test: Add windows_equally_evictable

Tests for the condition where the minimum age is less than any window's current age, in which case we can get a NULL dereference if the windows_reset_all() implementation is broken. windows.c:409:23: runtime error: member access within null pointer of type 'struct window_context' ASAN:DEADLYSIGNAL ================================================================= ==31400==ERROR: AddressSanitizer: SEGV on unknown address 0x00000004 (pc 0x0002b658 bp 0x74c00270 sp 0x7eb7c678 T0) ==31400==The signal is caused by a WRITE memory access. ==31400==Hint: address points to the zero page. #0 0x2b657 in window_reset windows.c:410 #1 0x2cc9b in windows_create_map windows.c:572 #2 0x1f3f3 in protocol_v1_create_window protocol.c:167 #3 0x2121b in protocol_v2_create_window protocol.c:417 #4 0x24cd7f in generic_vpnor_create_window vpnor/protocol.cpp:51 #5 0x24d053 in protocol_v2_vpnor_create_window vpnor/protocol.cpp:63 #6 0x2663b in mbox_handle_create_window transport_mbox.c:282 #7 0x276db in handle_mbox_req transport_mbox.c:568 #8 0x276db in transport_mbox_dispatch transport_mbox.c:649 #9 0x17fcb in poll_loop mboxd.c:185 #10 0x17fcb in main mboxd.c:423 #11 0x46b68517 in __libc_start_main (/lib/libc.so.6+0x46b68517) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV windows.c:410 in window_reset ==31400==ABORTING Change-Id: I8161e2ea17953e196d4bb3ca90d19e44ec10c86d Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

test: Add windows_equally_evictable
Tests for the condition where the minimum age is less than any window's current age, in which case we can get a NULL dereference if the windows_reset_all() implementation is broken. windows.c:409:23: runtime error: member access within null pointer of type 'struct window_context' ASAN:DEADLYSIGNAL ================================================================= ==31400==ERROR: AddressSanitizer: SEGV on unknown address 0x00000004 (pc 0x0002b658 bp 0x74c00270 sp 0x7eb7c678 T0) ==31400==The signal is caused by a WRITE memory access. ==31400==Hint: address points to the zero page. #0 0x2b657 in window_reset windows.c:410 #1 0x2cc9b in windows_create_map windows.c:572 #2 0x1f3f3 in protocol_v1_create_window protocol.c:167 #3 0x2121b in protocol_v2_create_window protocol.c:417 #4 0x24cd7f in generic_vpnor_create_window vpnor/protocol.cpp:51 #5 0x24d053 in protocol_v2_vpnor_create_window vpnor/protocol.cpp:63 #6 0x2663b in mbox_handle_create_window transport_mbox.c:282 #7 0x276db in handle_mbox_req transport_mbox.c:568 #8 0x276db in transport_mbox_dispatch transport_mbox.c:649 #9 0x17fcb in poll_loop mboxd.c:185 #10 0x17fcb in main mboxd.c:423 #11 0x46b68517 in __libc_start_main (/lib/libc.so.6+0x46b68517) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV windows.c:410 in window_reset ==31400==ABORTING Change-Id: I8161e2ea17953e196d4bb3ca90d19e44ec10c86d Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
c84b8f8f · Andrew Jeffery · b5fd0a47 · c84b8f8f · c84b8f8f
Commit c84b8f8f authored Aug 28, 2018 by Andrew Jeffery
Hide whitespace changes
Inline Side-by-side

Showing with 90 additions and 1 deletion

test/Makefile.am.include test/Makefile.am.include +5 -1

test/windows_equally_evictable.c test/windows_equally_evictable.c +85 -0

No files found.
--- a/test/Makefile.am.include
+++ b/test/Makefile.am.include
@@ -99,6 +99,9 @@ test_sequence_numbers_SOURCES = %reldir%/sequence_numbers.c \
 test_get_mbox_info_v2_timeout_SOURCES = %reldir%/get_mbox_info_v2_timeout.c \
 					$(TEST_MBOX_SRCS) $(TEST_MOCK_SRCS)

+test_windows_equally_evictable_SOURCES = %reldir%/windows_equally_evictable.c \
+					 $(TEST_MBOX_SRCS) $(TEST_MOCK_SRCS)
+
 check_PROGRAMS += \
 		%reldir%/sanity \
 		%reldir%/flash_copy \
@@ -126,4 +129,5 @@ check_PROGRAMS += \
 		%reldir%/invalid_command \
 		%reldir%/read_window_cycle \
 		%reldir%/sequence_numbers \
-		%reldir%/get_mbox_info_v2_timeout
+		%reldir%/get_mbox_info_v2_timeout \
+		%reldir%/windows_equally_evictable
--- a/test/windows_equally_evictable.c
+++ b/test/windows_equally_evictable.c
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (C) 2018 IBM Corp.
+
+#include <assert.h>
+#include <string.h>
+
+#include "config.h"
+#include "transport_mbox.h"
+#include "windows.h"
+
+#include "test/mbox.h"
+#include "test/system.h"
+
+struct test_context
+{
+    uint8_t seq;
+    struct mbox_context *ctx;
+};
+
+// Configure the system and the paritions such that we eventually request a
+// window that covers the last section of flash, but the remaining flash is
+// smaller than the window size
+#define BLOCK_SIZE	4096
+#define ERASE_SIZE	BLOCK_SIZE
+#define N_WINDOWS	3
+#define WINDOW_SIZE	BLOCK_SIZE
+#define MEM_SIZE	(N_WINDOWS * WINDOW_SIZE)
+#define PNOR_SIZE	((N_WINDOWS + 1) * WINDOW_SIZE)
+
+static const uint8_t get_info[] = {0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00};
+
+#define MBOX_CREATE_READ_WINDOW 4
+
+static int mbox_create_read_window(struct test_context *tctx, size_t offset,
+                                   size_t len)
+{
+    union mbox_regs regs;
+
+    memset(&regs, 0, sizeof(regs));
+    regs.msg.command = MBOX_CREATE_READ_WINDOW;
+    regs.msg.seq = ++tctx->seq;
+    put_u16(&regs.msg.args[0], offset);
+    put_u16(&regs.msg.args[2], len);
+
+    return mbox_command_dispatch(tctx->ctx, regs.raw, sizeof(regs.raw));
+}
+
+int main()
+{
+    struct test_context _tctx = {0}, *tctx = &_tctx;
+    size_t len;
+    size_t pos;
+    int rc;
+
+    system_set_reserved_size(MEM_SIZE);
+    system_set_mtd_sizes(PNOR_SIZE, ERASE_SIZE);
+
+    tctx->ctx = mbox_create_test_context(N_WINDOWS, WINDOW_SIZE);
+
+    rc = mbox_command_dispatch(tctx->ctx, get_info, sizeof(get_info));
+    assert(rc == 1);
+
+    pos = 0;
+    while (pos < ((PNOR_SIZE - BLOCK_SIZE) / BLOCK_SIZE))
+    {
+        struct mbox_msg _msg, *msg = &_msg;
+
+        rc = mbox_create_read_window(tctx, pos, (WINDOW_SIZE / BLOCK_SIZE));
+        assert(rc == 1);
+
+        mbox_rspcpy(tctx->ctx, msg);
+
+        len = get_u16(&msg->args[2]);
+        pos = get_u16(&msg->args[4]) + len;
+    }
+
+    windows_reset_all(tctx->ctx);
+
+    rc = mbox_create_read_window(tctx, pos, (WINDOW_SIZE / BLOCK_SIZE));
+    assert(rc == 1);
+
+    return 0;
+}