[apple/xnu.git] / tests / ptrauth_failure.c

/*
 * Copyright (c) 2019 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */
#include <darwintest.h>
#include <pthread.h>
#include <ptrauth.h>
#include <mach/machine/thread_state.h>
#include <sys/types.h>
#include <sys/sysctl.h>
#include "exc_helpers.h"

T_GLOBAL_META(
	T_META_NAMESPACE("xnu.arm"),
	T_META_RUN_CONCURRENTLY(true)
	);


T_DECL(thread_set_state_corrupted_pc,
    "Test that ptrauth failures in thread_set_state() poison the respective register.")
{
#if !__arm64e__
	T_SKIP("Running on non-arm64e target, skipping...");
#else
	mach_port_t thread;
	kern_return_t err = thread_create(mach_task_self(), &thread);
	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Created thread");

	arm_thread_state64_t state;
	mach_msg_type_number_t count = ARM_THREAD_STATE64_COUNT;
	err = thread_get_state(mach_thread_self(), ARM_THREAD_STATE64, (thread_state_t)&state, &count);
	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Got own thread state");

	void *corrupted_pc = (void *)((uintptr_t)state.__opaque_pc ^ 0x4);
	state.__opaque_pc = corrupted_pc;
	err = thread_set_state(thread, ARM_THREAD_STATE64, (thread_state_t)&state, count);
	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Set child thread's PC to a corrupted pointer");

	err = thread_get_state(thread, ARM_THREAD_STATE64, (thread_state_t)&state, &count);
	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Got child's thread state");
	T_EXPECT_NE(state.__opaque_pc, corrupted_pc, "thread_set_state() with a corrupted PC should poison the PC value");

	err = thread_terminate(thread);
	T_QUIET; T_EXPECT_EQ(err, KERN_SUCCESS, "Terminated thread");
#endif // __arm64e__
}
Commit	Line	Data
fe8ab488	1	/*
f427ee49	2	* Copyright (c) 2019 Apple Computer, Inc. All rights reserved.
5ba3f43e A	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
fe8ab488	27	*/
f427ee49 A	28	#include <darwintest.h>
	29	#include <pthread.h>
	30	#include <ptrauth.h>
	31	#include <mach/machine/thread_state.h>
	32	#include <sys/types.h>
	33	#include <sys/sysctl.h>
	34	#include "exc_helpers.h"
fe8ab488	35
f427ee49 A	36	T_GLOBAL_META(
	37	T_META_NAMESPACE("xnu.arm"),
	38	T_META_RUN_CONCURRENTLY(true)
	39	);
fe8ab488	40
f427ee49 A	41
	42	T_DECL(thread_set_state_corrupted_pc,
	43	"Test that ptrauth failures in thread_set_state() poison the respective register.")
0a7de745	44	{
2a1bd2d3	45	#if !__arm64e__
f427ee49	46	T_SKIP("Running on non-arm64e target, skipping...");
2a1bd2d3 A	47	#else
	48	mach_port_t thread;
	49	kern_return_t err = thread_create(mach_task_self(), &thread);
	50	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Created thread");
	51
	52	arm_thread_state64_t state;
	53	mach_msg_type_number_t count = ARM_THREAD_STATE64_COUNT;
	54	err = thread_get_state(mach_thread_self(), ARM_THREAD_STATE64, (thread_state_t)&state, &count);
	55	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Got own thread state");
	56
	57	void corrupted_pc = (void )((uintptr_t)state.__opaque_pc ^ 0x4);
	58	state.__opaque_pc = corrupted_pc;
	59	err = thread_set_state(thread, ARM_THREAD_STATE64, (thread_state_t)&state, count);
	60	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Set child thread's PC to a corrupted pointer");
	61
	62	err = thread_get_state(thread, ARM_THREAD_STATE64, (thread_state_t)&state, &count);
	63	T_QUIET; T_ASSERT_EQ(err, KERN_SUCCESS, "Got child's thread state");
	64	T_EXPECT_NE(state.__opaque_pc, corrupted_pc, "thread_set_state() with a corrupted PC should poison the PC value");
	65
	66	err = thread_terminate(thread);
	67	T_QUIET; T_EXPECT_EQ(err, KERN_SUCCESS, "Terminated thread");
	68	#endif // __arm64e__
fe8ab488	69	}
f427ee49	70