1*043036a2SApple OSS Distributions /*
2*043036a2SApple OSS Distributions * Copyright (c) 2025 Apple Inc. All rights reserved.
3*043036a2SApple OSS Distributions *
4*043036a2SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5*043036a2SApple OSS Distributions *
6*043036a2SApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code
7*043036a2SApple OSS Distributions * as defined in and that are subject to the Apple Public Source License
8*043036a2SApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in
9*043036a2SApple OSS Distributions * compliance with the License. The rights granted to you under the License
10*043036a2SApple OSS Distributions * may not be used to create, or enable the creation or redistribution of,
11*043036a2SApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to
12*043036a2SApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any
13*043036a2SApple OSS Distributions * terms of an Apple operating system software license agreement.
14*043036a2SApple OSS Distributions *
15*043036a2SApple OSS Distributions * Please obtain a copy of the License at
16*043036a2SApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file.
17*043036a2SApple OSS Distributions *
18*043036a2SApple OSS Distributions * The Original Code and all software distributed under the License are
19*043036a2SApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20*043036a2SApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21*043036a2SApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22*043036a2SApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23*043036a2SApple OSS Distributions * Please see the License for the specific language governing rights and
24*043036a2SApple OSS Distributions * limitations under the License.
25*043036a2SApple OSS Distributions *
26*043036a2SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27*043036a2SApple OSS Distributions */
28*043036a2SApple OSS Distributions
29*043036a2SApple OSS Distributions /* test that the header doesn't implicitly depend on others */
30*043036a2SApple OSS Distributions #include <sys/resource_private.h>
31*043036a2SApple OSS Distributions #include <sys/resource.h>
32*043036a2SApple OSS Distributions
33*043036a2SApple OSS Distributions #include <libproc.h>
34*043036a2SApple OSS Distributions
35*043036a2SApple OSS Distributions #include <sys/types.h>
36*043036a2SApple OSS Distributions #include <unistd.h>
37*043036a2SApple OSS Distributions
38*043036a2SApple OSS Distributions #include <mach/task.h>
39*043036a2SApple OSS Distributions #include <mach/task_policy.h>
40*043036a2SApple OSS Distributions #include <mach/mach.h>
41*043036a2SApple OSS Distributions
42*043036a2SApple OSS Distributions #include <darwintest.h>
43*043036a2SApple OSS Distributions #include <darwintest_utils.h>
44*043036a2SApple OSS Distributions
45*043036a2SApple OSS Distributions #include <sys/sfi.h>
46*043036a2SApple OSS Distributions #include <Kernel/kern/ledger.h> /* TODO: this should be installed for userspace */
47*043036a2SApple OSS Distributions extern int ledger(int cmd, caddr_t arg1, caddr_t arg2, caddr_t arg3);
48*043036a2SApple OSS Distributions
49*043036a2SApple OSS Distributions #include <kern/debug.h>
50*043036a2SApple OSS Distributions extern int __microstackshot(char *tracebuf, uint32_t tracebuf_size, uint32_t flags);
51*043036a2SApple OSS Distributions
52*043036a2SApple OSS Distributions
53*043036a2SApple OSS Distributions T_GLOBAL_META(T_META_NAMESPACE("xnu.scheduler"),
54*043036a2SApple OSS Distributions T_META_RADAR_COMPONENT_NAME("xnu"),
55*043036a2SApple OSS Distributions T_META_RADAR_COMPONENT_VERSION("scheduler"),
56*043036a2SApple OSS Distributions T_META_OWNER("chimene"),
57*043036a2SApple OSS Distributions T_META_RUN_CONCURRENTLY(false), /* because of messing with global SFI */
58*043036a2SApple OSS Distributions T_META_ASROOT(true), /* for TASK_POLICY_STATE, and setting SFI */
59*043036a2SApple OSS Distributions T_META_TAG_VM_PREFERRED);
60*043036a2SApple OSS Distributions
61*043036a2SApple OSS Distributions static void
check_is_bg(bool wants_bg)62*043036a2SApple OSS Distributions check_is_bg(bool wants_bg)
63*043036a2SApple OSS Distributions {
64*043036a2SApple OSS Distributions kern_return_t kr;
65*043036a2SApple OSS Distributions struct task_policy_state policy_state;
66*043036a2SApple OSS Distributions
67*043036a2SApple OSS Distributions mach_msg_type_number_t count = TASK_POLICY_STATE_COUNT;
68*043036a2SApple OSS Distributions boolean_t get_default = FALSE;
69*043036a2SApple OSS Distributions
70*043036a2SApple OSS Distributions kr = task_policy_get(mach_task_self(), TASK_POLICY_STATE,
71*043036a2SApple OSS Distributions (task_policy_t)&policy_state, &count, &get_default);
72*043036a2SApple OSS Distributions
73*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "task_policy_get(TASK_POLICY_STATE)");
74*043036a2SApple OSS Distributions
75*043036a2SApple OSS Distributions /*
76*043036a2SApple OSS Distributions * A test reporting type=APPLICATION should have the live donor bit set.
77*043036a2SApple OSS Distributions * If this fails, the test may have been launched as a daemon instead.
78*043036a2SApple OSS Distributions */
79*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_LIVE_DONOR, "test should be live donor enabled");
80*043036a2SApple OSS Distributions
81*043036a2SApple OSS Distributions /*
82*043036a2SApple OSS Distributions * The BG bit is updated via task_policy_update_internal_locked,
83*043036a2SApple OSS Distributions * checking this proves that the first phase update ran on this task.
84*043036a2SApple OSS Distributions */
85*043036a2SApple OSS Distributions if (wants_bg) {
86*043036a2SApple OSS Distributions T_ASSERT_BITS_SET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is BG", getpid());
87*043036a2SApple OSS Distributions } else {
88*043036a2SApple OSS Distributions T_ASSERT_BITS_NOTSET(policy_state.effective, POLICY_EFF_DARWIN_BG, "%d: is not BG", getpid());
89*043036a2SApple OSS Distributions }
90*043036a2SApple OSS Distributions
91*043036a2SApple OSS Distributions /*
92*043036a2SApple OSS Distributions * The live donor bit is updated via task_policy_update_complete_unlocked,
93*043036a2SApple OSS Distributions * checking this proves that the second phase update ran on this task.
94*043036a2SApple OSS Distributions */
95*043036a2SApple OSS Distributions if (wants_bg) {
96*043036a2SApple OSS Distributions T_ASSERT_BITS_NOTSET(policy_state.flags, TASK_IMP_DONOR, "%d: is not live donor", getpid());
97*043036a2SApple OSS Distributions } else {
98*043036a2SApple OSS Distributions T_ASSERT_BITS_SET(policy_state.flags, TASK_IMP_DONOR, "%d: is live donor", getpid());
99*043036a2SApple OSS Distributions }
100*043036a2SApple OSS Distributions }
101*043036a2SApple OSS Distributions
102*043036a2SApple OSS Distributions static void
check_runaway_mode(bool expected_mode)103*043036a2SApple OSS Distributions check_runaway_mode(bool expected_mode)
104*043036a2SApple OSS Distributions {
105*043036a2SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0);
106*043036a2SApple OSS Distributions
107*043036a2SApple OSS Distributions T_QUIET;
108*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
109*043036a2SApple OSS Distributions
110*043036a2SApple OSS Distributions T_LOG("pid %d: runaway mitigation mode is: %d", getpid(), runaway_mode);
111*043036a2SApple OSS Distributions
112*043036a2SApple OSS Distributions if (expected_mode) {
113*043036a2SApple OSS Distributions T_QUIET;
114*043036a2SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");
115*043036a2SApple OSS Distributions check_is_bg(true);
116*043036a2SApple OSS Distributions } else {
117*043036a2SApple OSS Distributions T_QUIET;
118*043036a2SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
119*043036a2SApple OSS Distributions check_is_bg(false);
120*043036a2SApple OSS Distributions }
121*043036a2SApple OSS Distributions }
122*043036a2SApple OSS Distributions
123*043036a2SApple OSS Distributions T_DECL(entitled_runaway_mode, "runaway mitigation mode should be settable while entitled")
124*043036a2SApple OSS Distributions {
125*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
126*043036a2SApple OSS Distributions
127*043036a2SApple OSS Distributions check_runaway_mode(false);
128*043036a2SApple OSS Distributions
129*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
130*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
131*043036a2SApple OSS Distributions
132*043036a2SApple OSS Distributions check_runaway_mode(true);
133*043036a2SApple OSS Distributions
134*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
135*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
136*043036a2SApple OSS Distributions
137*043036a2SApple OSS Distributions check_runaway_mode(false);
138*043036a2SApple OSS Distributions }
139*043036a2SApple OSS Distributions
140*043036a2SApple OSS Distributions T_DECL(entitled_runaway_mode_read_root, "runaway mitigation mode should be readable as root",
141*043036a2SApple OSS Distributions T_META_ASROOT(true))
142*043036a2SApple OSS Distributions {
143*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
144*043036a2SApple OSS Distributions
145*043036a2SApple OSS Distributions check_runaway_mode(false);
146*043036a2SApple OSS Distributions }
147*043036a2SApple OSS Distributions
148*043036a2SApple OSS Distributions T_DECL(entitled_runaway_mode_read_notroot, "runaway mitigation mode should be readable as not root but entitled",
149*043036a2SApple OSS Distributions T_META_ASROOT(false))
150*043036a2SApple OSS Distributions {
151*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
152*043036a2SApple OSS Distributions
153*043036a2SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, getpid());
154*043036a2SApple OSS Distributions
155*043036a2SApple OSS Distributions T_QUIET;
156*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
157*043036a2SApple OSS Distributions
158*043036a2SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF, "should be off");
159*043036a2SApple OSS Distributions }
160*043036a2SApple OSS Distributions
161*043036a2SApple OSS Distributions T_DECL(runaway_mode_child_exit, "runaway mitigation mode should disappear when child exits")
162*043036a2SApple OSS Distributions {
163*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
164*043036a2SApple OSS Distributions
165*043036a2SApple OSS Distributions check_runaway_mode(false);
166*043036a2SApple OSS Distributions
167*043036a2SApple OSS Distributions T_LOG("Spawning child");
168*043036a2SApple OSS Distributions
169*043036a2SApple OSS Distributions pid_t child_pid = fork();
170*043036a2SApple OSS Distributions
171*043036a2SApple OSS Distributions if (child_pid == 0) {
172*043036a2SApple OSS Distributions /* child process */
173*043036a2SApple OSS Distributions
174*043036a2SApple OSS Distributions check_runaway_mode(false);
175*043036a2SApple OSS Distributions
176*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
177*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
178*043036a2SApple OSS Distributions
179*043036a2SApple OSS Distributions check_runaway_mode(true);
180*043036a2SApple OSS Distributions
181*043036a2SApple OSS Distributions T_LOG("Exit pid %d with runaway mitigation mode on", getpid());
182*043036a2SApple OSS Distributions
183*043036a2SApple OSS Distributions exit(0);
184*043036a2SApple OSS Distributions } else {
185*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork, pid %d", child_pid);
186*043036a2SApple OSS Distributions
187*043036a2SApple OSS Distributions /* wait for child process to exit */
188*043036a2SApple OSS Distributions int exit_status = 0, signum = 0;
189*043036a2SApple OSS Distributions
190*043036a2SApple OSS Distributions T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
191*043036a2SApple OSS Distributions "wait for child (%d) complete", child_pid);
192*043036a2SApple OSS Distributions
193*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
194*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
195*043036a2SApple OSS Distributions }
196*043036a2SApple OSS Distributions
197*043036a2SApple OSS Distributions check_runaway_mode(false);
198*043036a2SApple OSS Distributions }
199*043036a2SApple OSS Distributions
200*043036a2SApple OSS Distributions T_DECL(runaway_mode_child_set, "runaway mitigation mode should be settable on child pid")
201*043036a2SApple OSS Distributions {
202*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
203*043036a2SApple OSS Distributions
204*043036a2SApple OSS Distributions check_runaway_mode(false);
205*043036a2SApple OSS Distributions
206*043036a2SApple OSS Distributions int fd[2];
207*043036a2SApple OSS Distributions
208*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(pipe(fd), "pipe()");
209*043036a2SApple OSS Distributions
210*043036a2SApple OSS Distributions T_LOG("Spawning child");
211*043036a2SApple OSS Distributions
212*043036a2SApple OSS Distributions pid_t child_pid = fork();
213*043036a2SApple OSS Distributions
214*043036a2SApple OSS Distributions if (child_pid == 0) {
215*043036a2SApple OSS Distributions char buf[10];
216*043036a2SApple OSS Distributions
217*043036a2SApple OSS Distributions /* child process */
218*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork, in child with pid %d", getpid());
219*043036a2SApple OSS Distributions
220*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");
221*043036a2SApple OSS Distributions
222*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(read(fd[0], buf, sizeof(buf)), "read(fd[0], buf, sizeof(buf)");
223*043036a2SApple OSS Distributions
224*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[0]), "close(fd[0])");
225*043036a2SApple OSS Distributions
226*043036a2SApple OSS Distributions check_runaway_mode(true);
227*043036a2SApple OSS Distributions
228*043036a2SApple OSS Distributions T_LOG("Exit pid %d with runaway mitigation mode on", getpid());
229*043036a2SApple OSS Distributions
230*043036a2SApple OSS Distributions exit(0);
231*043036a2SApple OSS Distributions } else {
232*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(child_pid, "fork parent: child pid %d", child_pid);
233*043036a2SApple OSS Distributions
234*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
235*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
236*043036a2SApple OSS Distributions
237*043036a2SApple OSS Distributions int runaway_mode = getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, child_pid);
238*043036a2SApple OSS Distributions
239*043036a2SApple OSS Distributions T_QUIET;
240*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(runaway_mode, "getpriority(PRIO_DARWIN_RUNAWAY_MITIGATION)");
241*043036a2SApple OSS Distributions
242*043036a2SApple OSS Distributions T_ASSERT_EQ(runaway_mode, PRIO_DARWIN_RUNAWAY_MITIGATION_ON, "should be on");
243*043036a2SApple OSS Distributions
244*043036a2SApple OSS Distributions T_QUIET; T_LOG("Signalling child to continue");
245*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(close(fd[1]), "close(fd[1])");
246*043036a2SApple OSS Distributions
247*043036a2SApple OSS Distributions /* wait for child process to exit */
248*043036a2SApple OSS Distributions int exit_status = 0, signum = 0;
249*043036a2SApple OSS Distributions
250*043036a2SApple OSS Distributions T_ASSERT_TRUE(dt_waitpid(child_pid, &exit_status, &signum, 5),
251*043036a2SApple OSS Distributions "wait for child (%d) complete", child_pid);
252*043036a2SApple OSS Distributions
253*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(exit_status, 0, "dt_waitpid: exit_status");
254*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(signum, 0, "dt_waitpid: signum");
255*043036a2SApple OSS Distributions }
256*043036a2SApple OSS Distributions
257*043036a2SApple OSS Distributions check_runaway_mode(false);
258*043036a2SApple OSS Distributions }
259*043036a2SApple OSS Distributions
260*043036a2SApple OSS Distributions
261*043036a2SApple OSS Distributions /*
262*043036a2SApple OSS Distributions * TODO: This should be in a test utils library,
263*043036a2SApple OSS Distributions * but it requires including Kernel.framework header kern/ledger.h, which is Bad
264*043036a2SApple OSS Distributions */
265*043036a2SApple OSS Distributions static size_t
ledger_index_for_string(size_t * num_entries,char * string)266*043036a2SApple OSS Distributions ledger_index_for_string(size_t *num_entries, char* string)
267*043036a2SApple OSS Distributions {
268*043036a2SApple OSS Distributions struct ledger_info li;
269*043036a2SApple OSS Distributions struct ledger_template_info *templateInfo = NULL;
270*043036a2SApple OSS Distributions int ret;
271*043036a2SApple OSS Distributions size_t i, footprint_index;
272*043036a2SApple OSS Distributions bool found = false;
273*043036a2SApple OSS Distributions
274*043036a2SApple OSS Distributions ret = ledger(LEDGER_INFO, (caddr_t)(uintptr_t)getpid(), (caddr_t)&li, NULL);
275*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_INFO)");
276*043036a2SApple OSS Distributions
277*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_GT(li.li_entries, (int64_t) 0, "num ledger entries is valid");
278*043036a2SApple OSS Distributions *num_entries = (size_t) li.li_entries;
279*043036a2SApple OSS Distributions templateInfo = malloc((size_t)li.li_entries * sizeof(struct ledger_template_info));
280*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_NOTNULL(templateInfo, "malloc entries");
281*043036a2SApple OSS Distributions
282*043036a2SApple OSS Distributions footprint_index = 0;
283*043036a2SApple OSS Distributions ret = ledger(LEDGER_TEMPLATE_INFO, (caddr_t) templateInfo, (caddr_t) num_entries, NULL);
284*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_TEMPLATE_INFO)");
285*043036a2SApple OSS Distributions for (i = 0; i < *num_entries; i++) {
286*043036a2SApple OSS Distributions if (strcmp(templateInfo[i].lti_name, string) == 0) {
287*043036a2SApple OSS Distributions footprint_index = i;
288*043036a2SApple OSS Distributions found = true;
289*043036a2SApple OSS Distributions }
290*043036a2SApple OSS Distributions }
291*043036a2SApple OSS Distributions free(templateInfo);
292*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_TRUE(found, "found %s in ledger", string);
293*043036a2SApple OSS Distributions return footprint_index;
294*043036a2SApple OSS Distributions }
295*043036a2SApple OSS Distributions
296*043036a2SApple OSS Distributions /*
297*043036a2SApple OSS Distributions * sadly there's no 'get just this one ledger index' syscall,
298*043036a2SApple OSS Distributions * we have to read all ledgers and filter for the one we want
299*043036a2SApple OSS Distributions */
300*043036a2SApple OSS Distributions static int64_t
get_ledger_entry_for_pid(pid_t pid,size_t index,size_t num_entries)301*043036a2SApple OSS Distributions get_ledger_entry_for_pid(pid_t pid, size_t index, size_t num_entries)
302*043036a2SApple OSS Distributions {
303*043036a2SApple OSS Distributions int ret;
304*043036a2SApple OSS Distributions int64_t value;
305*043036a2SApple OSS Distributions struct ledger_entry_info *lei = NULL;
306*043036a2SApple OSS Distributions
307*043036a2SApple OSS Distributions lei = malloc(num_entries * sizeof(*lei));
308*043036a2SApple OSS Distributions ret = ledger(LEDGER_ENTRY_INFO, (caddr_t) (uintptr_t) pid, (caddr_t) lei, (caddr_t) &num_entries);
309*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "ledger(LEDGER_ENTRY_INFO)");
310*043036a2SApple OSS Distributions value = lei[index].lei_balance;
311*043036a2SApple OSS Distributions free(lei);
312*043036a2SApple OSS Distributions return value;
313*043036a2SApple OSS Distributions }
314*043036a2SApple OSS Distributions
315*043036a2SApple OSS Distributions
316*043036a2SApple OSS Distributions uint64_t initial_sfi_window = 0, initial_class_offtime = 0;
317*043036a2SApple OSS Distributions
318*043036a2SApple OSS Distributions static void
restore_sfi_state(void)319*043036a2SApple OSS Distributions restore_sfi_state(void)
320*043036a2SApple OSS Distributions {
321*043036a2SApple OSS Distributions T_LOG("Restoring initial system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
322*043036a2SApple OSS Distributions initial_sfi_window, initial_class_offtime);
323*043036a2SApple OSS Distributions
324*043036a2SApple OSS Distributions /*
325*043036a2SApple OSS Distributions * Setting window will fail if there is a larger offtime set, and
326*043036a2SApple OSS Distributions * setting class will fail if the window is smaller.
327*043036a2SApple OSS Distributions * To avoid this, disable the window, configure new values, then finally
328*043036a2SApple OSS Distributions * re-enable the window.
329*043036a2SApple OSS Distributions */
330*043036a2SApple OSS Distributions
331*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
332*043036a2SApple OSS Distributions "system_set_sfi_window(0)");
333*043036a2SApple OSS Distributions
334*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, initial_class_offtime),
335*043036a2SApple OSS Distributions "system_set_sfi_window(%lld)", initial_class_offtime);
336*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(initial_sfi_window),
337*043036a2SApple OSS Distributions "system_set_sfi_window(%lld)", initial_sfi_window);
338*043036a2SApple OSS Distributions }
339*043036a2SApple OSS Distributions
340*043036a2SApple OSS Distributions const int spin_seconds = 1;
341*043036a2SApple OSS Distributions
342*043036a2SApple OSS Distributions
343*043036a2SApple OSS Distributions static void *
spin_thread(void * arg)344*043036a2SApple OSS Distributions spin_thread(void *arg)
345*043036a2SApple OSS Distributions {
346*043036a2SApple OSS Distributions static mach_timebase_info_data_t timebase_info;
347*043036a2SApple OSS Distributions mach_timebase_info(&timebase_info);
348*043036a2SApple OSS Distributions
349*043036a2SApple OSS Distributions uint64_t duration = spin_seconds * NSEC_PER_SEC * timebase_info.denom / timebase_info.numer;
350*043036a2SApple OSS Distributions uint64_t deadline = mach_absolute_time() + duration;
351*043036a2SApple OSS Distributions
352*043036a2SApple OSS Distributions while (mach_absolute_time() < deadline) {
353*043036a2SApple OSS Distributions ;
354*043036a2SApple OSS Distributions }
355*043036a2SApple OSS Distributions
356*043036a2SApple OSS Distributions return NULL;
357*043036a2SApple OSS Distributions }
358*043036a2SApple OSS Distributions
359*043036a2SApple OSS Distributions T_DECL(runaway_mode_child_sfi, "runaway mitigation mode should cause SFI")
360*043036a2SApple OSS Distributions {
361*043036a2SApple OSS Distributions T_LOG("uid: %d", getuid());
362*043036a2SApple OSS Distributions
363*043036a2SApple OSS Distributions check_runaway_mode(false);
364*043036a2SApple OSS Distributions
365*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&initial_sfi_window),
366*043036a2SApple OSS Distributions "system_get_sfi_window(&initial_sfi_window)");
367*043036a2SApple OSS Distributions
368*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime),
369*043036a2SApple OSS Distributions "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &initial_class_offtime)");
370*043036a2SApple OSS Distributions
371*043036a2SApple OSS Distributions T_LOG("Initial System SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld\n", initial_sfi_window, initial_class_offtime);
372*043036a2SApple OSS Distributions
373*043036a2SApple OSS Distributions size_t num_ledger_entries = 0;
374*043036a2SApple OSS Distributions size_t ledger_index = ledger_index_for_string(&num_ledger_entries, "SFI_CLASS_RUNAWAY_MITIGATION");
375*043036a2SApple OSS Distributions uint64_t sfi_time_before = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);
376*043036a2SApple OSS Distributions
377*043036a2SApple OSS Distributions T_LOG("SFI_CLASS_RUNAWAY_MITIGATION ledger index: %zu out of %zu\n", ledger_index, num_ledger_entries);
378*043036a2SApple OSS Distributions
379*043036a2SApple OSS Distributions T_LOG("Initial accumulated SFI time: %lld\n", sfi_time_before);
380*043036a2SApple OSS Distributions
381*043036a2SApple OSS Distributions T_ATEND(restore_sfi_state);
382*043036a2SApple OSS Distributions
383*043036a2SApple OSS Distributions uint64_t custom_sfi_window = 100000; /* microseconds */
384*043036a2SApple OSS Distributions uint64_t custom_class_offtime = 50000;
385*043036a2SApple OSS Distributions
386*043036a2SApple OSS Distributions T_LOG("Setting custom system SFI window %lld, SFI_CLASS_RUNAWAY_MITIGATION class offtime %lld",
387*043036a2SApple OSS Distributions custom_sfi_window, custom_class_offtime);
388*043036a2SApple OSS Distributions
389*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(0),
390*043036a2SApple OSS Distributions "system_set_sfi_window(0)");
391*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, custom_class_offtime),
392*043036a2SApple OSS Distributions "sfi_set_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, %lld)", custom_class_offtime);
393*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(system_set_sfi_window(custom_sfi_window),
394*043036a2SApple OSS Distributions "system_set_sfi_window(%lld)", custom_sfi_window);
395*043036a2SApple OSS Distributions
396*043036a2SApple OSS Distributions pthread_t thread;
397*043036a2SApple OSS Distributions
398*043036a2SApple OSS Distributions T_LOG("Spawning thread to spin for %d seconds\n", spin_seconds);
399*043036a2SApple OSS Distributions
400*043036a2SApple OSS Distributions int rv = pthread_create(&thread, NULL, spin_thread, NULL);
401*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_create");
402*043036a2SApple OSS Distributions
403*043036a2SApple OSS Distributions T_LOG("Enable mitigation mode\n");
404*043036a2SApple OSS Distributions
405*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
406*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
407*043036a2SApple OSS Distributions
408*043036a2SApple OSS Distributions check_runaway_mode(true);
409*043036a2SApple OSS Distributions
410*043036a2SApple OSS Distributions T_LOG("Wait %d seconds for spin to finish\n", spin_seconds);
411*043036a2SApple OSS Distributions
412*043036a2SApple OSS Distributions rv = pthread_join(thread, NULL);
413*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "pthread_join");
414*043036a2SApple OSS Distributions
415*043036a2SApple OSS Distributions T_LOG("Thread joined, disable mitigation mode\n");
416*043036a2SApple OSS Distributions
417*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
418*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
419*043036a2SApple OSS Distributions
420*043036a2SApple OSS Distributions uint64_t sfi_time_after = get_ledger_entry_for_pid(getpid(), ledger_index, num_ledger_entries);
421*043036a2SApple OSS Distributions
422*043036a2SApple OSS Distributions T_LOG("Ending accumulated SFI time: %lld\n", sfi_time_after);
423*043036a2SApple OSS Distributions
424*043036a2SApple OSS Distributions T_ASSERT_LT(sfi_time_before, sfi_time_after, "SFI_CLASS_RUNAWAY_MITIGATION SFI time must have increased");
425*043036a2SApple OSS Distributions
426*043036a2SApple OSS Distributions check_runaway_mode(false);
427*043036a2SApple OSS Distributions
428*043036a2SApple OSS Distributions uint64_t final_sfi_window = 0, final_class_offtime = 0;
429*043036a2SApple OSS Distributions
430*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(system_get_sfi_window(&final_sfi_window),
431*043036a2SApple OSS Distributions "system_get_sfi_window(&final_sfi_window)");
432*043036a2SApple OSS Distributions
433*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime),
434*043036a2SApple OSS Distributions "sfi_get_class_offtime(SFI_CLASS_RUNAWAY_MITIGATION, &final_class_offtime)");
435*043036a2SApple OSS Distributions
436*043036a2SApple OSS Distributions /*
437*043036a2SApple OSS Distributions * If the System SFI configuration was changed out from under us during the test, either us or them will be confused.
438*043036a2SApple OSS Distributions */
439*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(custom_sfi_window, final_sfi_window, "System SFI window should not unexpectedly change during the test");
440*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_EQ(custom_class_offtime, final_class_offtime, "System SFI offtime should not unexpectedly change during the test");
441*043036a2SApple OSS Distributions }
442*043036a2SApple OSS Distributions
443*043036a2SApple OSS Distributions #if defined(__arm64__)
444*043036a2SApple OSS Distributions
445*043036a2SApple OSS Distributions static bool found_flag = false;
446*043036a2SApple OSS Distributions static bool found_self = false;
447*043036a2SApple OSS Distributions
448*043036a2SApple OSS Distributions static const size_t microstackshot_buf_size = 16 * 1024;
449*043036a2SApple OSS Distributions
450*043036a2SApple OSS Distributions static bool
search_for_self_microstackshot(bool log_details)451*043036a2SApple OSS Distributions search_for_self_microstackshot(bool log_details)
452*043036a2SApple OSS Distributions {
453*043036a2SApple OSS Distributions void *buf = calloc(microstackshot_buf_size, 1);
454*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_NOTNULL(buf, "allocate buffer");
455*043036a2SApple OSS Distributions
456*043036a2SApple OSS Distributions int ret = __microstackshot(buf, microstackshot_buf_size, STACKSHOT_GET_MICROSTACKSHOT);
457*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "microstackshot");
458*043036a2SApple OSS Distributions
459*043036a2SApple OSS Distributions if (!log_details) {
460*043036a2SApple OSS Distributions T_QUIET;
461*043036a2SApple OSS Distributions }
462*043036a2SApple OSS Distributions T_EXPECT_EQ(*(uint32_t *)buf,
463*043036a2SApple OSS Distributions (uint32_t)STACKSHOT_MICRO_SNAPSHOT_MAGIC,
464*043036a2SApple OSS Distributions "magic value for microstackshot matches");
465*043036a2SApple OSS Distributions
466*043036a2SApple OSS Distributions uint32_t magic = STACKSHOT_TASK_SNAPSHOT_MAGIC;
467*043036a2SApple OSS Distributions
468*043036a2SApple OSS Distributions void* next_tsnap = memmem(buf, microstackshot_buf_size, &magic, sizeof(magic));
469*043036a2SApple OSS Distributions
470*043036a2SApple OSS Distributions void* buf_end = buf + microstackshot_buf_size;
471*043036a2SApple OSS Distributions
472*043036a2SApple OSS Distributions while (next_tsnap != NULL && next_tsnap + sizeof(struct task_snapshot) < buf_end) {
473*043036a2SApple OSS Distributions struct task_snapshot *tsnap = (struct task_snapshot *)next_tsnap;
474*043036a2SApple OSS Distributions unsigned int offset = next_tsnap - buf;
475*043036a2SApple OSS Distributions
476*043036a2SApple OSS Distributions if (log_details) {
477*043036a2SApple OSS Distributions T_LOG("%6d: found snap pid %d name %s\n", offset, tsnap->pid, (char*)&tsnap->p_comm);
478*043036a2SApple OSS Distributions }
479*043036a2SApple OSS Distributions
480*043036a2SApple OSS Distributions if (tsnap->pid == getpid()) {
481*043036a2SApple OSS Distributions if (log_details) {
482*043036a2SApple OSS Distributions T_LOG("%6d: found self snap: flags 0x%x 0x%llx\n", offset, tsnap->ss_flags, tsnap->disk_reads_count);
483*043036a2SApple OSS Distributions }
484*043036a2SApple OSS Distributions found_self = true;
485*043036a2SApple OSS Distributions
486*043036a2SApple OSS Distributions if (tsnap->disk_reads_count & kTaskRunawayMitigation) {
487*043036a2SApple OSS Distributions T_LOG("%6d: found runaway flag: pid %d, name %s, flags: 0x%x 0x%llx, \n",
488*043036a2SApple OSS Distributions offset, tsnap->pid, (char*)&tsnap->p_comm, tsnap->ss_flags, tsnap->disk_reads_count);
489*043036a2SApple OSS Distributions found_flag = true;
490*043036a2SApple OSS Distributions }
491*043036a2SApple OSS Distributions }
492*043036a2SApple OSS Distributions
493*043036a2SApple OSS Distributions void* search_start = next_tsnap + sizeof(struct task_snapshot);
494*043036a2SApple OSS Distributions size_t remaining_size = buf_end - search_start;
495*043036a2SApple OSS Distributions next_tsnap = memmem(search_start, remaining_size, &magic, sizeof(magic));
496*043036a2SApple OSS Distributions }
497*043036a2SApple OSS Distributions
498*043036a2SApple OSS Distributions free(buf);
499*043036a2SApple OSS Distributions
500*043036a2SApple OSS Distributions return found_flag;
501*043036a2SApple OSS Distributions }
502*043036a2SApple OSS Distributions
503*043036a2SApple OSS Distributions T_DECL(runaway_mode_microstackshot_flag,
504*043036a2SApple OSS Distributions "check that mitigated processes show up in microstackshot",
505*043036a2SApple OSS Distributions T_META_REQUIRES_SYSCTL_EQ("kern.monotonic.supported", 1),
506*043036a2SApple OSS Distributions T_META_TAG_VM_NOT_ELIGIBLE, T_META_TIMEOUT(120))
507*043036a2SApple OSS Distributions {
508*043036a2SApple OSS Distributions unsigned int pmi_counter;
509*043036a2SApple OSS Distributions size_t sysctl_size = sizeof(pmi_counter);
510*043036a2SApple OSS Distributions int ret = sysctlbyname(
511*043036a2SApple OSS Distributions "kern.microstackshot.pmi_sample_counter",
512*043036a2SApple OSS Distributions &pmi_counter, &sysctl_size, NULL, 0);
513*043036a2SApple OSS Distributions if (ret == -1 && errno == ENOENT) {
514*043036a2SApple OSS Distributions T_SKIP("no PMI support");
515*043036a2SApple OSS Distributions } else {
516*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "query PMI counter");
517*043036a2SApple OSS Distributions }
518*043036a2SApple OSS Distributions uint64_t pmi_period;
519*043036a2SApple OSS Distributions sysctl_size = sizeof(pmi_period);
520*043036a2SApple OSS Distributions T_QUIET;
521*043036a2SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(sysctlbyname(
522*043036a2SApple OSS Distributions "kern.microstackshot.pmi_sample_period",
523*043036a2SApple OSS Distributions &pmi_period, &sysctl_size, NULL, 0),
524*043036a2SApple OSS Distributions "query PMI period");
525*043036a2SApple OSS Distributions
526*043036a2SApple OSS Distributions T_LOG("PMI counter: %u", pmi_counter);
527*043036a2SApple OSS Distributions T_LOG("PMI period: %llu", pmi_period);
528*043036a2SApple OSS Distributions
529*043036a2SApple OSS Distributions if (pmi_period == 0) {
530*043036a2SApple OSS Distributions T_SKIP("PMI microstackshots not enabled");
531*043036a2SApple OSS Distributions }
532*043036a2SApple OSS Distributions
533*043036a2SApple OSS Distributions T_LOG("Enable mitigation mode on self\n");
534*043036a2SApple OSS Distributions
535*043036a2SApple OSS Distributions T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
536*043036a2SApple OSS Distributions 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON),
537*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_ON)");
538*043036a2SApple OSS Distributions
539*043036a2SApple OSS Distributions uint32_t iterations = 100;
540*043036a2SApple OSS Distributions
541*043036a2SApple OSS Distributions /* Over-spin to make it likely we get sampled at least once before failing */
542*043036a2SApple OSS Distributions uint32_t multiplier = 10;
543*043036a2SApple OSS Distributions uint64_t target_cycles = multiplier * pmi_period;
544*043036a2SApple OSS Distributions
545*043036a2SApple OSS Distributions T_LOG("Spinning for %d iterations or %lld*%d cycles or until self-sample is found\n",
546*043036a2SApple OSS Distributions iterations, pmi_period, multiplier);
547*043036a2SApple OSS Distributions
548*043036a2SApple OSS Distributions struct rusage_info_v6 ru = {};
549*043036a2SApple OSS Distributions
550*043036a2SApple OSS Distributions for (int i = 0; i < iterations; i++) {
551*043036a2SApple OSS Distributions spin_thread(NULL);
552*043036a2SApple OSS Distributions
553*043036a2SApple OSS Distributions int rv = proc_pid_rusage(getpid(), RUSAGE_INFO_V6, (rusage_info_t *)&ru);
554*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_POSIX_SUCCESS(rv, "proc_pid_rusage");
555*043036a2SApple OSS Distributions
556*043036a2SApple OSS Distributions T_LOG("iteration %3d: %14lld / %14lld cycles executed (%.2f%%)\n", i,
557*043036a2SApple OSS Distributions ru.ri_cycles, target_cycles,
558*043036a2SApple OSS Distributions ((double)ru.ri_cycles) * 100.0 / (double)target_cycles);
559*043036a2SApple OSS Distributions
560*043036a2SApple OSS Distributions T_QUIET; T_ASSERT_NE(ru.ri_cycles, (uint64_t)0,
561*043036a2SApple OSS Distributions "should be able to measure cycles with proc_pid_rusage");
562*043036a2SApple OSS Distributions
563*043036a2SApple OSS Distributions bool found = search_for_self_microstackshot(false);
564*043036a2SApple OSS Distributions if (ru.ri_cycles > target_cycles || found) {
565*043036a2SApple OSS Distributions break;
566*043036a2SApple OSS Distributions }
567*043036a2SApple OSS Distributions }
568*043036a2SApple OSS Distributions
569*043036a2SApple OSS Distributions T_LOG("Complete, executed %lld cycles. Disable mitigation mode.\n", ru.ri_cycles);
570*043036a2SApple OSS Distributions
571*043036a2SApple OSS Distributions T_EXPECT_POSIX_SUCCESS(setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION,
572*043036a2SApple OSS Distributions 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF),
573*043036a2SApple OSS Distributions "setpriority(PRIO_DARWIN_RUNAWAY_MITIGATION, 0, PRIO_DARWIN_RUNAWAY_MITIGATION_OFF)");
574*043036a2SApple OSS Distributions
575*043036a2SApple OSS Distributions search_for_self_microstackshot(true);
576*043036a2SApple OSS Distributions
577*043036a2SApple OSS Distributions T_EXPECT_EQ(found_self, true,
578*043036a2SApple OSS Distributions "Should have found self in microstackshot buffer");
579*043036a2SApple OSS Distributions T_EXPECT_EQ(found_flag, true,
580*043036a2SApple OSS Distributions "Should have found kTaskRunawayMitigation flag in microstackshot buffer");
581*043036a2SApple OSS Distributions }
582*043036a2SApple OSS Distributions #endif // defined(__arm64__)
583