1 /*
2 * Copyright (c) 2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <arm_acle.h>
30 #include <darwintest.h>
31 #include <darwintest_multiprocess.h>
32 #include <mach-o/dyld.h>
33 #include <pthread.h>
34 #include <time.h>
35 #include <spawn.h>
36
37 #include "arm_mte_utilities.h"
38 #include "test_utils.h"
39
40 T_GLOBAL_META(
41 T_META_NAMESPACE("xnu.arm.mte"),
42 T_META_RADAR_COMPONENT_NAME("xnu"),
43 T_META_RADAR_COMPONENT_VERSION("arm"),
44 T_META_RUN_CONCURRENTLY(true),
45 T_META_OWNER("n_sabo"),
46 T_META_IGNORECRASHES(".*arm_mte.*")
47 );
48
49 static int n_threads = 20;
50 static int n_procs = 30;
51 /* When run with full_test=true, the device needs to be opened
52 * and connected to the internet. This doesn't fare well in BATS,
53 * but is useful for when running this test on a properly set up
54 * device at desk. */
55 bool full_test = false;
56
57 #if TARGET_OS_IOS
58 const char *terminate_safari = "killall -9 MobileSafari";
59 const char *safari_identifier = "com.apple.mobilesafari";
60 #elif TARGET_OS_OSX
61 const char *safari_path = "/Applications/Safari.app/Contents/MacOS/Safari";
62 const char *terminate_safari = "killall -9 Safari";
63 const char *safari_identifier = "com.apple.Safari";
64 #endif
65
66 typedef struct compressor_stats {
67 uint64_t tag_compressions;
68 uint64_t tag_decompressions;
69 } compressor_stats;
70
71 static void*
allocate_memory_and_wait(void * arg)72 allocate_memory_and_wait(void *arg)
73 {
74 T_SETUPBEGIN;
75 static const size_t ALLOC_SIZE = KERNEL_BUFFER_COPY_THRESHOLD;
76 long thread_num_for_proc = (long)arg;
77 vm_address_t address = (vm_address_t)NULL;
78
79 boolean_t is_tagged = thread_num_for_proc % 2;
80
81 int flags = VM_FLAGS_ANYWHERE;
82 if (is_tagged) {
83 flags |= VM_FLAGS_MTE;
84 }
85
86 /* We want to allocate the max amount of memory we'll need for the test */
87 kern_return_t kr = vm_allocate(mach_task_self(), &address, ALLOC_SIZE, flags);
88 T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "allocate tagged memory");
89 char *untagged_ptr = (char *)address;
90 T_SETUPEND;
91
92 char *orig_tagged_ptr = __arm_mte_get_tag(untagged_ptr);
93 unsigned int orig_tag = extract_mte_tag(orig_tagged_ptr);
94 T_QUIET; T_ASSERT_EQ_UINT(orig_tag, 0U, "originally assigned tag is zero");
95
96 if (is_tagged) {
97 char *random_tagged_ptr = NULL;
98 /*
99 * Generate the random tag. xnu automatically excludes 0 as a tag
100 * for userspace: ensure that it never shows up in the loop below.
101 */
102 for (unsigned int i = 0; i < NUM_MTE_TAGS * 4; i++) {
103 random_tagged_ptr = __arm_mte_create_random_tag(untagged_ptr, 0);
104 T_QUIET; T_EXPECT_NE_PTR(orig_tagged_ptr, random_tagged_ptr,
105 "random tag was not taken from excluded tag set");
106
107 ptrdiff_t diff = __arm_mte_ptrdiff(untagged_ptr, random_tagged_ptr);
108 T_QUIET; T_EXPECT_EQ_ULONG(diff, (ptrdiff_t)0, "untagged %p and tagged %p have identical address bits",
109 untagged_ptr, random_tagged_ptr);
110 }
111
112 /* Ensure that basic set/read/access operations work */
113
114 /* Store the last generated random tag */
115 __arm_mte_set_tag((void *)random_tagged_ptr);
116 /* Read it back and ensure it matches */
117 char *newly_tagged_ptr = __arm_mte_get_tag((void *)random_tagged_ptr);
118 T_QUIET; T_EXPECT_EQ_PTR(newly_tagged_ptr, random_tagged_ptr, "tag was committed to memory correctly");
119 /* Ensure we can access */
120 newly_tagged_ptr[0] = 'a';
121 /* Reset the initial zero tag */
122 __arm_mte_set_tag((void *)address);
123 } else {
124 for (uint64_t i = 0; i < ALLOC_SIZE; ++i) {
125 orig_tagged_ptr[i] = 'a';
126 }
127 }
128
129 T_QUIET; T_ASSERT_MACH_SUCCESS(vm_deallocate(mach_task_self(), address, ALLOC_SIZE), "Deallocated memory");
130 return (void *)NULL;
131 }
132
133 T_HELPER_DECL(create_many_threads_helper, "A helper that creates n_threads threads and assert they exit successfully") {
134 pthread_t thread[n_threads];
135 void *status = NULL;
136
137 /* the process should be mte enabled */
138 T_QUIET; T_ASSERT_TRUE(validate_proc_pidinfo_mte_status(getpid(), true), "process is running with MTE");
139
140 /* Create multiple threads */
141 for (long thread_num = 0; thread_num < n_threads; thread_num++) {
142 int return_code = pthread_create(&thread[thread_num], NULL, allocate_memory_and_wait, (void*) thread_num);
143 T_QUIET; T_ASSERT_POSIX_ZERO(return_code, "Created thread %li", thread_num);
144 }
145
146 /* Wait for all threads to finish */
147 for (int thread_num = 0; thread_num < n_threads; thread_num++) {
148 int return_code = pthread_join(thread[thread_num], &status);
149 T_QUIET; T_ASSERT_POSIX_ZERO(return_code, "Thread %d joined successfully", thread_num);
150 }
151 T_PASS("Process with pid %d exiting\n", getpid());
152 }
153
154 T_HELPER_DECL(app_helper, "A helper that launches and stimulates Safari and Notes") {
155 #if TARGET_OS_IOS
156 int buffer_size = 256;
157 char launch_safari[buffer_size] = {};
158 snprintf(launch_safari, buffer_size, "xctitool launch %s", safari_identifier);
159 /* For now, the running Safari process will not have MTE.
160 * Eventually, MTE will be enabled on Safari by default from the system's launchd plist. */
161 T_ASSERT_POSIX_ZERO(system(launch_safari), "launchd Safari");
162
163 /* Move past home screen to launch app in foreground */
164 T_ASSERT_POSIX_ZERO(system("LaunchApp -unlock com.apple.springboard"), "open homescreen");
165
166 /* Process 1: Safari, enabled with MTE, launched and we open a new tab */
167 T_ASSERT_POSIX_ZERO(system("xctitool interact com.apple.mobilesafari -action \"tap\" -element \"NewTabButton\""), "new Safari tab");
168
169 if (full_test) {
170 T_ASSERT_POSIX_ZERO(system("xctitool interact com.apple.mobilesafari --element \"favoritesItemIdentifierContent\" --action tap"), "Safari internet search");
171 }
172
173 /* Process 2: Notes app (spawned without MTE), brought to foreground */
174 T_ASSERT_POSIX_ZERO(system("xctitool launch com.apple.mobilenotes"), "launch notes app");
175
176 #elif TARGET_OS_OSX
177 int buffer_size = 256;
178 char launch_safari[buffer_size] = {};
179 snprintf(launch_safari, buffer_size, "xctitool launch %s", safari_identifier);
180 if (full_test) {
181 /* Although these commands pass at desk, weird things happen in BATS */
182 T_ASSERT_POSIX_ZERO(system(launch_safari), "launchd Safari");
183 T_ASSERT_POSIX_ZERO(system("xctitool interact com.apple.Safari -action \"click\" -element \"NewTabButton\""), "new Safari tab");
184 /* Since J7XX hardware in BATS can connect to WiFi, make a search.
185 * This action opens one of the recommended websites on the Safari homepage .*/
186 T_ASSERT_POSIX_ZERO(system("xctitool interact com.apple.Safari --element \"linkRecommendationCollectionViewItem\" --action click"), "Safari internet search");
187 T_ASSERT_POSIX_ZERO(system("xctitool launch com.apple.Notes"), "launch notes app");
188 }
189 #endif
190 }
191
192 T_HELPER_DECL(arm_mte_stress_helper, "forks many multi-threaded processes that allocated tagged and untagged memory") {
193 dt_helper_t helpers[n_procs + 1];
194 /* Start the helper that spawns Safari with MTE and excercises it in interesting ways */
195 helpers[0] = dt_fork_helper("app_helper");
196 /* Start the helpers that allocate tagged memory from multiple threads, for multiple processes */
197 for (int i = 1; i <= n_procs; ++i) {
198 helpers[i] = dt_fork_helper("create_many_threads_helper");
199 }
200 dt_run_helpers(helpers, (unsigned long)n_procs + 1, 600);
201 }
202
203 void
run_munch(bool with_lim_resident)204 run_munch(bool with_lim_resident)
205 {
206 /* Use munch to wire down as much memory as possible. We want the memory to stay
207 * wired throughout the test, to make it easier to invoke the compressor. This is why
208 * we wire it at priority 98. However, we want the test process to proceed after wiring
209 * the memory, so wire it in the background, otherwise, the test blocks at this step. */
210 T_QUIET; T_ASSERT_POSIX_ZERO(system("munch --lim-jetsam 98 --type=wired --cfg-background")
211 , "wired memory with munch");
212
213 /*
214 * Start munch to increase memory pressure by creating as much page demand as possible,
215 * filling new pages with zeros, and creating the need for memory to be compressed or swapped.
216 * Spawn this with MTE, as malloc, in some cases, allocates tagged memory
217 */
218 if (with_lim_resident) {
219 char *munch_args[] = {"/usr/local/bin/munch", "--type=malloc", "--lim-resident", "--fill-zero", "--demand-pattern=exponential", "--demand-increment=unlimited", "--cfg-background", NULL};
220 posix_spawn_then_perform_action_from_process(munch_args, MTE_SPAWN_USE_LEGACY_API, 0);
221 }
222 }
223
224 static void
tear_down(void)225 tear_down(void)
226 {
227 /* Terminate munch */
228 T_QUIET; T_EXPECT_POSIX_SUCCESS(system("killall -9 munch"), "terminated munch");
229 }
230
231 bool
should_run_munch_lim_resident(int argc,char * const * argv)232 should_run_munch_lim_resident(int argc, char *const *argv)
233 {
234 if (argc == 2) {
235 if (atoi(argv[1]) == 1) {
236 T_LOG("Will run with munch lim-resident");
237 return true;
238 }
239 }
240 return false;
241 }
242
243 int
parse_num_cycles(int argc,char * const * argv)244 parse_num_cycles(int argc, char *const *argv)
245 {
246 if (argc >= 1) {
247 if (atoi(argv[0]) > 0) {
248 T_LOG("Will run %d cycles", n_procs);
249 return atoi(argv[0]);
250 }
251 }
252 return 3;
253 }
254
255 void
set_test_mode(int argc,char * const * argv)256 set_test_mode(int argc, char *const *argv)
257 {
258 if (argc >= 3) {
259 if (atoi(argv[2]) == 1) {
260 T_LOG("Will run the full test version. Requires internet and unlocked device.");
261 full_test = true;
262 }
263 }
264 }
265
266 void
launch_helper(char * helper_name)267 launch_helper(char *helper_name)
268 {
269 char path[PATH_MAX] = {};
270 uint32_t path_size = sizeof(path);
271 T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath");
272 char *helper_args[] = { path, "-n", helper_name, NULL};
273 int status = -1;
274 pid_t child_pid = 0;
275
276 /* Now, continuously allocate tagged memory on behalf of multiple, multi-threaded processes
277 * by spawning arm_mte_stress_helper repeatedly and launching Safari with MTE and Notes without MTE
278 * to provide some end-to-end system testing. */
279 int ret = posix_spawn(&child_pid, helper_args[0], NULL, NULL, helper_args, NULL);
280 T_ASSERT_POSIX_ZERO(ret, "posix_spawn");
281 T_ASSERT_NE(child_pid, 0, "posix_spawn");
282
283 /* Ensure the process from which tagged memory was allocated succeeded. */
284 T_ASSERT_POSIX_SUCCESS(waitpid(child_pid, &status, 0), "waitpid");
285 T_EXPECT_TRUE(WIFEXITED(status), "exited successfully");
286 T_EXPECT_TRUE(WEXITSTATUS(status) == 0, "exited with status %d", WEXITSTATUS(status));
287 }
288
289 /*
290 * One can change the level of memory pressure applied and number of iterations
291 * via the cli as follows:
292 *
293 * ./arm_mte_stress arm_mte_stress_cycler -- <num_cycles> <with_lim_resident> <test_mode>
294 *
295 * <num_cycles>: number of cycles to repeat the test. Default is 3.
296 * <with_lim_resident>: should be 1 to specify running the test with extra pressure.
297 * <test_mode>: should be 1 specify running the test with Safari internet searches.
298 */
299 T_DECL(arm_mte_stress_cycler,
300 "Wires down as much memory as permitted using munch and allocates tagged memory "
301 "from multiple multi-threaded processes to create memory pressure. Launches Safari "
302 "with MTE and opens a new tab. Then launches Notes, which is not MTE enabled, to "
303 "exercise the system in a more interesting way. This is repeated three times and then "
304 "sysctls are used to ensure that the compressor is compressing and decompressing tag "
305 "storage pages. Test can be enhanced to run more cycles, or add additional memory "
306 "pressure when run at desk. ",
307 T_META_REQUIRES_SYSCTL_EQ("hw.optional.arm.FEAT_MTE4", 1),
308 /* For now, J8XX form-factor devices with WiFi are not available in BATS */
309 #if TARGET_OS_OSX
310 T_META_REQUIRES_NETWORK(true),
311 #endif
312 XNU_T_META_SOC_SPECIFIC,
313 T_META_ENABLED(false) /* rdar://147337971 */) {
314 T_ATEND(tear_down);
315
316 /* User override to add extra memory pressure by running munch --lim-resident.
317 * Default is without. */
318 bool with_lim_resident = should_run_munch_lim_resident(argc, argv);
319 /* User override of number of cycles to repeat the test. Default is 3. */
320 int num_cycles = parse_num_cycles(argc, argv);
321 /* User override to determine which mode to run the test in. A value of 1
322 * means making Safari searches and requires internet connectivity. */
323 set_test_mode(argc, argv);
324
325 /* Create memory pressure using munch. */
326 run_munch(with_lim_resident);
327
328 struct compressor_stats *compressor_data = malloc(num_cycles * sizeof(struct compressor_stats));
329
330 for (int i = 0; i < num_cycles; ++i) {
331 /* Verify that MTE compression is not disabled on the device */
332 uint64_t no_compressor_pager_for_mte_count = sysctl_get_Q("vm.mte.no_compressor_pager_for_mte");
333 if (no_compressor_pager_for_mte_count > 0) {
334 T_SKIP("MTE compression is disabled on this device.");
335 }
336
337 compressor_data[i].tag_compressions = sysctl_get_Q("vm.mte.compress_pages_compressed");
338 T_LOG("Compressed tags: %llu compressed tags", compressor_data[i].tag_compressions);
339 compressor_data[i].tag_decompressions = sysctl_get_Q("vm.mte.compress_pages_decompressed");
340 T_LOG("Decompressed tags: %llu decompressed tags", compressor_data[i].tag_decompressions);
341
342 /* Now, continuously allocate tagged memory on behalf of multiple, multi-threaded processes
343 * by spawning arm_mte_stress_helper repeatedly and launching Safari with MTE and Notes without MTE
344 * to provide some end-to-end system testing. */
345 launch_helper("arm_mte_stress_helper");
346
347 /* When invoked with a larger number of cycles, ensure tag pages are compressed and
348 * decompressed throughout the test */
349 if (i >= 40 && i >= (num_cycles / 3)) {
350 /* Ensure the compressor is compressing and decompressing tag pages. */
351 /* If after (num_cycles / 3) rounds, compressions and decompressions have not */
352 /* increased, something is blocked */
353 T_EXPECT_GT_(compressor_data[i].tag_compressions, compressor_data[i - (num_cycles / 3)].tag_compressions, "MTE tag pages are being compressed as expected");
354 T_EXPECT_GT_(compressor_data[i].tag_decompressions, compressor_data[i - (num_cycles / 3)].tag_decompressions, "MTE tag pages are being decompressed as expected");
355 }
356 }
357
358 /* Assert tag pages were compressed or decompressed since the beginning of the test. */
359 T_EXPECT_TRUE((compressor_data[num_cycles - 1].tag_compressions > compressor_data[0].tag_compressions) ||
360 (compressor_data[num_cycles - 1].tag_decompressions > compressor_data[0].tag_decompressions),
361 "MTE tag pages are being compressed and/or decompressed as expected");
362
363 /* Summarize compression / decompression growth over the duration of the test */
364 T_LOG("Tag page compressions:");
365 for (int i = 0; i < num_cycles; ++i) {
366 /* T_LOG inserts a newline after each metric, after printing a timestamp.
367 * That makes these statistics difficult to transfer over to say, excel,
368 * for further analysis. Print the values in a single, comma delineated line.
369 */
370 fprintf(stderr, "%llu, ", compressor_data[i].tag_compressions);
371 }
372 T_LOG("Tag page decompressions:");
373 for (int i = 0; i < num_cycles; ++i) {
374 fprintf(stderr, "%llu, ", compressor_data[i].tag_decompressions);
375 }
376
377 free(compressor_data);
378 }
379