[apple/xnu.git] / tests / pfz.c

/*
 * Copyright (c) 2020 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */


#include <System/machine/cpu_capabilities.h>

#include <darwintest.h>

#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/sysctl.h>
#include <sys/wait.h>
#include <ptrauth.h>
#include <dispatch/dispatch.h>
#include <libkern/OSAtomic.h>

T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));

#if TARGET_OS_OSX && defined(_COMM_PAGE_TEXT_ATOMIC_ENQUEUE)

/* Keys and discriminators */
#define COMMPAGE_PFZ_BASE_AUTH_KEY ptrauth_key_process_independent_code
#define COMMPAGE_PFZ_FN_AUTH_KEY ptrauth_key_function_pointer
#define COMMPAGE_PFZ_BASE_DISCRIMINATOR ptrauth_string_discriminator("pfz")

/* Auth and sign macros */
#define SIGN_COMMPAGE_PFZ_BASE_PTR(ptr) \
	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
#define AUTH_COMMPAGE_PFZ_BASE_PTR(ptr) \
	        ptrauth_auth_data(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
#define SIGN_COMMPAGE_PFZ_FUNCTION_PTR(ptr) \
	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_FN_AUTH_KEY, 0)

static void *commpage_pfz_base = NULL;

static void *
get_pfz_base(void)
{
	void *pfz_base = NULL;
	size_t s = sizeof(void *);

	int ret = sysctlbyname("kern.pfz", &pfz_base, &s, NULL, 0);
	T_ASSERT_POSIX_SUCCESS(ret, "sysctlbyname(kern.pfz)");

	commpage_pfz_base = SIGN_COMMPAGE_PFZ_BASE_PTR(pfz_base);
	T_LOG("pfz base = 0x%llx\n", commpage_pfz_base);
}

static void
undefined_function(void)
{
	// We can use the same commpage_pfz_base as parent since the PFZ is slide
	// once per boot and is same across all processes
	void (*undefined)(void);
	uintptr_t addr = (uintptr_t) (void *) AUTH_COMMPAGE_PFZ_BASE_PTR(commpage_pfz_base);
	addr += _COMM_PAGE_TEXT_ATOMIC_DEQUEUE;
	addr += 4; // Jump ahead
	undefined = SIGN_COMMPAGE_PFZ_FUNCTION_PTR((void *)addr);

	return undefined();
}

typedef struct {
	void *next;
	char *str;
} QueueNode;

T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
    T_META_CHECK_LEAKS(false), T_META_IGNORECRASHES(".*undefined_function*"),
    T_META_ENABLED(false) /* rdar://62615792 */)
{
	static dispatch_once_t pred;
	dispatch_once(&pred, ^{
		commpage_pfz_base = get_pfz_base();
	});

	OSFifoQueueHead head = OS_ATOMIC_FIFO_QUEUE_INIT;
	char *str1 = "String 1", *str2 = "String 2";
	QueueNode node1 = { 0, str1 };
	QueueNode node2 = { 0, str2 };

	OSAtomicFifoEnqueue(&head, &node1, 0);
	OSAtomicFifoEnqueue(&head, &node2, 0);
	QueueNode *node_ptr = OSAtomicFifoDequeue(&head, 0);
	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");

	node_ptr = OSAtomicFifoDequeue(&head, 0);
	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");

	node_ptr = OSAtomicFifoDequeue(&head, 0);
	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");

	int child_pid = 0;
	if ((child_pid = fork()) == 0) { // Child should call undefined function
		return undefined_function();
	} else {
		int status = 0;
		wait(&status);

		T_ASSERT_EQ(!WIFEXITED(status), true, "Did not exit cleanly");
		T_ASSERT_EQ(WIFSIGNALED(status), true, "Exited due to signal");
		T_LOG("Signal number = %d\n", WTERMSIG(status));
	}
}

T_DECL(test_rdar_65270017, "Testing for rdar 65270017",
    T_META_CHECK_LEAKS(false), T_META_ENABLED(false) /* rdar://65270017 */)
{
	static dispatch_once_t pred;
	dispatch_once(&pred, ^{
		commpage_pfz_base = get_pfz_base();
	});

	struct OSAtomicFifoHeadWrapper {
		// Embedded OSFifoQueueHead structure inside the structure
		void *first;
		void *last;
		int opaque;

		int data;
	} wrapped_head = {
		.first = NULL,
		.last = NULL,
		.opaque = 0,
		.data = 0xfeed
	};

	char *str1 = "String 1", *str2 = "String 2";
	QueueNode node1 = { 0, str1 };
	QueueNode node2 = { 0, str2 };

	OSAtomicFifoEnqueue(&wrapped_head, &node1, 0);
	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");

	OSAtomicFifoEnqueue(&wrapped_head, &node2, 0);
	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");

	QueueNode *node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");
	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");

	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");
	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");

	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");
	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
}

#define WIDE    50ll
#define SMALL   2000ll

void
preheat(dispatch_queue_t dq)
{
	dispatch_apply(WIDE, dq, ^(size_t i) {
		sleep(1);
	});
}

typedef struct elem {
	long    data1;
	struct elem *link;
	int     data2;
} elem_t;

static size_t offset = offsetof(elem_t, link);
static elem_t elements[WIDE][SMALL];

T_DECL(test_65270017_contended, "multithreaded testing for radar 65270017")
{
	dispatch_queue_t global_q = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0);
	dispatch_queue_t queue = dispatch_queue_create("com.apple.libctests.threaded", 0);
	uint64_t __block t = 0;

	struct OSAtomicFifoHeadWrapper {
		// Embedded OSFifoQueueHead structure inside the structure
		void *first;
		void *last;
		int opaque;

		int data;
	};

	struct OSAtomicFifoHeadWrapper wrapped_q_head1 = {
		.first = NULL,
		.last = NULL,
		.opaque = 0,
		.data = 0xfeed
	};
	OSFifoQueueHead *q1 = (OSFifoQueueHead *) &wrapped_q_head1;

	struct OSAtomicFifoHeadWrapper wrapped_q_head2 = {
		.first = NULL,
		.last = NULL,
		.opaque = 0,
		.data = 0xdead
	};
	OSFifoQueueHead *q2 = (OSFifoQueueHead *) &wrapped_q_head2;

	t = 0;
	T_LOG("Preheating thread pool");

	preheat(global_q);

	T_LOG("Starting contended pfz test");

	dispatch_apply(WIDE, global_q, ^(size_t i) {
		dispatch_apply(SMALL, global_q, ^(size_t idx) {
			OSAtomicFifoEnqueue(q1, &(elements[i][idx]), offset); // contended enqueue on q1
		});

		uint32_t count = 0;
		elem_t *p = NULL;
		do {
		        p = OSAtomicFifoDequeue(q1, offset);
		        T_QUIET; T_ASSERT_EQ(wrapped_q_head1.data, 0xfeed, "q1 data is valid");
		        if (p) {
		                OSAtomicFifoEnqueue(q2, p, offset);
		                T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
		                count++;
			}
		} while (p != NULL);

		dispatch_sync(queue, ^{
			t += count;
		});
	});
	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoEnqueue");

	t = 0;
	dispatch_apply(WIDE, global_q, ^(size_t i) {
		uint32_t count = 0;
		elem_t *p = NULL;
		do {
		        p = OSAtomicFifoDequeue(q2, offset);
		        T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
		        if (p) {
		                count++;
			}
		} while (p != NULL);
		dispatch_sync(queue, ^{
			t += count;
		});
	});

	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoDequeue");

	dispatch_release(queue);
}

#else

T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
    T_META_CHECK_LEAKS(false))
{
	T_SKIP("No PFZ, _COMM_PAGE_TEXT_ATOMIC_ENQUEUE doesn't exist");
}

#endif
Commit	Line	Data
f427ee49 A	1	/*
	2	* Copyright (c) 2020 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29
	30	#include <System/machine/cpu_capabilities.h>
	31
	32	#include <darwintest.h>
	33
	34	#include <stdio.h>
	35	#include <stdint.h>
	36	#include <unistd.h>
	37	#include <sys/sysctl.h>
	38	#include <sys/wait.h>
	39	#include <ptrauth.h>
	40	#include <dispatch/dispatch.h>
	41	#include <libkern/OSAtomic.h>
	42
	43	T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));
	44
	45	#if TARGET_OS_OSX && defined(_COMM_PAGE_TEXT_ATOMIC_ENQUEUE)
	46
	47	/* Keys and discriminators */
	48	#define COMMPAGE_PFZ_BASE_AUTH_KEY ptrauth_key_process_independent_code
	49	#define COMMPAGE_PFZ_FN_AUTH_KEY ptrauth_key_function_pointer
	50	#define COMMPAGE_PFZ_BASE_DISCRIMINATOR ptrauth_string_discriminator("pfz")
	51
	52	/* Auth and sign macros */
	53	#define SIGN_COMMPAGE_PFZ_BASE_PTR(ptr) \
	54	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
	55	#define AUTH_COMMPAGE_PFZ_BASE_PTR(ptr) \
	56	ptrauth_auth_data(ptr, COMMPAGE_PFZ_BASE_AUTH_KEY, COMMPAGE_PFZ_BASE_DISCRIMINATOR)
	57	#define SIGN_COMMPAGE_PFZ_FUNCTION_PTR(ptr) \
	58	ptrauth_sign_unauthenticated(ptr, COMMPAGE_PFZ_FN_AUTH_KEY, 0)
	59
	60	static void *commpage_pfz_base = NULL;
	61
	62	static void *
	63	get_pfz_base(void)
	64	{
65	void *pfz_base = NULL;
66	size_t s = sizeof(void *);
67
68	int ret = sysctlbyname("kern.pfz", &pfz_base, &s, NULL, 0);
69	T_ASSERT_POSIX_SUCCESS(ret, "sysctlbyname(kern.pfz)");
70
71	commpage_pfz_base = SIGN_COMMPAGE_PFZ_BASE_PTR(pfz_base);
72	T_LOG("pfz base = 0x%llx\n", commpage_pfz_base);
73	}
74
75	static void
76	undefined_function(void)
77	{
78	// We can use the same commpage_pfz_base as parent since the PFZ is slide
79	// once per boot and is same across all processes
80	void (*undefined)(void);
81	uintptr_t addr = (uintptr_t) (void *) AUTH_COMMPAGE_PFZ_BASE_PTR(commpage_pfz_base);
82	addr += _COMM_PAGE_TEXT_ATOMIC_DEQUEUE;
83	addr += 4; // Jump ahead
84	undefined = SIGN_COMMPAGE_PFZ_FUNCTION_PTR((void *)addr);
85
86	return undefined();
87	}
88
89	typedef struct {
90	void *next;
91	char *str;
92	} QueueNode;
93
94	T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
95	T_META_CHECK_LEAKS(false), T_META_IGNORECRASHES(".undefined_function"),
96	T_META_ENABLED(false) /* rdar://62615792 */)
97	{
98	static dispatch_once_t pred;
99	dispatch_once(&pred, ^{
100	commpage_pfz_base = get_pfz_base();
101	});
102
103	OSFifoQueueHead head = OS_ATOMIC_FIFO_QUEUE_INIT;
104	char str1 = "String 1", str2 = "String 2";
105	QueueNode node1 = { 0, str1 };
106	QueueNode node2 = { 0, str2 };
107
108	OSAtomicFifoEnqueue(&head, &node1, 0);
109	OSAtomicFifoEnqueue(&head, &node2, 0);
110	QueueNode *node_ptr = OSAtomicFifoDequeue(&head, 0);
111	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");
112
113	node_ptr = OSAtomicFifoDequeue(&head, 0);
114	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");
115
116	node_ptr = OSAtomicFifoDequeue(&head, 0);
117	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");
118
119	int child_pid = 0;
120	if ((child_pid = fork()) == 0) { // Child should call undefined function
121	return undefined_function();
122	} else {
123	int status = 0;
124	wait(&status);
125
126	T_ASSERT_EQ(!WIFEXITED(status), true, "Did not exit cleanly");
127	T_ASSERT_EQ(WIFSIGNALED(status), true, "Exited due to signal");
128	T_LOG("Signal number = %d\n", WTERMSIG(status));
129	}
130	}
131
132	T_DECL(test_rdar_65270017, "Testing for rdar 65270017",
133	T_META_CHECK_LEAKS(false), T_META_ENABLED(false) /* rdar://65270017 */)
134	{
135	static dispatch_once_t pred;
136	dispatch_once(&pred, ^{
137	commpage_pfz_base = get_pfz_base();
138	});
139
140	struct OSAtomicFifoHeadWrapper {
141	// Embedded OSFifoQueueHead structure inside the structure
142	void *first;
143	void *last;
144	int opaque;
145
146	int data;
147	} wrapped_head = {
148	.first = NULL,
149	.last = NULL,
150	.opaque = 0,
151	.data = 0xfeed
152	};
153
154	char str1 = "String 1", str2 = "String 2";
155	QueueNode node1 = { 0, str1 };
156	QueueNode node2 = { 0, str2 };
157
158	OSAtomicFifoEnqueue(&wrapped_head, &node1, 0);
159	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
160
161	OSAtomicFifoEnqueue(&wrapped_head, &node2, 0);
162	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
163
164	QueueNode *node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
165	T_ASSERT_EQ(strcmp(node_ptr->str, str1), 0, "Dequeued first node correctly");
166	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
167
168	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
169	T_ASSERT_EQ(strcmp(node_ptr->str, str2), 0, "Dequeued second node correctly");
170	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
171
172	node_ptr = OSAtomicFifoDequeue(&wrapped_head, 0);
173	T_ASSERT_EQ(node_ptr, NULL, "Dequeuing from empty list correctly");
174	T_ASSERT_EQ(wrapped_head.data, 0xfeed, "data is valid");
175	}
176
177	#define WIDE 50ll
178	#define SMALL 2000ll
179
180	void
181	preheat(dispatch_queue_t dq)
182	{
183	dispatch_apply(WIDE, dq, ^(size_t i) {
184	sleep(1);
185	});
186	}
187
188	typedef struct elem {
189	long data1;
190	struct elem *link;
191	int data2;
192	} elem_t;
193
194	static size_t offset = offsetof(elem_t, link);
195	static elem_t elements[WIDE][SMALL];
196
197	T_DECL(test_65270017_contended, "multithreaded testing for radar 65270017")
198	{
199	dispatch_queue_t global_q = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0);
200	dispatch_queue_t queue = dispatch_queue_create("com.apple.libctests.threaded", 0);
201	uint64_t __block t = 0;
202
203	struct OSAtomicFifoHeadWrapper {
204	// Embedded OSFifoQueueHead structure inside the structure
205	void *first;
206	void *last;
207	int opaque;
208
209	int data;
210	};
211
212	struct OSAtomicFifoHeadWrapper wrapped_q_head1 = {
213	.first = NULL,
214	.last = NULL,
215	.opaque = 0,
216	.data = 0xfeed
217	};
218	OSFifoQueueHead q1 = (OSFifoQueueHead ) &wrapped_q_head1;
219
220	struct OSAtomicFifoHeadWrapper wrapped_q_head2 = {
221	.first = NULL,
222	.last = NULL,
223	.opaque = 0,
224	.data = 0xdead
225	};
226	OSFifoQueueHead q2 = (OSFifoQueueHead ) &wrapped_q_head2;
227
228	t = 0;
229	T_LOG("Preheating thread pool");
230
231	preheat(global_q);
232
233	T_LOG("Starting contended pfz test");
234
235	dispatch_apply(WIDE, global_q, ^(size_t i) {
236	dispatch_apply(SMALL, global_q, ^(size_t idx) {
237	OSAtomicFifoEnqueue(q1, &(elements[i][idx]), offset); // contended enqueue on q1
238	});
239
240	uint32_t count = 0;
241	elem_t *p = NULL;
242	do {
243	p = OSAtomicFifoDequeue(q1, offset);
244	T_QUIET; T_ASSERT_EQ(wrapped_q_head1.data, 0xfeed, "q1 data is valid");
245	if (p) {
246	OSAtomicFifoEnqueue(q2, p, offset);
247	T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
248	count++;
249	}
250	} while (p != NULL);
251
252	dispatch_sync(queue, ^{
253	t += count;
254	});
255	});
256	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoEnqueue");
257
258	t = 0;
259	dispatch_apply(WIDE, global_q, ^(size_t i) {
260	uint32_t count = 0;
261	elem_t *p = NULL;
262	do {
263	p = OSAtomicFifoDequeue(q2, offset);
264	T_QUIET; T_ASSERT_EQ(wrapped_q_head2.data, 0xdead, "q2 data is valid");
265	if (p) {
266	count++;
267	}
268	} while (p != NULL);
269	dispatch_sync(queue, ^{
270	t += count;
271	});
272	});
273
274	T_ASSERT_EQ(t, ((uint64_t)WIDE * (uint64_t)SMALL), "OSAtomicFifoDequeue");
275
276	dispatch_release(queue);
277	}
278
279	#else
280
281	T_DECL(test_arm_pfz, "Validate that ARM PFZ is mapped in",
282	T_META_CHECK_LEAKS(false))
283	{
284	T_SKIP("No PFZ, _COMM_PAGE_TEXT_ATOMIC_ENQUEUE doesn't exist");
285	}
286
287	#endif