cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

080 (8384B)

      1#!/usr/bin/env bash
      2# group: rw auto
      3#
      4# qcow2 format input validation tests
      5#
      6# Copyright (C) 2013 Red Hat, Inc.
      7#
      8# This program is free software; you can redistribute it and/or modify
      9# it under the terms of the GNU General Public License as published by
     10# the Free Software Foundation; either version 2 of the License, or
     11# (at your option) any later version.
     12#
     13# This program is distributed in the hope that it will be useful,
     14# but WITHOUT ANY WARRANTY; without even the implied warranty of
     15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16# GNU General Public License for more details.
     17#
     18# You should have received a copy of the GNU General Public License
     19# along with this program.  If not, see <http://www.gnu.org/licenses/>.
     20#
     21
     22# creator
     23owner=kwolf@redhat.com
     24
     25seq=`basename $0`
     26echo "QA output created by $seq"
     27
     28status=1	# failure is the default!
     29
     30_cleanup()
     31{
     32    _rm_test_img "$TEST_IMG.snap"
     33    _cleanup_test_img
     34}
     35trap "_cleanup; exit \$status" 0 1 2 3 15
     36
     37# get standard environment, filters and checks
     38. ./common.rc
     39. ./common.filter
     40
     41_supported_fmt qcow2
     42_supported_proto file fuse
     43_supported_os Linux
     44# - Internal snapshots are (currently) impossible with refcount_bits=1,
     45#   and generally impossible with external data files
     46# - This is generally a test for compat=1.1 images
     47_unsupported_imgopts 'refcount_bits=1[^0-9]' data_file 'compat=0.10'
     48
     49header_size=112
     50
     51offset_backing_file_offset=8
     52offset_backing_file_size=16
     53offset_l1_size=36
     54offset_l1_table_offset=40
     55offset_refcount_table_offset=48
     56offset_refcount_table_clusters=56
     57offset_nb_snapshots=60
     58offset_snapshots_offset=64
     59offset_header_size=100
     60offset_ext_magic=$header_size
     61offset_ext_size=$((header_size + 4))
     62
     63offset_l2_table_0=$((0x40000))
     64
     65offset_snap1=$((0x70000))
     66offset_snap1_l1_offset=$((offset_snap1 + 0))
     67offset_snap1_l1_size=$((offset_snap1 + 8))
     68
     69echo
     70echo "== Huge header size =="
     71_make_test_img 64M
     72poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff"
     73{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     74poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff"
     75{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     76
     77echo
     78echo "== Huge unknown header extension =="
     79_make_test_img 64M
     80poke_file "$TEST_IMG" "$offset_backing_file_offset" "\xff\xff\xff\xff\xff\xff\xff\xff"
     81poke_file "$TEST_IMG" "$offset_ext_magic" "\x12\x34\x56\x78"
     82poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff"
     83{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     84poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x$(printf %x $offset_ext_size)"
     85{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     86poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
     87{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     88
     89echo
     90echo "== Huge refcount table size =="
     91_make_test_img 64M
     92poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff"
     93{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     94poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01"
     95{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
     96
     97echo
     98echo "== Misaligned refcount table =="
     99_make_test_img 64M
    100poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
    101{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    102
    103echo
    104echo "== Huge refcount offset =="
    105_make_test_img 64M
    106poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
    107poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f"
    108{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    109
    110echo
    111echo "== Invalid snapshot table =="
    112_make_test_img 64M
    113poke_file "$TEST_IMG" "$offset_nb_snapshots" "\xff\xff\xff\xff"
    114{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    115poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x7f\xff\xff\xff"
    116{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    117
    118poke_file "$TEST_IMG" "$offset_snapshots_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
    119poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\xff\xff"
    120{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    121
    122poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
    123poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\x00\x00"
    124{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    125
    126echo
    127echo "== Hitting snapshot table size limit =="
    128_make_test_img 64M
    129# Put the refcount table in a more or less safe place (16 MB)
    130poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x00\x00\x00\x00\x01\x00\x00\x00"
    131poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00"
    132{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
    133{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    134
    135echo
    136echo "== Invalid L1 table =="
    137_make_test_img 64M
    138poke_file "$TEST_IMG" "$offset_l1_size" "\xff\xff\xff\xff"
    139{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    140poke_file "$TEST_IMG" "$offset_l1_size" "\x7f\xff\xff\xff"
    141{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    142
    143poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x7f\xff\xff\xff\xff\xff\x00\x00"
    144poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\xff\xff"
    145{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    146
    147poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
    148poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01"
    149{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    150
    151echo
    152echo "== Invalid L1 table (with internal snapshot in the image) =="
    153_make_test_img 64M
    154{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    155poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x00"
    156_img_info
    157
    158echo
    159echo "== Invalid backing file size =="
    160_make_test_img 64M
    161poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00"
    162poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff"
    163{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    164
    165echo
    166echo "== Invalid L2 entry (huge physical offset) =="
    167_make_test_img 64M
    168{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    169poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00"
    170{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    171poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00"
    172{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    173
    174echo
    175echo "== Invalid snapshot L1 table offset =="
    176_make_test_img 64M
    177{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    178{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
    179poke_file "$TEST_IMG" "$offset_snap1_l1_offset" "\x00\x00\x00\x00\x00\x40\x02\x00"
    180{ $QEMU_IMG convert -l test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir
    181{ $QEMU_IMG amend -o compat=0.10 $TEST_IMG; } 2>&1 | _filter_testdir
    182{ $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
    183           -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
    184{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
    185{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
    186_check_test_img
    187
    188echo
    189echo "== Invalid snapshot L1 table size =="
    190_make_test_img 64M
    191{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
    192{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
    193poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00"
    194{ $QEMU_IMG convert -l test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir
    195{ $QEMU_IMG amend -o compat=0.10 $TEST_IMG; } 2>&1 | _filter_testdir
    196{ $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
    197           -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
    198{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
    199{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
    200_check_test_img
    201
    202# success, all done
    203echo "*** done"
    204rm -f $seq.full
    205status=0