From cfc158a2134ae3e09e34854c4a93b2be400e59a4 Mon Sep 17 00:00:00 2001 From: Oleksii Oleksenko <3688171+OleksiiOleksenko@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:27:12 +0100 Subject: [PATCH] test: [fix] gracefuly handle cases when SMAP/MPX are disabled in kernel; ref #113 --- src/x86/x86_model.py | 2 +- tests/x86_tests/acceptance.bats | 33 +++++++++++++++++++++++++-------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/src/x86/x86_model.py b/src/x86/x86_model.py index ed9a0ac..850cf10 100644 --- a/src/x86/x86_model.py +++ b/src/x86/x86_model.py @@ -569,7 +569,7 @@ class X86UnicornSeq(UnicornSeq): def post_execution_patch(self) -> None: # workaround for Unicorn not enabling MPX - if self.current_instruction.name == "BNDCU": + if self.current_instruction.name == "bndcu": mem_op = self.current_instruction.get_mem_operands()[0] mem_regs = re.split(r'\+|-|\*', mem_op.value) assert len(mem_regs) == 2 and "r14" in mem_regs[0].lower(), "Invalid format of BNDCU" diff --git a/tests/x86_tests/acceptance.bats b/tests/x86_tests/acceptance.bats index 9c1c457..5200b9a 100755 --- a/tests/x86_tests/acceptance.bats +++ b/tests/x86_tests/acceptance.bats @@ -34,6 +34,7 @@ function teardown() { } function assert_violation() { + # Check if the given test produces a contract violation local cmd="$@" run bash -c "$cmd" @@ -53,6 +54,21 @@ function assert_no_violation() { [[ "$status" -eq 0 && "$output" != *"=== Violations detected ==="* ]] } +function assert_violation_or_arch_fail() { + # Check if the given test produces a contract violation OR an architectural failure + local cmd="$@" + + run bash -c "$cmd" + echo "Command: $cmd" + echo "Exit code: $status" + echo "Output: '$output'" + if [[ "$output" == *" Architectural violation "* ]]; then + return + fi + + [[ "$status" -eq 1 && "$output" = *"=== Violations detected ==="* ]] +} + function intel_only() { if cat /proc/cpuinfo | grep "AMD"; then skip @@ -161,20 +177,21 @@ function intel_only() { @test "Detection [meltdown-type]: #PF-smap speculation" { intel_only - if ! grep "smap" /proc/cpuinfo; then + if ! grep "smap" /proc/cpuinfo >/dev/null; then skip fi - assert_violation "$fuzz_opt -t $ASM_DIR/fault_load.asm -c $CONF_DIR/meltdown.yaml -i 5" - assert_no_violation "$fuzz_opt -t $ASM_DIR/fault_load.asm -c $CONF_DIR/meltdown-verif.yaml-i 5" + # Note: an arch. violation is expected here if SMAP is disabled in the kernel + assert_violation_or_arch_fail "$fuzz_opt -t $ASM_DIR/fault_load.asm -c $CONF_DIR/meltdown.yaml -i 5" + assert_no_violation "$fuzz_opt -t $ASM_DIR/fault_load.asm -c $CONF_DIR/meltdown-verif.yaml -i 5" } @test "Detection [meltdown-type]: #BR speculation (MPX)" { - if grep "mpx" /proc/cpuinfo; then - assert_violation "$fuzz_opt -t $ASM_DIR/fault_BR.asm -c $CONF_DIR/mpx.yaml -i 2" - assert_no_violation "$fuzz_opt -t $ASM_DIR/fault_BR.asm -c $CONF_DIR/mpx-verif.yaml -i 2" - else + if ! grep "mpx" /proc/cpuinfo >/dev/null; then skip fi + # Note: an arch. violation is expected here if MPX is disabled in the kernel + assert_violation_or_arch_fail "$fuzz_opt -t $ASM_DIR/fault_BR.asm -c $CONF_DIR/mpx.yaml -i 2" + assert_no_violation "$fuzz_opt -t $ASM_DIR/fault_BR.asm -c $CONF_DIR/mpx-verif.yaml -i 2" } @test "Sequential handling: #DB-instruction" { @@ -200,7 +217,7 @@ function intel_only() { @test "Feature: VM test case" { if cat /proc/cpuinfo | grep -e "vmx" -e "svm" >/dev/null; then - echo "1" > /sys/x86_executor/enable_hpa_gpa_collisions + echo "1" >/sys/x86_executor/enable_hpa_gpa_collisions assert_no_violation "$fuzz_opt -t $ASM_DIR/vm_switch.asm -c $CONF_DIR/vm-switch.yaml -i 20" echo "Testing page table allocation..."