1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/mac/dispatch_source_mach.h" 6 7 #include <mach/mach.h> 8 9 #include "base/logging.h" 10 #include "base/mac/scoped_mach_port.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/test/test_timeouts.h" 13 #include "testing/gtest/include/gtest/gtest.h" 14 15 namespace sandbox { 16 17 class DispatchSourceMachTest : public testing::Test { 18 public: 19 virtual void SetUp() OVERRIDE { 20 mach_port_t port = MACH_PORT_NULL; 21 ASSERT_EQ(KERN_SUCCESS, mach_port_allocate(mach_task_self(), 22 MACH_PORT_RIGHT_RECEIVE, &port)); 23 receive_right_.reset(port); 24 25 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(mach_task_self(), port, 26 port, MACH_MSG_TYPE_MAKE_SEND)); 27 send_right_.reset(port); 28 } 29 30 mach_port_t port() { return receive_right_.get(); } 31 32 void WaitForSemaphore(dispatch_semaphore_t semaphore) { 33 dispatch_semaphore_wait(semaphore, dispatch_time( 34 DISPATCH_TIME_NOW, 35 TestTimeouts::action_timeout().InSeconds() * NSEC_PER_SEC)); 36 } 37 38 private: 39 base::mac::ScopedMachReceiveRight receive_right_; 40 base::mac::ScopedMachSendRight send_right_; 41 }; 42 43 TEST_F(DispatchSourceMachTest, ReceiveAfterResume) { 44 dispatch_semaphore_t signal = dispatch_semaphore_create(0); 45 46 bool __block did_receive = false; 47 DispatchSourceMach source("org.chromium.sandbox.test.ReceiveAfterResume", 48 port(), ^{ 49 mach_msg_empty_rcv_t msg = {{0}}; 50 msg.header.msgh_size = sizeof(msg); 51 msg.header.msgh_local_port = port(); 52 mach_msg_receive(&msg.header); 53 did_receive = true; 54 55 dispatch_semaphore_signal(signal); 56 }); 57 58 mach_msg_empty_send_t msg = {{0}}; 59 msg.header.msgh_size = sizeof(msg); 60 msg.header.msgh_remote_port = port(); 61 msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND); 62 ASSERT_EQ(KERN_SUCCESS, mach_msg_send(&msg.header)); 63 64 EXPECT_FALSE(did_receive); 65 66 source.Resume(); 67 68 WaitForSemaphore(signal); 69 70 EXPECT_TRUE(did_receive); 71 } 72 73 TEST_F(DispatchSourceMachTest, NoMessagesAfterDestruction) { 74 scoped_ptr<int> count(new int(0)); 75 int* __block count_ptr = count.get(); 76 77 scoped_ptr<DispatchSourceMach> source(new DispatchSourceMach( 78 "org.chromium.sandbox.test.NoMessagesAfterDestruction", 79 port(), ^{ 80 mach_msg_empty_rcv_t msg = {{0}}; 81 msg.header.msgh_size = sizeof(msg); 82 msg.header.msgh_local_port = port(); 83 mach_msg_receive(&msg.header); 84 LOG(INFO) << "Receieve " << *count_ptr; 85 ++(*count_ptr); 86 })); 87 source->Resume(); 88 89 dispatch_queue_t queue = 90 dispatch_queue_create("org.chromium.sandbox.test.MessageSend", NULL); 91 dispatch_semaphore_t signal = dispatch_semaphore_create(0); 92 for (int i = 0; i < 30; ++i) { 93 dispatch_async(queue, ^{ 94 mach_msg_empty_send_t msg = {{0}}; 95 msg.header.msgh_size = sizeof(msg); 96 msg.header.msgh_remote_port = port(); 97 msg.header.msgh_bits = 98 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND); 99 mach_msg_send(&msg.header); 100 }); 101 102 // After sending five messages, shut down the source and taint the 103 // pointer the handler dereferences. The test will crash if |count_ptr| 104 // is being used after "free". 105 if (i == 5) { 106 scoped_ptr<DispatchSourceMach>* source_ptr = &source; 107 dispatch_async(queue, ^{ 108 source_ptr->reset(); 109 count_ptr = reinterpret_cast<int*>(0xdeaddead); 110 dispatch_semaphore_signal(signal); 111 }); 112 } 113 } 114 115 WaitForSemaphore(signal); 116 dispatch_release(queue); 117 } 118 119 } // namespace sandbox 120
