-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add (failing) test of cross-compartment TLS accesses
- Loading branch information
1 parent
0ef7e52
commit dcd2def
Showing
9 changed files
with
109 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| if(LIBIA2_INSECURE) | ||
| set(MAIN_STDOUT_REF ${CMAKE_CURRENT_SOURCE_DIR}/Output/tls_protected_main.insecure.out) | ||
| set(LIB_STDOUT_REF ${CMAKE_CURRENT_SOURCE_DIR}/Output/tls_protected_lib.insecure.out) | ||
| else() | ||
| set(MAIN_STDOUT_REF ${CMAKE_CURRENT_SOURCE_DIR}/Output/tls_protected_main.out) | ||
| set(LIB_STDOUT_REF ${CMAKE_CURRENT_SOURCE_DIR}/Output/tls_protected_lib.out) | ||
| endif() | ||
| configure_file(${MAIN_STDOUT_REF} ${CMAKE_CURRENT_BINARY_DIR}) | ||
| configure_file(${LIB_STDOUT_REF} ${CMAKE_CURRENT_BINARY_DIR}) | ||
|
|
||
| set(HEADERS library.h) | ||
|
|
||
| # Build the wrapper lib | ||
| define_ia2_wrapper( | ||
| HEADERS ${HEADERS} | ||
| CALLER_PKEY 1 | ||
| ) | ||
|
|
||
| # Build the wrapped lib | ||
| define_shared_lib( | ||
| SRCS library.c | ||
| ) | ||
|
|
||
| # Build the test | ||
| define_test( | ||
| SRCS main.c | ||
| ) |
2 changes: 2 additions & 0 deletions
2
header-rewriter/tests/tls_protected/Output/tls_protected_lib.insecure.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| TRUSTED: the secret is deadbeef | ||
| CHECK_VIOLATION: did not seg fault as expected |
3 changes: 3 additions & 0 deletions
3
header-rewriter/tests/tls_protected/Output/tls_protected_lib.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| main: main secret is deadbeef | ||
| library: lib secret is 1eaf1e55 | ||
| CHECK_VIOLATION: seg faulted as expected |
2 changes: 2 additions & 0 deletions
2
header-rewriter/tests/tls_protected/Output/tls_protected_main.insecure.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| TRUSTED: the secret is deadbeef | ||
| CHECK_VIOLATION: did not seg fault as expected |
3 changes: 3 additions & 0 deletions
3
header-rewriter/tests/tls_protected/Output/tls_protected_main.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| main: main secret is deadbeef | ||
| library: lib secret is 1eaf1e55 | ||
| CHECK_VIOLATION: seg faulted as expected |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| /* | ||
| RUN: cp %s %t.h | ||
| RUN: ia2-header-rewriter %T/wrapper.c %t.h -- -I%resource_dir | ||
| RUN: cat %t.h | sed 's/^.*CHECK.*$//' | FileCheck %s | ||
| RUN: %binary_dir/tests/tls_protected/tls_protected-main | diff %binary_dir/tests/tls_protected/tls_protected_main.out - | ||
| RUN: %binary_dir/tests/tls_protected/tls_protected-main print_lib_secret | diff %binary_dir/tests/tls_protected/tls_protected_lib.out - | ||
| */ | ||
| #pragma once | ||
| #include <stdint.h> | ||
| #include <threads.h> | ||
|
|
||
| thread_local extern uint32_t main_secret; | ||
| thread_local extern uint32_t lib_secret; | ||
|
|
||
| // CHECK: IA2_WRAP_FUNCTION(lib_print_main_secret); | ||
| void lib_print_main_secret(); | ||
|
|
||
| // CHECK: IA2_WRAP_FUNCTION(lib_print_lib_secret); | ||
| void lib_print_lib_secret(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| #include "library.h" | ||
| #include "test_fault_handler.h" | ||
| #include <stdbool.h> | ||
| #include <stdio.h> | ||
| #include <stdlib.h> | ||
|
|
||
| thread_local uint32_t lib_secret = 0x1eaf1e55; | ||
|
|
||
| void lib_print_main_secret() { | ||
| printf("library: main secret is %x\n", CHECK_VIOLATION(main_secret)); | ||
| } | ||
|
|
||
| void lib_print_lib_secret() { | ||
| printf("library: lib secret is %x\n", lib_secret); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| #include <ia2.h> | ||
| #include <library.h> | ||
| #include <stdbool.h> | ||
| #include <stdint.h> | ||
| #include <stdio.h> | ||
| #include <unistd.h> | ||
| #define IA2_DEFINE_TEST_HANDLER | ||
| #include "test_fault_handler.h" | ||
| #include <threads.h> | ||
|
|
||
| INIT_RUNTIME(1); | ||
| INIT_COMPARTMENT(1); | ||
|
|
||
| thread_local uint32_t main_secret = 0xdeadbeef; | ||
|
|
||
| // This tests that mpk violations call the signal handler in | ||
| // test_fault_handler.h and print the appropriate message if the | ||
| // segfault occurred in one of the CHECK_VIOLATION expressions. Passing in any | ||
| // argument raises a segfault early to test that a violation outside a | ||
| // CHECK_VIOLATION prints a different message. | ||
| int main(int argc, char **argv) { | ||
| // Access to thread-local from the same compartment should work. | ||
| printf("main: main secret is %x\n", main_secret); | ||
| lib_print_lib_secret(); | ||
|
|
||
| // If we have an argument, test the "main accessing lib" direction; | ||
| // otherwise test the "lib accessing main" direction. Both should | ||
| // exit with an MPK violation. | ||
| bool access_lib_secret = argc > 1; | ||
|
|
||
| // Perform forbidden access. | ||
| if (access_lib_secret) { | ||
| printf("main: lib secret is %x\n", CHECK_VIOLATION(lib_secret)); | ||
| } else { | ||
| lib_print_main_secret(); | ||
| } | ||
| } |