cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

272 (2506B)

      1#!/usr/bin/env bash
      2# group: rw
      3#
      4# Test compressed write to a qcow2 image at an offset above 4 GB
      5#
      6# Copyright (C) 2019 Red Hat, Inc.
      7#
      8# This program is free software; you can redistribute it and/or modify
      9# it under the terms of the GNU General Public License as published by
     10# the Free Software Foundation; either version 2 of the License, or
     11# (at your option) any later version.
     12#
     13# This program is distributed in the hope that it will be useful,
     14# but WITHOUT ANY WARRANTY; without even the implied warranty of
     15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16# GNU General Public License for more details.
     17#
     18# You should have received a copy of the GNU General Public License
     19# along with this program.  If not, see <http://www.gnu.org/licenses/>.
     20#
     21
     22seq=$(basename "$0")
     23echo "QA output created by $seq"
     24
     25status=1	# failure is the default!
     26
     27_cleanup()
     28{
     29    _cleanup_test_img
     30}
     31trap "_cleanup; exit \$status" 0 1 2 3 15
     32
     33# get standard environment, filters and checks
     34. ./common.rc
     35. ./common.filter
     36
     37# This is a qcow2 regression test
     38_supported_fmt qcow2
     39_supported_proto file fuse
     40
     41# External data files do not support compression;
     42# We need an exact cluster size (2M) and refcount width (2) so we can
     43# get this test quickly over with; and this in turn require
     44# compat=1.1
     45_unsupported_imgopts data_file cluster_size refcount_bits 'compat=0.10'
     46
     47# The idea is: Create an empty file, mark the first 4 GB as used, then
     48# do a compressed write that thus must be put beyond 4 GB.
     49# (This used to fail because the compressed sector mask was just a
     50# 32 bit mask, so qemu-img check will count a cluster before 4 GB as
     51# referenced twice.)
     52
     53# We would like to use refcount_bits=1 here, but then qemu-img check
     54# will throw an error when trying to count a cluster as referenced
     55# twice.
     56_make_test_img -o cluster_size=2M,refcount_bits=2 64M
     57
     58reft_offs=$(peek_file_be "$TEST_IMG" 48 8)
     59refb_offs=$(peek_file_be "$TEST_IMG" $reft_offs 8)
     60
     61# We want to cover 4 GB, those are 2048 clusters, equivalent to
     62# 4096 bit = 512 B.
     63truncate -s 4G "$TEST_IMG"
     64for ((in_refb_offs = 0; in_refb_offs < 512; in_refb_offs += 8)); do
     65    poke_file "$TEST_IMG" $((refb_offs + in_refb_offs)) \
     66        '\x55\x55\x55\x55\x55\x55\x55\x55'
     67done
     68
     69$QEMU_IO -c 'write -c -P 42 0 2M' "$TEST_IMG" | _filter_qemu_io
     70
     71echo
     72echo '--- Check ---'
     73
     74# This should only print the leaked clusters in the first 4 GB
     75_check_test_img | grep -v '^Leaked cluster '
     76
     77# success, all done
     78echo "*** done"
     79rm -f $seq.full
     80status=0