xref: /xnu-12377.61.12/tests/kevent_info.c (revision 4d495c6e23c53686cf65f45067f79024cf5dcee8) 
1*4d495c6eSApple OSS Distributions #include <stdio.h>
2*4d495c6eSApple OSS Distributions #include <assert.h>
3*4d495c6eSApple OSS Distributions #include <stdlib.h>
4*4d495c6eSApple OSS Distributions #include <unistd.h>
5*4d495c6eSApple OSS Distributions #include <mach/mach.h>
6*4d495c6eSApple OSS Distributions #include <pthread.h>
7*4d495c6eSApple OSS Distributions #include <sys/event.h>
8*4d495c6eSApple OSS Distributions #include <errno.h>
9*4d495c6eSApple OSS Distributions #include <string.h>
10*4d495c6eSApple OSS Distributions #include <libproc.h>
11*4d495c6eSApple OSS Distributions 
12*4d495c6eSApple OSS Distributions #include <darwintest.h>
13*4d495c6eSApple OSS Distributions 
14*4d495c6eSApple OSS Distributions T_GLOBAL_META(T_META_NAMESPACE("xnu.kevent"),
15*4d495c6eSApple OSS Distributions     T_META_RADAR_COMPONENT_NAME("xnu"),
16*4d495c6eSApple OSS Distributions     T_META_RADAR_COMPONENT_VERSION("kevent"));
17*4d495c6eSApple OSS Distributions 
18*4d495c6eSApple OSS Distributions extern int __proc_info(int32_t callnum, int32_t pid, uint32_t flavor, uint64_t arg, user_addr_t buffer, int32_t buffersize);
19*4d495c6eSApple OSS Distributions 
20*4d495c6eSApple OSS Distributions T_DECL(avoid_leaking_KASLR, "rdar://101248992", T_META_TAG_VM_PREFERRED) {
21*4d495c6eSApple OSS Distributions 	int kq = kqueue();
22*4d495c6eSApple OSS Distributions 	T_ASSERT_GE(kq, 0, "Valid kqueue");
23*4d495c6eSApple OSS Distributions 
24*4d495c6eSApple OSS Distributions 	mach_port_t sync_port = MACH_PORT_NULL, mq_port = MACH_PORT_NULL;
25*4d495c6eSApple OSS Distributions 	kern_return_t kr = KERN_SUCCESS;
26*4d495c6eSApple OSS Distributions 
27*4d495c6eSApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &sync_port);
28*4d495c6eSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated sync port");
29*4d495c6eSApple OSS Distributions 	kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &mq_port);
30*4d495c6eSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "allocated mq port");
31*4d495c6eSApple OSS Distributions 
32*4d495c6eSApple OSS Distributions 
33*4d495c6eSApple OSS Distributions 	/* Create a kmsg which has the receive right of mq port in it for later copy
34*4d495c6eSApple OSS Distributions 	 * out */
35*4d495c6eSApple OSS Distributions 	typedef struct msg_request_s {
36*4d495c6eSApple OSS Distributions 		mach_msg_header_t header;
37*4d495c6eSApple OSS Distributions 		mach_msg_body_t body;
38*4d495c6eSApple OSS Distributions 		mach_msg_port_descriptor_t port;
39*4d495c6eSApple OSS Distributions 	}* msg_request_t;
40*4d495c6eSApple OSS Distributions 
41*4d495c6eSApple OSS Distributions 	typedef struct msg_reply_s {
42*4d495c6eSApple OSS Distributions 		mach_msg_header_t header;
43*4d495c6eSApple OSS Distributions 		mach_msg_body_t body;
44*4d495c6eSApple OSS Distributions 		mach_msg_port_descriptor_t port;
45*4d495c6eSApple OSS Distributions 		mach_msg_trailer_t trailer;
46*4d495c6eSApple OSS Distributions 	}* msg_reply_t;
47*4d495c6eSApple OSS Distributions 
48*4d495c6eSApple OSS Distributions 	union {
49*4d495c6eSApple OSS Distributions 		struct msg_request_s request;
50*4d495c6eSApple OSS Distributions 		struct msg_reply_s reply;
51*4d495c6eSApple OSS Distributions 	} message;
52*4d495c6eSApple OSS Distributions 	memset(&message, 0, sizeof(message));
53*4d495c6eSApple OSS Distributions 
54*4d495c6eSApple OSS Distributions 	msg_request_t requestp = &message.request;
55*4d495c6eSApple OSS Distributions 	msg_reply_t replyp = &message.reply;
56*4d495c6eSApple OSS Distributions 
57*4d495c6eSApple OSS Distributions 	*requestp = (struct msg_request_s) {
58*4d495c6eSApple OSS Distributions 		.header = {
59*4d495c6eSApple OSS Distributions 			.msgh_bits = MACH_MSGH_BITS_SET(MACH_MSG_TYPE_MAKE_SEND_ONCE, 0, 0, MACH_MSGH_BITS_COMPLEX),
60*4d495c6eSApple OSS Distributions 			.msgh_remote_port = sync_port,
61*4d495c6eSApple OSS Distributions 			.msgh_local_port = MACH_PORT_NULL,
62*4d495c6eSApple OSS Distributions 			.msgh_voucher_port = MACH_PORT_NULL,
63*4d495c6eSApple OSS Distributions 			.msgh_size = sizeof(*requestp),
64*4d495c6eSApple OSS Distributions 			.msgh_id = 0x88888888,
65*4d495c6eSApple OSS Distributions 		},
66*4d495c6eSApple OSS Distributions 		.body = {
67*4d495c6eSApple OSS Distributions 			.msgh_descriptor_count = 1,
68*4d495c6eSApple OSS Distributions 		},
69*4d495c6eSApple OSS Distributions 		.port = {
70*4d495c6eSApple OSS Distributions 			.name = mq_port,
71*4d495c6eSApple OSS Distributions 			.type = MACH_MSG_PORT_DESCRIPTOR,
72*4d495c6eSApple OSS Distributions 			.disposition = MACH_MSG_TYPE_MOVE_RECEIVE,
73*4d495c6eSApple OSS Distributions 		},
74*4d495c6eSApple OSS Distributions 	};
75*4d495c6eSApple OSS Distributions 
76*4d495c6eSApple OSS Distributions 	/*
77*4d495c6eSApple OSS Distributions 	 *	Send the receive right of mq_port to sync_port for later copyout.
78*4d495c6eSApple OSS Distributions 	 */
79*4d495c6eSApple OSS Distributions 	kr = mach_msg(&requestp->header, MACH_SEND_MSG, sizeof(*requestp), 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
80*4d495c6eSApple OSS Distributions 	T_ASSERT_MACH_SUCCESS(kr, "sending message to sync port");
81*4d495c6eSApple OSS Distributions 
82*4d495c6eSApple OSS Distributions 	/*
83*4d495c6eSApple OSS Distributions 	 * The EV_DISPATCH is required that can pass filt_machport_kqueue_has_turnstile().
84*4d495c6eSApple OSS Distributions 	 * The received message will be copied out to replyp.
85*4d495c6eSApple OSS Distributions 	 * In filt_machport_stash_port(), the value in ext[3] will be set to the mq_port object.
86*4d495c6eSApple OSS Distributions 	 */
87*4d495c6eSApple OSS Distributions 	struct kevent_qos_s req_event = {
88*4d495c6eSApple OSS Distributions 		.ident = sync_port,
89*4d495c6eSApple OSS Distributions 		.filter = EVFILT_MACHPORT,
90*4d495c6eSApple OSS Distributions 		.flags = EV_ADD | EV_DISPATCH,
91*4d495c6eSApple OSS Distributions 		.fflags = MACH_RCV_MSG,
92*4d495c6eSApple OSS Distributions 		.ext = {
93*4d495c6eSApple OSS Distributions 			[0] = (uint64_t)replyp,
94*4d495c6eSApple OSS Distributions 			[1] = sizeof(*replyp),
95*4d495c6eSApple OSS Distributions 		},
96*4d495c6eSApple OSS Distributions 	};
97*4d495c6eSApple OSS Distributions 	struct kevent_qos_s reply_event = {};
98*4d495c6eSApple OSS Distributions 
99*4d495c6eSApple OSS Distributions 	int nevents = kevent_qos(kq, &req_event, 1, &reply_event, 1, NULL, NULL, 0);
100*4d495c6eSApple OSS Distributions 	T_ASSERT_EQ(nevents, 1, NULL);
101*4d495c6eSApple OSS Distributions 	T_ASSERT_EQ(replyp->body.msgh_descriptor_count, 1, NULL);
102*4d495c6eSApple OSS Distributions 	assert(MACH_PORT_VALID(replyp->port.name) && replyp->port.disposition == MACH_MSG_TYPE_MOVE_RECEIVE);
103*4d495c6eSApple OSS Distributions 
104*4d495c6eSApple OSS Distributions 	struct kevent_extinfo extinfo;
105*4d495c6eSApple OSS Distributions 	int knotes = __proc_info(PROC_INFO_CALL_PIDFDINFO, getpid(), PROC_PIDFDKQUEUE_EXTINFO, kq, (user_addr_t)&extinfo, sizeof(extinfo));
106*4d495c6eSApple OSS Distributions 	T_ASSERT_EQ(knotes, 1, NULL);
107*4d495c6eSApple OSS Distributions 	T_ASSERT_EQ(extinfo.kqext_kev.ident, sync_port, NULL);
108*4d495c6eSApple OSS Distributions 
109*4d495c6eSApple OSS Distributions 	uint64_t leaked_addr = extinfo.kqext_kev.ext[3];
110*4d495c6eSApple OSS Distributions 	T_ASSERT_EQ(leaked_addr, NULL, "Leaked kernel address");
111*4d495c6eSApple OSS Distributions }
112