ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-02-20 17:52:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rm_fault: add fault test for exec access violation

Browse Source 
Issue #1723
This commit is contained in:
Alexander Boettcher 2017-10-12 14:33:04 +02:00 committed by Christian Helmuth
parent e3d9f41496
commit 03b8e70d3f
2 changed files with 215 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
repos/base/run/rm_fault.run
View File

@ -1,6 +1,14 @@
if {[have_spec linux]} {
puts "Platform does not support managed dataspaces"; exit }
#
# We skip the non-executable fault test on platforms where this functionality
# is not supported.
#
proc non_executable_supported { } {
return false
}
build "core init test/rm_fault"
create_boot_directory
@ -17,8 +25,9 @@ install_config {
<default-route>
<any-service> <parent/> </any-service>
</default-route>
<start name="test-rm_fault" caps="100">
<start name="test-rm_fault" caps="110">
<resource name="RAM" quantum="10M"/>
<config executable_fault_test="} [non_executable_supported] {"/>
</start>
</config>
}

268
repos/base/src/test/rm_fault/main.cc
View File

@ -32,12 +32,21 @@ using namespace Genode;
***********/
enum {
MANAGED_ADDR = 0x10000000,
STOP_TEST = 0xdead,
READ_TEST = 0x12345,
WRITE_TEST = READ_TEST - 1
MANAGED_ADDR = 0x10000000,
STOP_TEST = 0xdead,
READ_TEST = 0x12345,
WRITE_TEST = READ_TEST - 1,
EXEC_TEST = WRITE_TEST - 1,
SHUTDOWN = EXEC_TEST - 1
};
static char const * const state_name(Region_map::State &state)
{
return state.type == Region_map::State::READ_FAULT ? "READ_FAULT" :
state.type == Region_map::State::WRITE_FAULT ? "WRITE_FAULT" :
state.type == Region_map::State::EXEC_FAULT ? "EXEC_FAULT" : "READY";
}
void read_at(addr_t addr)
{
@ -46,16 +55,23 @@ void read_at(addr_t addr)
log("read value ", Hex(value));
}
bool modify(addr_t addr)
bool modify_at(addr_t addr)
{
addr_t const value = *(addr_t volatile *)addr;
if (value == STOP_TEST)
return false;
if (value != READ_TEST + 1)
log("modify memory at ", Hex(addr), " to ",
Hex(++(*(addr_t volatile *)addr)), " ", Hex(value));
if (value != READ_TEST + 1) {
addr_t value_mod = ++(*(addr_t volatile *)(addr));
/* if we are get told to stop, do so */
if (*(addr_t volatile *)(addr + sizeof(addr)) == STOP_TEST)
return false;
log("modify memory at ", Hex(addr), " from ",
Hex(value), " to ", Hex(value_mod));
}
if (value != READ_TEST && value != READ_TEST + 1)
{
@ -66,16 +82,78 @@ bool modify(addr_t addr)
return true;
}
void main_child()
struct Exec_faulter : Thread
{
enum { FAULT_ON_ADDR, FAULT_ON_STACK };
unsigned _fault_test;
Exec_faulter(Env &env, unsigned test)
: Thread(env, "exec_fault", 1024 * sizeof(addr_t)), _fault_test(test)
{ }
void entry()
{
if (_fault_test == FAULT_ON_ADDR) {
addr_t volatile * value = (addr_t volatile *)MANAGED_ADDR;
*value = 0x0b0f9090; /* nop, nop, ud2 */
void (*exec_fault)(void) = (void (*)(void))MANAGED_ADDR;
exec_fault();
return;
}
if (_fault_test == FAULT_ON_STACK) {
unsigned long dummy = 0x0b0f9090; /* nop, nop, ud2 */
void (*exec_fault)(void) = (void (*)(void))&dummy;
exec_fault();
}
}
};
void execute_at(Genode::Env &env, Attached_rom_dataspace &config, addr_t cmd_addr)
{
addr_t volatile * cmd = (addr_t volatile *)cmd_addr;
if (config.xml().attribute_value("executable_fault_test", true)) {
/* perform illegal execute access on cmd addr */
Exec_faulter fault_on_managed_addr(env, Exec_faulter::FAULT_ON_ADDR);
fault_on_managed_addr.start();
/* wait until parent acknowledged fault */
while (*cmd != STOP_TEST) { }
/* tell parent that we start with next EXEC_TEST */
*cmd = EXEC_TEST;
Exec_faulter fault_on_stack(env, Exec_faulter::FAULT_ON_STACK);
fault_on_stack.start();
/* wait until parent acknowledged fault */
while (*cmd == EXEC_TEST) { }
}
log("\n--- child role of region-manager fault test finished ---");
/* sync shutdown with parent */
*cmd = SHUTDOWN;
}
void main_child(Env &env)
{
Attached_rom_dataspace config { env, "config" };
log("child role started");
/* perform illegal access */
/* perform illegal read access */
read_at(MANAGED_ADDR);
while (modify(MANAGED_ADDR));
/* perform illegal write access */
while (modify_at(MANAGED_ADDR));
log("--- child role of region-manager fault test finished ---");
/* perform illegal execute access */
execute_at(env, config, MANAGED_ADDR);
}
@ -95,6 +173,7 @@ class Test_child_policy : public Child_policy
Env &_env;
Parent_services &_parent_services;
Signal_context_capability const _fault_handler_sigh;
Signal_context_capability const _fault_handler_stack_sigh;
public:
@ -102,11 +181,13 @@ class Test_child_policy : public Child_policy
* Constructor
*/
Test_child_policy(Env &env, Parent_services &parent_services,
Signal_context_capability fault_handler_sigh)
Signal_context_capability fault_handler_sigh,
Signal_context_capability fault_handler_stack_sigh)
:
_env(env),
_parent_services(parent_services),
_fault_handler_sigh(fault_handler_sigh)
_fault_handler_sigh(fault_handler_sigh),
_fault_handler_stack_sigh(fault_handler_stack_sigh)
{ }
@ -130,6 +211,9 @@ class Test_child_policy : public Child_policy
Region_map_client address_space(session.address_space());
address_space.fault_handler(_fault_handler_sigh);
Region_map_client stack_area(session.stack_area());
stack_area.fault_handler(_fault_handler_stack_sigh);
}
Service &resolve_session_request(Service::Name const &service_name,
@ -155,9 +239,13 @@ struct Main_parent
Signal_handler<Main_parent> _fault_handler {
_env.ep(), *this, &Main_parent::_handle_fault };
Signal_handler<Main_parent> _fault_handler_stack {
_env.ep(), *this, &Main_parent::_handle_fault_stack };
Heap _heap { _env.ram(), _env.rm() };
Genode::Rom_connection _rom { _env, "config"};
Attached_rom_dataspace _config { _env, "config" };
Rom_connection _binary { _env, "test-rm_fault" };
/* parent services */
struct Parent_services : Test_child_policy::Parent_services
@ -179,7 +267,8 @@ struct Main_parent
} _parent_services { _heap };
/* create child */
Test_child_policy _child_policy { _env, _parent_services, _fault_handler };
Test_child_policy _child_policy { _env, _parent_services, _fault_handler,
_fault_handler_stack };
Child _child { _env.rm(), _env.ep().rpc_ep(), _child_policy };
@ -191,54 +280,10 @@ struct Main_parent
unsigned _fault_cnt = 0;
long volatile &_child_value() { return *_ds.local_addr<long volatile>(); }
long volatile &_child_stop() { return *(_ds.local_addr<long volatile>() + 1); }
void _check_for_write_fault(addr_t const child_virt_addr)
void _test_read_fault(addr_t const child_virt_addr)
{
if (_child_value() == WRITE_TEST) {
_child_value() = STOP_TEST;
Genode::log("got fault on ROM");
_env.parent().exit(0);
return;
}
Genode::log("test WRITE fault on ROM (config)");
_child_value() = WRITE_TEST;
_address_space.attach_at(_rom.dataspace(), child_virt_addr);
}
void _handle_fault()
{
enum { FAULT_CNT = 4 };
log("received region-map fault signal, request fault state");
Region_map::State state = _address_space.state();
char const *state_name =
state.type == Region_map::State::READ_FAULT ? "READ_FAULT" :
state.type == Region_map::State::WRITE_FAULT ? "WRITE_FAULT" :
state.type == Region_map::State::EXEC_FAULT ? "EXEC_FAULT" : "READY";
log("rm session state is ", state_name, ", pf_addr=", Hex(state.addr));
/* ignore spurious fault signal */
if (state.type == Region_map::State::READY) {
log("ignoring spurious fault signal");
return;
}
addr_t child_virt_addr = state.addr & ~(4096 - 1);
if (_fault_cnt++ >= FAULT_CNT) {
if (_fault_cnt == FAULT_CNT)
log("--- parent role of region-manager fault test finished ---");
_check_for_write_fault(child_virt_addr);
return;
}
/* allocate dataspace to resolve the fault */
log("attach dataspace to the child at ", Hex(child_virt_addr));
@ -256,6 +301,103 @@ struct Main_parent
_address_space.detach((void *)child_virt_addr);
}
void _test_write_fault(addr_t const child_virt_addr)
{
if (_child_value() == WRITE_TEST) {
_child_stop() = STOP_TEST;
Genode::log("got write fault on ROM ", Hex(child_virt_addr));
/* let client continue by providing a dataspace it may write to */
_address_space.detach((void *)child_virt_addr);
_address_space.attach_at(_ds.cap(), child_virt_addr);
return;
}
Genode::log("test WRITE fault on read-only binary");
_child_value() = WRITE_TEST;
_address_space.attach_at(_binary.dataspace(), child_virt_addr);
}
void _test_exec_fault(addr_t const child_virt_addr, Region_map::State &state)
{
if (_child_value() == WRITE_TEST) {
_child_value() = EXEC_TEST;
return;
}
if (state.type != Region_map::State::EXEC_FAULT ||
state.addr != MANAGED_ADDR)
{
error("exec test failed ", (int)state.type,
" addr=", Hex(state.addr));
return;
}
log("got exec fault on dataspace");
/* signal client to continue with next test, current test is done */
_child_value() = STOP_TEST;
}
void _handle_fault()
{
enum { FAULT_CNT_READ = 4, FAULT_CNT_WRITE = 5 };
log("received region-map fault signal, request fault state");
Region_map::State state = _address_space.state();
log("rm session state is ", state_name(state), ", pf_addr=", Hex(state.addr));
/* ignore spurious fault signal */
if (state.type == Region_map::State::READY) {
log("ignoring spurious fault signal");
return;
}
addr_t child_virt_addr = state.addr & ~(4096 - 1);
if (_fault_cnt < FAULT_CNT_READ)
_test_read_fault(child_virt_addr);
if (_fault_cnt <= FAULT_CNT_WRITE && _fault_cnt >= FAULT_CNT_READ)
_test_write_fault(child_virt_addr);
if (!_config.xml().attribute_value("executable_fault_test", true) &&
_fault_cnt >=FAULT_CNT_WRITE)
_handle_fault_stack();
if (_fault_cnt > FAULT_CNT_WRITE)
_test_exec_fault(child_virt_addr, state);
_fault_cnt++;
}
void _handle_fault_stack()
{
/* sanity check that we got exec fault */
if (_config.xml().attribute_value("executable_fault_test", true)) {
Region_map::State state = _address_space.state();
if (state.type != Region_map::State::EXEC_FAULT) {
error("unexpected state ", state_name(state));
return;
}
_child_value() = STOP_TEST;
}
/* sync shutdown with client */
while (_child_value() != SHUTDOWN) { }
log("--- parent role of region-manager fault test finished --- ");
/* done, finally */
_env.parent().exit(0);
}
Main_parent(Env &env) : _env(env) { }
};
@ -274,6 +416,6 @@ void Component::construct(Env &env)
log("-- parent role started --");
}
catch (Service_denied) {
main_child();
main_child(env);
}
}