1*aca3beaaSApple OSS Distributions #ifdef T_NAMESPACE
2*aca3beaaSApple OSS Distributions #undef T_NAMESPACE
3*aca3beaaSApple OSS Distributions #endif
4*aca3beaaSApple OSS Distributions
5*aca3beaaSApple OSS Distributions #include <mach/arm/thread_status.h>
6*aca3beaaSApple OSS Distributions #include <mach/mach_traps.h>
7*aca3beaaSApple OSS Distributions #include <mach-o/dyld.h>
8*aca3beaaSApple OSS Distributions #include <mach/mach.h>
9*aca3beaaSApple OSS Distributions #include <mach/task.h>
10*aca3beaaSApple OSS Distributions
11*aca3beaaSApple OSS Distributions #include <darwintest.h>
12*aca3beaaSApple OSS Distributions #include <dispatch/dispatch.h>
13*aca3beaaSApple OSS Distributions #include <stdlib.h>
14*aca3beaaSApple OSS Distributions
15*aca3beaaSApple OSS Distributions #include <signal.h>
16*aca3beaaSApple OSS Distributions #include <spawn.h>
17*aca3beaaSApple OSS Distributions #include <spawn_private.h>
18*aca3beaaSApple OSS Distributions #include <stdatomic.h>
19*aca3beaaSApple OSS Distributions
20*aca3beaaSApple OSS Distributions #include <excserver.h>
21*aca3beaaSApple OSS Distributions #include <sys/syslimits.h>
22*aca3beaaSApple OSS Distributions
23*aca3beaaSApple OSS Distributions #define SYNC_TIMEOUT dispatch_time(DISPATCH_TIME_NOW, 10 * NSEC_PER_SEC)
24*aca3beaaSApple OSS Distributions
25*aca3beaaSApple OSS Distributions static dispatch_semaphore_t sync_sema;
26*aca3beaaSApple OSS Distributions static _Atomic bool after_kill;
27*aca3beaaSApple OSS Distributions
28*aca3beaaSApple OSS Distributions kern_return_t
catch_mach_exception_raise(mach_port_t exception_port,mach_port_t thread,mach_port_t task,exception_type_t exception,mach_exception_data_t code,mach_msg_type_number_t code_count)29*aca3beaaSApple OSS Distributions catch_mach_exception_raise(mach_port_t exception_port,
30*aca3beaaSApple OSS Distributions mach_port_t thread,
31*aca3beaaSApple OSS Distributions mach_port_t task,
32*aca3beaaSApple OSS Distributions exception_type_t exception,
33*aca3beaaSApple OSS Distributions mach_exception_data_t code,
34*aca3beaaSApple OSS Distributions mach_msg_type_number_t code_count)
35*aca3beaaSApple OSS Distributions {
36*aca3beaaSApple OSS Distributions #pragma unused(exception_port, thread, task, code, code_count)
37*aca3beaaSApple OSS Distributions if (exception == EXC_BREAKPOINT || (exception == EXC_CRASH && atomic_load_explicit(&after_kill,
38*aca3beaaSApple OSS Distributions memory_order_seq_cst))) {
39*aca3beaaSApple OSS Distributions T_LOG("Received exception %d", exception);
40*aca3beaaSApple OSS Distributions dispatch_semaphore_signal(sync_sema);
41*aca3beaaSApple OSS Distributions return KERN_SUCCESS;
42*aca3beaaSApple OSS Distributions }
43*aca3beaaSApple OSS Distributions
44*aca3beaaSApple OSS Distributions T_FAIL("invalid exception type: %d", exception);
45*aca3beaaSApple OSS Distributions
46*aca3beaaSApple OSS Distributions return KERN_FAILURE;
47*aca3beaaSApple OSS Distributions }
48*aca3beaaSApple OSS Distributions
49*aca3beaaSApple OSS Distributions kern_return_t
catch_mach_exception_raise_state(mach_port_t exception_port,exception_type_t exception,const mach_exception_data_t code,mach_msg_type_number_t code_count,int * flavor,const thread_state_t old_state,mach_msg_type_number_t old_state_count,thread_state_t new_state,mach_msg_type_number_t * new_state_count)50*aca3beaaSApple OSS Distributions catch_mach_exception_raise_state(mach_port_t exception_port,
51*aca3beaaSApple OSS Distributions exception_type_t exception,
52*aca3beaaSApple OSS Distributions const mach_exception_data_t code,
53*aca3beaaSApple OSS Distributions mach_msg_type_number_t code_count,
54*aca3beaaSApple OSS Distributions int * flavor,
55*aca3beaaSApple OSS Distributions const thread_state_t old_state,
56*aca3beaaSApple OSS Distributions mach_msg_type_number_t old_state_count,
57*aca3beaaSApple OSS Distributions thread_state_t new_state,
58*aca3beaaSApple OSS Distributions mach_msg_type_number_t * new_state_count)
59*aca3beaaSApple OSS Distributions {
60*aca3beaaSApple OSS Distributions #pragma unused(exception_port, exception, code, code_count, flavor, old_state, old_state_count, new_state, new_state_count)
61*aca3beaaSApple OSS Distributions T_FAIL("Unsupported catch_mach_exception_raise_state");
62*aca3beaaSApple OSS Distributions return KERN_NOT_SUPPORTED;
63*aca3beaaSApple OSS Distributions }
64*aca3beaaSApple OSS Distributions
65*aca3beaaSApple OSS Distributions kern_return_t
catch_mach_exception_raise_state_identity(mach_port_t exception_port,mach_port_t thread,mach_port_t task,exception_type_t exception,mach_exception_data_t code,mach_msg_type_number_t code_count,int * flavor,thread_state_t old_state,mach_msg_type_number_t old_state_count,thread_state_t new_state,mach_msg_type_number_t * new_state_count)66*aca3beaaSApple OSS Distributions catch_mach_exception_raise_state_identity(mach_port_t exception_port,
67*aca3beaaSApple OSS Distributions mach_port_t thread,
68*aca3beaaSApple OSS Distributions mach_port_t task,
69*aca3beaaSApple OSS Distributions exception_type_t exception,
70*aca3beaaSApple OSS Distributions mach_exception_data_t code,
71*aca3beaaSApple OSS Distributions mach_msg_type_number_t code_count,
72*aca3beaaSApple OSS Distributions int * flavor,
73*aca3beaaSApple OSS Distributions thread_state_t old_state,
74*aca3beaaSApple OSS Distributions mach_msg_type_number_t old_state_count,
75*aca3beaaSApple OSS Distributions thread_state_t new_state,
76*aca3beaaSApple OSS Distributions mach_msg_type_number_t * new_state_count)
77*aca3beaaSApple OSS Distributions {
78*aca3beaaSApple OSS Distributions #pragma unused(exception_port, thread, task, exception, code, code_count, flavor, old_state, old_state_count, new_state, new_state_count)
79*aca3beaaSApple OSS Distributions T_FAIL("Unsupported catch_mach_exception_raise_state_identity");
80*aca3beaaSApple OSS Distributions return KERN_NOT_SUPPORTED;
81*aca3beaaSApple OSS Distributions }
82*aca3beaaSApple OSS Distributions
83*aca3beaaSApple OSS Distributions static void *
exc_handler(void * arg)84*aca3beaaSApple OSS Distributions exc_handler(void * arg)
85*aca3beaaSApple OSS Distributions {
86*aca3beaaSApple OSS Distributions #pragma unused(arg)
87*aca3beaaSApple OSS Distributions kern_return_t kret;
88*aca3beaaSApple OSS Distributions mach_port_t exception_port;
89*aca3beaaSApple OSS Distributions
90*aca3beaaSApple OSS Distributions kret = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &exception_port);
91*aca3beaaSApple OSS Distributions if (kret != KERN_SUCCESS) {
92*aca3beaaSApple OSS Distributions T_FAIL("mach_port_allocate: %s (%d)", mach_error_string(kret), kret);
93*aca3beaaSApple OSS Distributions }
94*aca3beaaSApple OSS Distributions
95*aca3beaaSApple OSS Distributions kret = mach_port_insert_right(mach_task_self(), exception_port, exception_port, MACH_MSG_TYPE_MAKE_SEND);
96*aca3beaaSApple OSS Distributions if (kret != KERN_SUCCESS) {
97*aca3beaaSApple OSS Distributions T_FAIL("mach_port_insert_right: %s (%d)", mach_error_string(kret), kret);
98*aca3beaaSApple OSS Distributions }
99*aca3beaaSApple OSS Distributions
100*aca3beaaSApple OSS Distributions kret = task_set_exception_ports(mach_task_self(), EXC_MASK_CRASH | EXC_MASK_BREAKPOINT, exception_port,
101*aca3beaaSApple OSS Distributions (exception_behavior_t)(EXCEPTION_DEFAULT | MACH_EXCEPTION_CODES), 0);
102*aca3beaaSApple OSS Distributions if (kret != KERN_SUCCESS) {
103*aca3beaaSApple OSS Distributions T_FAIL("task_set_exception_ports: %s (%d)", mach_error_string(kret), kret);
104*aca3beaaSApple OSS Distributions }
105*aca3beaaSApple OSS Distributions
106*aca3beaaSApple OSS Distributions dispatch_semaphore_signal(sync_sema);
107*aca3beaaSApple OSS Distributions
108*aca3beaaSApple OSS Distributions kret = mach_msg_server(mach_exc_server, MACH_MSG_SIZE_RELIABLE, exception_port, 0);
109*aca3beaaSApple OSS Distributions if (kret != KERN_SUCCESS) {
110*aca3beaaSApple OSS Distributions T_FAIL("mach_msg_server: %s (%d)", mach_error_string(kret), kret);
111*aca3beaaSApple OSS Distributions }
112*aca3beaaSApple OSS Distributions
113*aca3beaaSApple OSS Distributions return NULL;
114*aca3beaaSApple OSS Distributions }
115*aca3beaaSApple OSS Distributions
116*aca3beaaSApple OSS Distributions T_HELPER_DECL(hw_breakpoint_helper, "hw_breakpoint_helper")
117*aca3beaaSApple OSS Distributions {
118*aca3beaaSApple OSS Distributions while (1) {
119*aca3beaaSApple OSS Distributions sleep(1);
120*aca3beaaSApple OSS Distributions }
121*aca3beaaSApple OSS Distributions }
122*aca3beaaSApple OSS Distributions
123*aca3beaaSApple OSS Distributions // Single instruction step
124*aca3beaaSApple OSS Distributions // (SS bit in the MDSCR_EL1 register)
125*aca3beaaSApple OSS Distributions #define SS_ENABLE ((uint32_t)(1u))
126*aca3beaaSApple OSS Distributions
127*aca3beaaSApple OSS Distributions static void
step_thread(mach_port_name_t task,thread_t thread)128*aca3beaaSApple OSS Distributions step_thread(mach_port_name_t task, thread_t thread)
129*aca3beaaSApple OSS Distributions {
130*aca3beaaSApple OSS Distributions kern_return_t kr;
131*aca3beaaSApple OSS Distributions
132*aca3beaaSApple OSS Distributions arm_debug_state64_t dbg;
133*aca3beaaSApple OSS Distributions mach_msg_type_number_t count = ARM_DEBUG_STATE64_COUNT;
134*aca3beaaSApple OSS Distributions
135*aca3beaaSApple OSS Distributions kr = thread_get_state(thread, ARM_DEBUG_STATE64,
136*aca3beaaSApple OSS Distributions (thread_state_t)&dbg, &count);
137*aca3beaaSApple OSS Distributions T_ASSERT_MACH_SUCCESS(kr, "get debug state for target thread");
138*aca3beaaSApple OSS Distributions
139*aca3beaaSApple OSS Distributions dbg.__mdscr_el1 |= SS_ENABLE;
140*aca3beaaSApple OSS Distributions
141*aca3beaaSApple OSS Distributions kr = thread_set_state(thread, ARM_DEBUG_STATE64,
142*aca3beaaSApple OSS Distributions (thread_state_t)&dbg, count);
143*aca3beaaSApple OSS Distributions T_ASSERT_MACH_SUCCESS(kr, "set debug state for target thread");
144*aca3beaaSApple OSS Distributions
145*aca3beaaSApple OSS Distributions kr = task_resume(task);
146*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "resume target task");
147*aca3beaaSApple OSS Distributions
148*aca3beaaSApple OSS Distributions long err = dispatch_semaphore_wait(sync_sema, SYNC_TIMEOUT);
149*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_EQ(err, 0L, "dispatch_semaphore_wait timeout");
150*aca3beaaSApple OSS Distributions }
151*aca3beaaSApple OSS Distributions
152*aca3beaaSApple OSS Distributions T_DECL(hw_breakpoint_step, "Ensures that a process can be single-stepped using thread_set_state / ARM_DEBUG_STATE64", T_META_ASROOT(true),
153*aca3beaaSApple OSS Distributions T_META_OWNER("Samuel Lepetit <[email protected]>"))
154*aca3beaaSApple OSS Distributions {
155*aca3beaaSApple OSS Distributions kern_return_t kr;
156*aca3beaaSApple OSS Distributions pthread_t handle_thread;
157*aca3beaaSApple OSS Distributions sync_sema = dispatch_semaphore_create(0);
158*aca3beaaSApple OSS Distributions
159*aca3beaaSApple OSS Distributions T_ASSERT_POSIX_ZERO(pthread_create(&handle_thread, NULL, exc_handler, NULL), "pthread_create");
160*aca3beaaSApple OSS Distributions long err = dispatch_semaphore_wait(sync_sema, SYNC_TIMEOUT);
161*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_EQ(err, 0L, "dispatch_semaphore_wait timeout");
162*aca3beaaSApple OSS Distributions
163*aca3beaaSApple OSS Distributions pid_t pid;
164*aca3beaaSApple OSS Distributions char path[PATH_MAX];
165*aca3beaaSApple OSS Distributions uint32_t path_size = sizeof(path);
166*aca3beaaSApple OSS Distributions
167*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_POSIX_ZERO(_NSGetExecutablePath(path, &path_size), "_NSGetExecutablePath");
168*aca3beaaSApple OSS Distributions
169*aca3beaaSApple OSS Distributions char *args[] = { path, "-n", "hw_breakpoint_helper", NULL };
170*aca3beaaSApple OSS Distributions T_EXPECT_POSIX_ZERO(posix_spawn(&pid, args[0], NULL, NULL, args, NULL), "posix_spawn helper");
171*aca3beaaSApple OSS Distributions
172*aca3beaaSApple OSS Distributions mach_port_name_t task;
173*aca3beaaSApple OSS Distributions kr = task_for_pid(mach_task_self(), pid, &task);
174*aca3beaaSApple OSS Distributions T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_for_pid");
175*aca3beaaSApple OSS Distributions
176*aca3beaaSApple OSS Distributions kr = task_suspend(task);
177*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_suspend");
178*aca3beaaSApple OSS Distributions
179*aca3beaaSApple OSS Distributions thread_array_t threads = NULL;
180*aca3beaaSApple OSS Distributions mach_msg_type_number_t thread_count;
181*aca3beaaSApple OSS Distributions kr = task_threads(task, &threads, &thread_count);
182*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "task_threads");
183*aca3beaaSApple OSS Distributions
184*aca3beaaSApple OSS Distributions step_thread(task, threads[0]);
185*aca3beaaSApple OSS Distributions
186*aca3beaaSApple OSS Distributions kr = task_suspend(task);
187*aca3beaaSApple OSS Distributions T_QUIET; T_ASSERT_TRUE(kr == KERN_SUCCESS, "task_suspend");
188*aca3beaaSApple OSS Distributions
189*aca3beaaSApple OSS Distributions step_thread(task, threads[0]);
190*aca3beaaSApple OSS Distributions
191*aca3beaaSApple OSS Distributions atomic_store_explicit(&after_kill, 1, memory_order_seq_cst);
192*aca3beaaSApple OSS Distributions T_ASSERT_POSIX_ZERO(kill(pid, SIGKILL), "kill target process");
193*aca3beaaSApple OSS Distributions }
194