This is xnu-12377.1.9. See this file in: xnu-12377.1.9 (Darwin 25) xnu-8792.81.2 (MacOS 18, Darwin 22) xnu-8019 (MacOS 17.0, Darwin 21) xnu-6153.11.26 (MacOS 15.0, Darwin 19) xnu-4903.221.2 (MacOS 14.0, Darwin 18) xnu-4570.41.2 (MacOS 13.3, Darwin 17) xnu-3789.70.16 (MacOS 12.6, Darwin 16) xnu-3248.20.55 (MacOS 11.2, Darwin 15) xnu-2782.40.9 (MacOS 10.10.5, Darwin 14) xnu-2422.115.4 (MacOS 10.9.5, Darwin 13) xnu-2050.24.15 (MacOS 10.8.4, Darwin 12) xnu-1699.32.7 (MacOS 10.7.5, Darwin 11) xnu-1504.15.3 (MacOS 10.6.8, Darwin 10) xnu-1228.15.4 (MacOS 10.5.8, Darwin 9)

#include <signal.h>
#include <libproc.h>
#include <sys/sysctl.h>

#include <darwintest.h>

// rdar://128791723
// Ensure pidversion always changes across exec

static int32_t
get_pidversion_for_pid(pid_t pid)
{
	struct proc_bsdinfowithuniqid bsd_info;
	int ret = proc_pidinfo(pid, PROC_PIDT_BSDINFOWITHUNIQID, 0, &bsd_info, sizeof(bsd_info));
	T_ASSERT_EQ((unsigned long)ret, sizeof(bsd_info), "PROC_PIDT_BSDINFOWITHUNIQID");
	return bsd_info.p_uniqidentifier.p_idversion;
}

T_DECL(ensure_pidversion_changes_on_exec,
    "Ensure pidversion always changes across exec, even when groomed not to",
    T_META_NAMESPACE("xnu.exec"),
    T_META_TAG_VM_PREFERRED
    ) {
	T_SETUPBEGIN;

	// Given we exec a helper program (in a forked child, so this runner can stick around)
	// (And we set up some resources to communicate with the forked process)
	int pipefd[2];
	T_ASSERT_POSIX_SUCCESS(pipe(pipefd), "pipe");

	pid_t forked_pid = fork();
	T_ASSERT_POSIX_SUCCESS(forked_pid, "fork");

	if (forked_pid == 0) {
		close(pipefd[0]);

		// And we keep track of our current pidversion
		int32_t forked_proc_pidv = get_pidversion_for_pid(getpid());

		// And we ask the kernel to groom things such that `nextpidversion == current_proc->p_idversion + 1`
		int64_t val = 0;
		size_t val_len = sizeof(val);
		sysctlbyname("debug.test.setup_ensure_pidversion_changes_on_exec", &val, &val_len, &val, sizeof(val));

		// (And we send the parent's pidversion back to the test runner, for comparison with the exec'd process)
		T_ASSERT_POSIX_SUCCESS(write(pipefd[1], (void*)&forked_proc_pidv, sizeof(forked_proc_pidv)), "write");
		T_ASSERT_POSIX_SUCCESS(close(pipefd[1]), "close");

		// When I exec a child
		// (Which spins forever, so we can poke it)
		char *args[4];
		char *tail_path = "/usr/bin/tail";
		args[0] = tail_path;
		args[1] = "-f";
		args[2] = "/dev/null";
		args[3] = NULL;
		execv(tail_path, args);
		T_FAIL("execve() failed");
	}

	T_ASSERT_POSIX_SUCCESS(close(pipefd[1]), "close");

	// (And we read the parent's pidversion from our forked counterpart, for comparison with the exec'd process)
	int32_t forked_proc_pidversion;
	T_ASSERT_POSIX_SUCCESS(read(pipefd[0], &forked_proc_pidversion, sizeof(forked_proc_pidversion)), "read");
	T_ASSERT_POSIX_SUCCESS(close(pipefd[0]), "close");

	// (Give the forked process a moment to exec().)
	// (To get rid of this, we could exec something controlled that signals a semaphore.)
	sleep(1);

	T_SETUPEND;

	// And I interrogate the pidversion of the exec'd process
	int32_t exec_proc_pidversion = get_pidversion_for_pid(forked_pid);

	// Then the pidversion should NOT be reused, despite our grooming
	T_ASSERT_NE(exec_proc_pidversion, forked_proc_pidversion, "Prevent pidversion reuse");

	// Cleanup: kill our errant child
	T_SETUPBEGIN;
	T_ASSERT_POSIX_SUCCESS(kill(forked_pid, SIGKILL), "kill");
	T_SETUPEND;
}