xref: /xnu-8796.141.3/tests/pfz.c (revision 1b191cb58250d0705d8a51287127505aa4bc0789) 
1 /*
2  * Copyright (c) 2020 Apple Inc. All rights reserved.
3  *
4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5  *
6  * This file contains Original Code and/or Modifications of Original Code
7  * as defined in and that are subject to the Apple Public Source License
8  * Version 2.0 (the 'License'). You may not use this file except in
9  * compliance with the License. The rights granted to you under the License
10  * may not be used to create, or enable the creation or redistribution of,
11  * unlawful or unlicensed copies of an Apple operating system, or to
12  * circumvent, violate, or enable the circumvention or violation of, any
13  * terms of an Apple operating system software license agreement.
14  *
15  * Please obtain a copy of the License at
16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
17  *
18  * The Original Code and all software distributed under the License are
19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23  * Please see the License for the specific language governing rights and
24  * limitations under the License.
25  *
26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27  */
28 
29 
30 #include <System/machine/cpu_capabilities.h>
31 
32 #include <darwintest.h>
33 
34 #include <stdio.h>
35 #include <stdint.h>
36 #include <unistd.h>
37 #include <sys/sysctl.h>
38 #include <sys/wait.h>
39 #include <ptrauth.h>
40 #include <dispatch/dispatch.h>
41 #include <libkern/OSAtomic.h>
42 
43 T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));
44 
45 #if TARGET_OS_OSX && defined(_COMM_PAGE_TEXT_ATOMIC_ENQUEUE)
46 
47 /* Keys and discriminators */
48 #define COMMPAGE_PFZ_BASE_AUTH_KEY ptrauth_key_process_independent_code
49 #define COMMPAGE_PFZ_FN_AUTH_KEY ptrauth_key_function_pointer
50 #define COMMPAGE_PFZ_BASE_DISCRIMINATOR ptrauth_string_discriminator("pfz")
51 
52 /* Auth and sign macros */
53 #define SIGN_COMMPAGE_PFZ_BASE_PTR(ptr) \
54 	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
55 #define AUTH_COMMPAGE_PFZ_BASE_PTR(ptr) \
56 	        ptrauth_auth_data(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
57 #define SIGN_COMMPAGE_PFZ_FUNCTION_PTR(ptr) \
58 	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_FN_AUTH_KEY, 0)
59 
60 static void *commpage_pfz_base = NULL;
61 
62 static void *
get_pfz_base(void)63 get_pfz_base(void)
64 {
65 	void *pfz_base = NULL;
66 	size_t s = sizeof(void *);
67 
68 	int ret = sysctlbyname("kern.pfz", &pfz_base, &s, NULL, 0);
69 	T_ASSERT_POSIX_SUCCESS(ret, "sysctlbyname(kern.pfz)");
70 
71 	commpage_pfz_base = SIGN_COMMPAGE_PFZ_BASE_PTR(pfz_base);
72 	T_LOG("pfz base = 0x%llx\n", commpage_pfz_base);
73 }
74 
75 static void
undefined_function(void)76 undefined_function(void)
77 {
78 	// We can use the same commpage_pfz_base as parent since the PFZ is slide
79 	// once per boot and is same across all processes
80 	void (*undefined)(void);
81 	uintptr_t addr = (uintptr_t) (void *) AUTH_COMMPAGE_PFZ_BASE_PTR(commpage_pfz_base);
82 	addr += _COMM_PAGE_TEXT_ATOMIC_DEQUEUE;
83 	addr += 4; // Jump ahead
84 	undefined = SIGN_COMMPAGE_PFZ_FUNCTION_PTR((void *)addr);
85 
86 	return undefined();
87 }
88 
89 typedef struct {
90 	void *next;
91 	char *str;
92 } QueueNode;
93 
94 T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
95     T_META_CHECK_LEAKS(false), T_META_IGNORECRASHES(".*undefined_function*"),
96     T_META_ENABLED(false) /* rdar://62615792 */)
97 {
98 	static dispatch_once_t pred;
99 	dispatch_once(&pred, ^{
100 		commpage_pfz_base = get_pfz_base();
101 	});
102 
103 	OSFifoQueueHead head = OS_ATOMIC_FIFO_QUEUE_INIT;
104 	char *str1 = "String 1", *str2 = "String 2";
105 	QueueNode node1 = { 0, str1 };
106 	QueueNode node2 = { 0, str2 };
107 
108 	OSAtomicFifoEnqueue(&head, &node1, 0);
109 	OSAtomicFifoEnqueue(&head, &node2, 0);
110 	QueueNode *node_ptr = OSAtomicFifoDequeue(&head, 0);
111 	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");
112 
113 	node_ptr = OSAtomicFifoDequeue(&head, 0);
114 	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");
115 
116 	node_ptr = OSAtomicFifoDequeue(&head, 0);
117 	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");
118 
119 	int child_pid = 0;
120 	if ((child_pid = fork()) == 0) { // Child should call undefined function
121 		return undefined_function();
122 	} else {
123 		int status = 0;
124 		wait(&status);
125 
126 		T_ASSERT_EQ(!WIFEXITED(status), true, "Did not exit cleanly");
127 		T_ASSERT_EQ(WIFSIGNALED(status), true, "Exited due to signal");
128 		T_LOG("Signal number = %d\n", WTERMSIG(status));
129 	}
130 }
131 
132 T_DECL(test_rdar_65270017, "Testing for rdar 65270017",
133     T_META_CHECK_LEAKS(false), T_META_ENABLED(false) /* rdar://65270017 */)
134 {
135 	static dispatch_once_t pred;
136 	dispatch_once(&pred, ^{
137 		commpage_pfz_base = get_pfz_base();
138 	});
139 
140 	struct OSAtomicFifoHeadWrapper {
141 		// Embedded OSFifoQueueHead structure inside the structure
142 		void *first;
143 		void *last;
144 		int opaque;
145 
146 		int data;
147 	} wrapped_head = {
148 		.first = NULL,
149 		.last = NULL,
150 		.opaque = 0,
151 		.data = 0xfeed
152 	};
153 
154 	char *str1 = "String 1", *str2 = "String 2";
155 	QueueNode node1 = { 0, str1 };
156 	QueueNode node2 = { 0, str2 };
157 
158 	OSAtomicFifoEnqueue(&wrapped_head, &node1, 0);
159 	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
160 
161 	OSAtomicFifoEnqueue(&wrapped_head, &node2, 0);
162 	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
163 
164 	QueueNode *node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
165 	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");
166 	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
167 
168 	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
169 	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");
170 	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
171 
172 	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
173 	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");
174 	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
175 }
176 
177 #define WIDE    50ll
178 #define SMALL   2000ll
179 
180 void
preheat(dispatch_queue_t dq)181 preheat(dispatch_queue_t dq)
182 {
183 	dispatch_apply(WIDE, dq, ^(size_t i) {
184 		sleep(1);
185 	});
186 }
187 
188 typedef struct elem {
189 	long    data1;
190 	struct elem *link;
191 	int     data2;
192 } elem_t;
193 
194 static size_t offset = offsetof(elem_t, link);
195 static elem_t elements[WIDE][SMALL];
196 
197 T_DECL(test_65270017_contended, "multithreaded testing for radar 65270017")
198 {
199 	dispatch_queue_t global_q = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0);
200 	dispatch_queue_t queue = dispatch_queue_create("com.apple.libctests.threaded", 0);
201 	uint64_t __block t = 0;
202 
203 	struct OSAtomicFifoHeadWrapper {
204 		// Embedded OSFifoQueueHead structure inside the structure
205 		void *first;
206 		void *last;
207 		int opaque;
208 
209 		int data;
210 	};
211 
212 	struct OSAtomicFifoHeadWrapper wrapped_q_head1 = {
213 		.first = NULL,
214 		.last = NULL,
215 		.opaque = 0,
216 		.data = 0xfeed
217 	};
218 	OSFifoQueueHead *q1 = (OSFifoQueueHead *) &wrapped_q_head1;
219 
220 	struct OSAtomicFifoHeadWrapper wrapped_q_head2 = {
221 		.first = NULL,
222 		.last = NULL,
223 		.opaque = 0,
224 		.data = 0xdead
225 	};
226 	OSFifoQueueHead *q2 = (OSFifoQueueHead *) &wrapped_q_head2;
227 
228 	t = 0;
229 	T_LOG("Preheating thread pool");
230 
231 	preheat(global_q);
232 
233 	T_LOG("Starting contended pfz test");
234 
235 	dispatch_apply(WIDE, global_q, ^(size_t i) {
236 		dispatch_apply(SMALL, global_q, ^(size_t idx) {
237 			OSAtomicFifoEnqueue(q1, &(elements[i][idx]), offset); // contended enqueue on q1
238 		});
239 
240 		uint32_t count = 0;
241 		elem_t *p = NULL;
242 		do {
243 		        p = OSAtomicFifoDequeue(q1, offset);
244 		        T_QUIET; T_ASSERT_EQ(wrapped_q_head1.data, 0xfeed, "q1 data is valid");
245 		        if (p) {
246 		                OSAtomicFifoEnqueue(q2, p, offset);
247 		                T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
248 		                count++;
249 			}
250 		} while (p != NULL);
251 
252 		dispatch_sync(queue, ^{
253 			t += count;
254 		});
255 	});
256 	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoEnqueue");
257 
258 	t = 0;
259 	dispatch_apply(WIDE, global_q, ^(size_t i) {
260 		uint32_t count = 0;
261 		elem_t *p = NULL;
262 		do {
263 		        p = OSAtomicFifoDequeue(q2, offset);
264 		        T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
265 		        if (p) {
266 		                count++;
267 			}
268 		} while (p != NULL);
269 		dispatch_sync(queue, ^{
270 			t += count;
271 		});
272 	});
273 
274 	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoDequeue");
275 
276 	dispatch_release(queue);
277 }
278 
279 #else
280 
281 T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
282     T_META_CHECK_LEAKS(false))
283 {
284 	T_SKIP("No PFZ, _COMM_PAGE_TEXT_ATOMIC_ENQUEUE doesn't exist");
285 }
286 
287 #endif
288