cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

305 (2532B)

      1#!/usr/bin/env bash
      2# group: rw quick
      3#
      4# Test the handling of errors in write requests with multiple allocations
      5#
      6# Copyright (C) 2020 Igalia, S.L.
      7# Author: Alberto Garcia <berto@igalia.com>
      8#
      9# This program is free software; you can redistribute it and/or modify
     10# it under the terms of the GNU General Public License as published by
     11# the Free Software Foundation; either version 2 of the License, or
     12# (at your option) any later version.
     13#
     14# This program is distributed in the hope that it will be useful,
     15# but WITHOUT ANY WARRANTY; without even the implied warranty of
     16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     17# GNU General Public License for more details.
     18#
     19# You should have received a copy of the GNU General Public License
     20# along with this program.  If not, see <http://www.gnu.org/licenses/>.
     21#
     22
     23# creator
     24owner=berto@igalia.com
     25
     26seq=`basename $0`
     27echo "QA output created by $seq"
     28
     29status=1    # failure is the default!
     30
     31_cleanup()
     32{
     33    _cleanup_test_img
     34}
     35trap "_cleanup; exit \$status" 0 1 2 3 15
     36
     37# get standard environment, filters and checks
     38. ./common.rc
     39. ./common.filter
     40
     41_supported_fmt qcow2
     42_supported_proto file fuse
     43_supported_os Linux
     44_unsupported_imgopts cluster_size refcount_bits extended_l2 compat=0.10 data_file
     45
     46echo '### Create the image'
     47_make_test_img -o refcount_bits=64,cluster_size=1k 1M
     48
     49# The reference counts of the clusters for the first 123k of this
     50# write request are stored in the first refcount block. The last
     51# cluster (guest offset 123k) is referenced in the second refcount
     52# block.
     53echo '### Fill the first refcount block and one data cluster from the second'
     54$QEMU_IO -c 'write 0 124k' "$TEST_IMG" | _filter_qemu_io
     55
     56echo '### Discard two of the last data clusters, leave one in the middle'
     57$QEMU_IO -c 'discard 121k 1k' "$TEST_IMG" | _filter_qemu_io
     58$QEMU_IO -c 'discard 123k 1k' "$TEST_IMG" | _filter_qemu_io
     59
     60echo '### Corrupt the offset of the second refcount block'
     61refcount_table_offset=$(peek_file_be "$TEST_IMG" 48 8)
     62poke_file "$TEST_IMG" $(($refcount_table_offset+14)) "\x06"
     63
     64# This tries to allocate the two clusters discarded earlier (guest
     65# offsets 121k and 123k). Their reference counts are in the first and
     66# second refcount blocks respectively, but only the first one can be
     67# allocated correctly because the second entry of the refcount table
     68# is corrupted.
     69echo '### Try to allocate the discarded clusters again'
     70$QEMU_IO -c 'write 121k 3k' "$TEST_IMG" | _filter_qemu_io
     71
     72# success, all done
     73echo "*** done"
     74rm -f $seq.full
     75status=0