cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

121 (4298B)

      1#!/usr/bin/env bash
      2# group: rw
      3#
      4# Test cases for qcow2 refcount table growth
      5#
      6# Copyright (C) 2015 Red Hat, Inc.
      7#
      8# This program is free software; you can redistribute it and/or modify
      9# it under the terms of the GNU General Public License as published by
     10# the Free Software Foundation; either version 2 of the License, or
     11# (at your option) any later version.
     12#
     13# This program is distributed in the hope that it will be useful,
     14# but WITHOUT ANY WARRANTY; without even the implied warranty of
     15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16# GNU General Public License for more details.
     17#
     18# You should have received a copy of the GNU General Public License
     19# along with this program.  If not, see <http://www.gnu.org/licenses/>.
     20#
     21
     22# creator
     23owner=mreitz@redhat.com
     24
     25seq="$(basename $0)"
     26echo "QA output created by $seq"
     27
     28status=1	# failure is the default!
     29
     30_cleanup()
     31{
     32	_cleanup_test_img
     33}
     34trap "_cleanup; exit \$status" 0 1 2 3 15
     35
     36# get standard environment, filters and checks
     37. ./common.rc
     38. ./common.filter
     39
     40_supported_fmt qcow2
     41_supported_proto file fuse
     42_supported_os Linux
     43# Refcount structures are used much differently with external data
     44# files
     45_unsupported_imgopts data_file
     46
     47echo
     48echo '=== New refcount structures may not conflict with existing structures ==='
     49
     50echo
     51echo '--- Test 1 ---'
     52echo
     53
     54# Preallocation speeds up the write operation, but preallocating everything will
     55# destroy the purpose of the write; so preallocate one KB less than what would
     56# cause a reftable growth...
     57_make_test_img -o 'preallocation=metadata,cluster_size=1k' 64512K
     58# ...and make the image the desired size afterwards.
     59$QEMU_IMG resize "$TEST_IMG" 65M
     60
     61# The first write results in a growth of the refcount table during an allocation
     62# which has precisely the required size so that the new refcount block allocated
     63# in alloc_refcount_block() is right after cluster_index; this did lead to a
     64# different refcount block being written to disk (a zeroed cluster) than what is
     65# cached (a refblock with one entry having a refcount of 1), and the second
     66# write would then result in that cached cluster being marked dirty and then
     67# in it being written to disk.
     68# This should not happen, the new refcount structures may not conflict with
     69# new_block.
     70# (Note that for some reason, 'write 63M 1K' does not trigger the problem)
     71$QEMU_IO -c 'write 62M 1025K' -c 'write 64M 1M' "$TEST_IMG" | _filter_qemu_io
     72
     73_check_test_img
     74
     75
     76echo
     77echo '--- Test 2 ---'
     78echo
     79
     80_make_test_img -o 'preallocation=metadata,cluster_size=1k' 64513K
     81# This results in an L1 table growth which in turn results in some clusters at
     82# the start of the image becoming free
     83$QEMU_IMG resize "$TEST_IMG" 65M
     84
     85# This write results in a refcount table growth; but the refblock allocated
     86# immediately before that (new_block) takes cluster index 4 (which is now free)
     87# and is thus not self-describing (in contrast to test 1, where new_block was
     88# self-describing). The refcount table growth algorithm then used to place the
     89# new refcount structures at cluster index 65536 (which is the same as the
     90# cluster_index parameter in this case), allocating a new refcount block for
     91# that cluster while new_block already existed, leaking new_block.
     92# Therefore, the new refcount structures may not be put at cluster_index
     93# (because new_block already describes that cluster, and the new structures try
     94# to be self-describing).
     95$QEMU_IO -c 'write 63M 130K' "$TEST_IMG" | _filter_qemu_io
     96
     97_check_test_img
     98
     99echo
    100echo '=== Allocating a new refcount block must not leave holes in the image ==='
    101echo
    102
    103_make_test_img -o 'cluster_size=512,refcount_bits=16' 1M
    104
    105# This results in an image with 256 used clusters: the qcow2 header,
    106# the refcount table, one refcount block, the L1 table, four L2 tables
    107# and 248 data clusters
    108$QEMU_IO -c 'write 0 124k' "$TEST_IMG" | _filter_qemu_io
    109
    110# 256 clusters of 512 bytes each give us a 128K image
    111stat -c "size=%s (expected 131072)" $TEST_IMG
    112
    113# All 256 entries of the refcount block are used, so writing a new
    114# data cluster also allocates a new refcount block
    115$QEMU_IO -c 'write 124k 512' "$TEST_IMG" | _filter_qemu_io
    116
    117# Two more clusters, the image size should be 129K now
    118stat -c "size=%s (expected 132096)" $TEST_IMG
    119
    120# success, all done
    121echo
    122echo '*** done'
    123rm -f $seq.full
    124status=0