [portid intValue]) { 3482 continue; 3483 } 3484 3485 NSMutableDictionary *portlabel = container[@"task_snapshots"][@"portlabels"][portid]; 3486 T_ASSERT_TRUE(portlabel != nil, "Found portlabel id: %d", [portid intValue]); 3487 NSString *portlabel_name = portlabel[@"portlabel_name"]; 3488 T_EXPECT_TRUE(portlabel_name != nil, "Found portlabel %s", portlabel_name.UTF8String); 3489 T_EXPECT_EQ_STR(portlabel_name.UTF8String, THROTTLED_SERVICE_NAME, "throttled service port name matches"); 3490 T_EXPECT_EQ(([portlabel[@"portlabel_flags"] intValue] & STACKSHOT_PORTLABEL_THROTTLED) != 0, 3491 is_throttled, "Port %s throttled", is_throttled ? "is" : "isn't"); 3492 found_throttled_service = true; 3493 break; 3494 } 3495 } 3496 3497 if (found_throttled_service) { 3498 break; 3499 } 3500 } 3501 } 3502 3503 if (expect_suspendinfo) { 3504 // TODO: rdar://112563110 3505 } 3506 3507 3508 if (pid != getpid()) { 3509 break; 3510 } 3511 3512 T_EXPECT_EQ_STR(current_process_name(), 3513 [task_snapshot[@"ts_p_comm"] UTF8String], 3514 "current process name matches in stackshot"); 3515 3516 uint64_t task_flags = [task_snapshot[@"ts_ss_flags"] unsignedLongLongValue]; 3517 T_ASSERT_BITS_NOTSET(task_flags, kTerminatedSnapshot, "current process not marked as terminated"); 3518 T_ASSERT_BITS_NOTSET(task_flags, kTaskIsTranslated, "current process not marked as translated"); 3519 3520 T_QUIET; 3521 T_EXPECT_LE(pid, [task_snapshot[@"ts_unique_pid"] intValue], 3522 "unique pid is greater than pid"); 3523 3524 NSDictionary* task_cpu_architecture = container[@"task_snapshots"][@"task_cpu_architecture"]; 3525 T_QUIET; T_ASSERT_NOTNULL(task_cpu_architecture[@"cputype"], "have cputype"); 3526 T_QUIET; T_ASSERT_NOTNULL(task_cpu_architecture[@"cpusubtype"], "have cputype"); 3527 int cputype = [task_cpu_architecture[@"cputype"] intValue]; 3528 int cpusubtype = [task_cpu_architecture[@"cpusubtype"] intValue]; 3529 3530 struct proc_archinfo archinfo; 3531 int retval = proc_pidinfo(pid, PROC_PIDARCHINFO, 0, &archinfo, sizeof(archinfo)); 3532 T_QUIET; T_WITH_ERRNO; T_ASSERT_GT(retval, 0, "proc_pidinfo(PROC_PIDARCHINFO) returned a value > 0"); 3533 T_QUIET; T_ASSERT_EQ(retval, (int)sizeof(struct proc_archinfo), "proc_pidinfo call for PROC_PIDARCHINFO returned expected size"); 3534 T_QUIET; T_EXPECT_EQ(cputype, archinfo.p_cputype, "cpu type is correct"); 3535 T_QUIET; T_EXPECT_EQ(cpusubtype, archinfo.p_cpusubtype, "cpu subtype is correct"); 3536 3537 NSDictionary * codesigning_info = container[@"task_snapshots"][@"stackshot_task_codesigning_info"]; 3538 T_QUIET; T_ASSERT_NOTNULL(codesigning_info[@"csflags"], "have csflags"); 3539 uint64_t flags = [codesigning_info[@"csflags"] unsignedLongLongValue]; 3540 T_QUIET; T_EXPECT_GT(flags, 0, "nonzero csflags"); 3541 3542 T_QUIET; T_ASSERT_NOTNULL(container[@"task_snapshots"][@"jetsam_coalition"], "have jetsam coalition"); 3543 uint64_t jetsam_coalition = [container[@"task_snapshots"][@"jetsam_coalition"] unsignedLongLongValue]; 3544 T_QUIET; T_EXPECT_GT(jetsam_coalition, 0, "nonzero jetsam coalition"); 3545 3546 bool found_main_thread = false; 3547 uint64_t main_thread_id = -1ULL; 3548 bool found_null_kernel_frame = false; 3549 for (id thread_key in container[@"task_snapshots"][@"thread_snapshots"]) { 3550 NSMutableDictionary *thread = container[@"task_snapshots"][@"thread_snapshots"][thread_key]; 3551 NSDictionary *thread_snap = thread[@"thread_snapshot"]; 3552 3553 T_QUIET; T_EXPECT_GT([thread_snap[@"ths_thread_id"] intValue], 0, 3554 "thread ID of thread in current task is valid"); 3555 T_QUIET; T_EXPECT_GT([thread_snap[@"ths_base_priority"] intValue], 0, 3556 "base priority of thread in current task is valid"); 3557 T_QUIET; T_EXPECT_GT([thread_snap[@"ths_sched_priority"] intValue], 0, 3558 "scheduling priority of thread in current task is valid"); 3559 3560 NSString *pth_name = thread[@"pth_name"]; 3561 if (pth_name != nil && [pth_name isEqualToString:@TEST_THREAD_NAME]) { 3562 found_main_thread = true; 3563 main_thread_id = [thread_snap[@"ths_thread_id"] unsignedLongLongValue]; 3564 3565 T_QUIET; T_EXPECT_GT([thread_snap[@"ths_total_syscalls"] intValue], 0, 3566 "total syscalls of current thread is valid"); 3567 3568 NSDictionary *cpu_times = thread[@"cpu_times"]; 3569 T_EXPECT_GE([cpu_times[@"runnable_time"] intValue], 3570 [cpu_times[@"system_time"] intValue] + 3571 [cpu_times[@"user_time"] intValue], 3572 "runnable time of current thread is valid"); 3573 } 3574 if (!found_null_kernel_frame) { 3575 for (NSNumber *frame in thread[@"kernel_frames"]) { 3576 if (frame.unsignedLongValue == 0) { 3577 found_null_kernel_frame = true; 3578 break; 3579 } 3580 } 3581 } 3582 if (expect_asyncstack && !found_asyncstack && 3583 asyncstack_threadid == [thread_snap[@"ths_thread_id"] unsignedLongLongValue]) { 3584 found_asyncstack = true; 3585 NSArray* async_stack = thread[@"user_async_stack_frames"]; 3586 NSNumber* start_idx = thread[@"user_async_start_index"]; 3587 NSArray* user_stack = thread[@"user_stack_frames"]; 3588 T_QUIET; T_ASSERT_NOTNULL(async_stack, "async thread %#llx has user_async_stack_frames", asyncstack_threadid); 3589 T_QUIET; T_ASSERT_NOTNULL(start_idx, "async thread %#llx has user_async_start_index", asyncstack_threadid); 3590 T_QUIET; T_ASSERT_NOTNULL(user_stack, "async thread %#llx has user_stack_frames", asyncstack_threadid); 3591 T_QUIET; T_ASSERT_EQ(async_stack.count, asyncstack_stack.count, 3592 "actual async_stack count == expected async_stack count"); 3593 for (size_t i = 0; i < async_stack.count; i++) { 3594 T_EXPECT_EQ([async_stack[i][@"lr"] unsignedLongLongValue], 3595 [asyncstack_stack[i] unsignedLongLongValue], "frame %zu matches", i); 3596 } 3597 } 3598 } 3599 T_EXPECT_TRUE(found_main_thread, "found main thread for current task in stackshot"); 3600 T_EXPECT_FALSE(found_null_kernel_frame, "should not see any NULL kernel frames"); 3601 3602 if (expect_turnstile_lock && !found_turnstile_lock) { 3603 NSArray *tsinfos = container[@"task_snapshots"][@"thread_turnstileinfo"]; 3604 3605 for (id i in tsinfos) { 3606 if ([i[@"turnstile_context"] unsignedLongLongValue] == main_thread_id) { 3607 found_turnstile_lock = true; 3608 break; 3609 } 3610 } 3611 } 3612 break; 3613 } 3614 case STACKSHOT_KCTYPE_SHAREDCACHE_LOADINFO: { 3615 // Legacy shared cache info 3616 struct dyld_shared_cache_loadinfo *payload = kcdata_iter_payload(iter); 3617 T_ASSERT_EQ((size_t)kcdata_iter_size(iter), sizeof(*payload), "valid dyld_shared_cache_loadinfo struct"); 3618 3619 check_shared_cache_uuid(payload->sharedCacheUUID); 3620 3621 T_EXPECT_LE(payload->sharedCacheUnreliableSlidBaseAddress, 3622 payload->sharedCacheSlidFirstMapping, 3623 "SlidBaseAddress <= SlidFirstMapping"); 3624 T_EXPECT_GE(payload->sharedCacheUnreliableSlidBaseAddress + (7ull << 32) + (1ull << 29), 3625 payload->sharedCacheSlidFirstMapping, 3626 "SlidFirstMapping should be within 28.5gigs of SlidBaseAddress"); 3627 3628 size_t shared_cache_len; 3629 const void *addr = _dyld_get_shared_cache_range(&shared_cache_len); 3630 T_EXPECT_EQ((uint64_t)addr, payload->sharedCacheSlidFirstMapping, 3631 "SlidFirstMapping should match shared_cache_range"); 3632 3633 /* 3634 * check_shared_cache_uuid() asserts on failure, so we must have 3635 * found the shared cache UUID to be correct. 3636 */ 3637 found_shared_cache_uuid = true; 3638 break; 3639 } 3640 case KCDATA_TYPE_UINT64_DESC: { 3641 char *desc; 3642 uint64_t *data; 3643 uint32_t size; 3644 kcdata_iter_get_data_with_desc(iter, &desc, &data, &size); 3645 3646 if (strcmp(desc, "stackshot_tasks_count") == 0) { 3647 expected_num_tasks = *data; 3648 } else if (strcmp(desc, "stackshot_threads_count") == 0) { 3649 expected_num_threads = *data; 3650 } 3651 3652 break; 3653 } 3654 case STACKSHOT_KCTYPE_LATENCY_INFO_CPU: { 3655 struct stackshot_latency_cpu *cpu_latency = kcdata_iter_payload(iter); 3656 found_percpu_tasks += cpu_latency->tasks_processed; 3657 found_percpu_threads += cpu_latency->threads_processed; 3658 break; 3659 } 3660 } 3661 } 3662 3663 if (expect_sharedcache_child) { 3664 T_QUIET; T_ASSERT_TRUE(found_sharedcache_child, "found sharedcache child in kcdata"); 3665 T_QUIET; T_ASSERT_TRUE(found_sharedcache_self, "found self in kcdata"); 3666 if (found_sharedcache_child && found_sharedcache_self) { 3667 T_QUIET; T_ASSERT_NE(sharedcache_child_flags, (uint64_t)kTaskSharedRegionNone, "sharedcache child should have shared region"); 3668 T_QUIET; T_ASSERT_NE(sharedcache_self_flags, (uint64_t)kTaskSharedRegionNone, "sharedcache: self should have shared region"); 3669 if (sharedcache_self_flags == kTaskSharedRegionSystem && !sharedcache_child_sameaddr) { 3670 /* If we're in the system shared region, and the child has a different address, child must have an Other shared region */ 3671 T_ASSERT_EQ(sharedcache_child_flags, (uint64_t)kTaskSharedRegionOther, 3672 "sharedcache child should have Other shared region"); 3673 } 3674 } 3675 } 3676 3677 if (expect_transitioning_task) { 3678 T_QUIET; T_ASSERT_TRUE(found_transitioning_task, "found transitioning_task child in kcdata"); 3679 } 3680 3681 if (expect_exec_inprogress) { 3682 T_QUIET; T_ASSERT_GT(exec_inprogress_found, 0, "found at least 1 task for execing process"); 3683 } 3684 3685 if (expect_zombie_child) { 3686 T_QUIET; T_ASSERT_TRUE(found_zombie_child, "found zombie child in kcdata"); 3687 } 3688 3689 if (expect_postexec_child) { 3690 T_QUIET; T_ASSERT_TRUE(found_postexec_child, "found post-exec child in kcdata"); 3691 } 3692 3693 if (expect_translated_child) { 3694 T_QUIET; T_ASSERT_TRUE(found_translated_child, "found translated child in kcdata"); 3695 } 3696 3697 if (expect_shared_cache_layout) { 3698 T_QUIET; T_ASSERT_TRUE(found_shared_cache_layout, "shared cache layout found in kcdata"); 3699 } 3700 3701 if (expect_shared_cache_uuid) { 3702 T_QUIET; T_ASSERT_TRUE(found_shared_cache_uuid, "shared cache UUID found in kcdata"); 3703 } 3704 3705 if (expect_dispatch_queue_label) { 3706 T_QUIET; T_ASSERT_TRUE(found_dispatch_queue_label, "dispatch queue label found in kcdata"); 3707 } 3708 3709 if (expect_turnstile_lock) { 3710 T_QUIET; T_ASSERT_TRUE(found_turnstile_lock, "found expected deadlock"); 3711 } 3712 3713 if (expect_cseg_waitinfo) { 3714 T_QUIET; T_ASSERT_TRUE(found_cseg_waitinfo, "found c_seg waitinfo"); 3715 } 3716 3717 if (expect_srp_waitinfo) { 3718 T_QUIET; T_ASSERT_TRUE(found_srp_waitinfo, "found special reply port waitinfo"); 3719 } 3720 3721 if (expect_sp_throttled) { 3722 T_QUIET; T_ASSERT_TRUE(found_throttled_service, "found the throttled service"); 3723 } 3724 3725 if (expect_asyncstack) { 3726 T_QUIET; T_ASSERT_TRUE(found_asyncstack, "found async stack threadid"); 3727 } 3728 3729 if ([extra objectForKey:no_exclaves_key] != nil) { 3730 T_QUIET; T_ASSERT_FALSE(found_exclaves, "did not find any Exclaves data"); 3731 } 3732 3733 3734 bool check_counts = !delta && !found_transitioning_task && !expect_single_task && !expect_driverkit; 3735 3736 if (check_counts && (expected_num_threads != 0) && (found_percpu_threads != 0)) { 3737 /* If the task counts below check out, we can be sure that the per-cpu reported thread counts are accurate. */ 3738 T_QUIET; T_ASSERT_EQ_ULLONG(found_percpu_threads, expected_num_threads, "number of threads reported by CPUs matches expected count"); 3739 } 3740 3741 if (check_counts && (expected_num_tasks != 0)) { 3742 T_QUIET; T_ASSERT_EQ_ULLONG(found_tasks, expected_num_tasks, "number of tasks in kcdata matches expected count"); 3743 if (found_percpu_tasks != 0) { 3744 T_QUIET; T_ASSERT_EQ_ULLONG(found_percpu_tasks, expected_num_tasks, "number of tasks reported by CPUs matches expected count"); 3745 } 3746 } 3747 3748 T_ASSERT_FALSE(KCDATA_ITER_FOREACH_FAILED(iter), "successfully iterated kcdata"); 3749 3750 free(inflatedBufferBase); 3751} 3752 3753static const char * 3754current_process_name(void) 3755{ 3756 static char name[64]; 3757 3758 if (!name[0]) { 3759 int ret = proc_name(getpid(), name, sizeof(name)); 3760 T_QUIET; 3761 T_ASSERT_POSIX_SUCCESS(ret, "proc_name failed for current process"); 3762 } 3763 3764 return name; 3765} 3766 3767static void 3768initialize_thread(void) 3769{ 3770 int ret = pthread_setname_np(TEST_THREAD_NAME); 3771 T_QUIET; 3772 T_ASSERT_POSIX_ZERO(ret, "set thread name to %s", TEST_THREAD_NAME); 3773} 3774 3775T_DECL(dirty_buffer, "test that stackshot works with a dirty input buffer from kernel", T_META_TAG_VM_PREFERRED) 3776{ 3777 const char *test_sysctl = "stackshot_dirty_buffer"; 3778 int64_t result; 3779 3780 T_LOG("running sysctl to trigger kernel-driven stackshot"); 3781 result = run_sysctl_test(test_sysctl, 0); 3782 T_ASSERT_EQ_LLONG(result, 1, "sysctl result indicated success"); 3783} 3784 3785T_DECL(kernel_initiated, "smoke test that stackshot works with kernel-initiated stackshots", T_META_TAG_VM_PREFERRED) 3786{ 3787 const char *test_sysctl = "stackshot_kernel_initiator"; 3788 int64_t result; 3789 __block bool did_get_stackshot = false; 3790 3791 initialize_thread(); // must run before the stackshots to keep parse_stackshot happy 3792 3793 T_LOG("running sysctl to trigger kernel-driven stackshot type 1"); 3794 result = run_sysctl_test(test_sysctl, 1); 3795 T_ASSERT_EQ_LLONG(result, 1, "sysctl result indicated success"); 3796 3797 T_LOG("running sysctl to trigger kernel-driven stackshot type 2"); 3798 result = run_sysctl_test(test_sysctl, 2); 3799 T_ASSERT_EQ_LLONG(result, 1, "sysctl result indicated success"); 3800 3801 struct scenario scenario = { 3802 .name = "from_kernel_initiated", 3803 .flags = STACKSHOT_RETRIEVE_EXISTING_BUFFER, 3804 }; 3805 3806 T_LOG("attempting to fetch stored in-kernel stackshot"); 3807 take_stackshot(&scenario, false, ^(void *ssbuf, size_t sslen) { 3808 T_ASSERT_NOTNULL(ssbuf, "non-null kernel stackshot"); 3809 T_ASSERT_GT(sslen, 0, "non-zero stackshot size"); 3810 parse_stackshot(0, ssbuf, sslen, nil); 3811 did_get_stackshot = true; 3812 }); 3813 3814 T_ASSERT_TRUE(did_get_stackshot, "got stackshot from kernel type 2"); 3815} 3816