From 53528e33eda615ef309915447b227d2dcacb2090 Mon Sep 17 00:00:00 2001 From: Zach Reizner Date: Wed, 31 Jan 2018 12:54:51 -0800 Subject: add support for accessing debug registers in the plugin process The debug registers are useful to access for the plugin process in some cases. TEST=cargo test --features plugin; cargo test -p kvm; ./build_test BUG=chromium:800626 Change-Id: I8f3f6c31c6989061a43cef948cf5b4e64bd52d30 Reviewed-on: https://chromium-review.googlesource.com/896945 Commit-Ready: Zach Reizner Tested-by: Zach Reizner Reviewed-by: Zach Reizner --- tests/mini_plugin_template.c | 159 +++++++++++++++++++++++++++++++++++++++ tests/plugins.rs | 174 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 328 insertions(+), 5 deletions(-) create mode 100644 tests/mini_plugin_template.c (limited to 'tests') diff --git a/tests/mini_plugin_template.c b/tests/mini_plugin_template.c new file mode 100644 index 0000000..684b473 --- /dev/null +++ b/tests/mini_plugin_template.c @@ -0,0 +1,159 @@ +/* + * Copyright 2018 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "crosvm.h" + +#ifndef F_LINUX_SPECIFIC_BASE +#define F_LINUX_SPECIFIC_BASE 1024 +#endif + +#ifndef F_ADD_SEALS +#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) +#endif + +#ifndef F_SEAL_SHRINK +#define F_SEAL_SHRINK 0x0002 +#endif + +#define LOAD_ADDRESS {load_address} + +const uint8_t g_assembly_code[] = {{ + {assembly_code} +}}; + +/* These get defined by the code inserted below. */ +int setup_vm(struct crosvm *, void *mem); +int handle_vpcu_init(struct crosvm_vcpu *, struct kvm_regs *, struct kvm_sregs *); +int handle_vpcu_evt(struct crosvm_vcpu *, struct crosvm_vcpu_event evt); +int check_result(struct crosvm *, void *mem); +{src} + +struct vcpu_context {{ + struct crosvm_vcpu *vcpu; +}}; + +void *vcpu_thread(void *arg) {{ + struct vcpu_context *ctx = arg; + struct crosvm_vcpu *vcpu = ctx->vcpu; + struct crosvm_vcpu_event evt; + int ret; + while (crosvm_vcpu_wait(vcpu, &evt) == 0) {{ + if (evt.kind == CROSVM_VCPU_EVENT_KIND_INIT) {{ + struct kvm_regs regs; + crosvm_vcpu_get_regs(vcpu, ®s); + regs.rflags = 2; + regs.rip = LOAD_ADDRESS; + + struct kvm_sregs sregs; + crosvm_vcpu_get_sregs(vcpu, &sregs); + sregs.cs.base = 0; + sregs.cs.selector = 0; + + handle_vpcu_init(vcpu, ®s, &sregs); + crosvm_vcpu_set_regs(vcpu, ®s); + crosvm_vcpu_set_sregs(vcpu, &sregs); + }} else {{ + ret = handle_vpcu_evt(vcpu, evt); + if (ret) + return NULL; + }} + + crosvm_vcpu_resume(vcpu); + }} + + return NULL; +}} + +int main(int argc, char** argv) {{ + int i; + uint64_t dummy = 1; + struct crosvm *crosvm; + int ret = crosvm_connect(&crosvm); + if (ret) {{ + fprintf(stderr, "failed to connect to crosvm: %d\n", ret); + return 1; + }} + + int kill_evt = crosvm_get_shutdown_eventfd(crosvm); + if (kill_evt < 0) {{ + fprintf(stderr, "failed to get kill eventfd: %d\n", kill_evt); + return 1; + }} + + int mem_size = {mem_size}; + int mem_fd = syscall(SYS_memfd_create, "guest_mem", MFD_CLOEXEC | MFD_ALLOW_SEALING); + if (mem_fd < 0) {{ + fprintf(stderr, "failed to create guest memfd: %d\n", errno); + return 1; + }} + ret = ftruncate(mem_fd, mem_size); + if (ret) {{ + fprintf(stderr, "failed to set size of guest memory: %d\n", errno); + return 1; + }} + uint8_t *mem = mmap(NULL, mem_size, PROT_READ | PROT_WRITE, MAP_SHARED, mem_fd, 0); + if (mem == MAP_FAILED) {{ + fprintf(stderr, "failed to mmap guest memory: %d\n", errno); + return 1; + }} + fcntl(mem_fd, F_ADD_SEALS, F_SEAL_SHRINK); + memcpy(mem + LOAD_ADDRESS, g_assembly_code, sizeof(g_assembly_code)); + + struct crosvm_memory *mem_obj; + ret = crosvm_create_memory(crosvm, mem_fd, 0, mem_size, 0, false, false, &mem_obj); + if (ret) {{ + fprintf(stderr, "failed to create memory in crosvm: %d\n", ret); + return 1; + }} + + ret = setup_vm(crosvm, mem); + if (ret) + return ret; + + struct crosvm_vcpu *vcpus[32]; + struct vcpu_context ctxs[32]; + pthread_t vcpu_threads[32]; + uint32_t vcpu_count; + for (vcpu_count = 0; vcpu_count < 32; vcpu_count++) {{ + ret = crosvm_get_vcpu(crosvm, vcpu_count, &vcpus[vcpu_count]); + if (ret == -ENOENT) + break; + + if (ret) {{ + fprintf(stderr, "error while getting all vcpus: %d\n", ret); + return 1; + }} + ctxs[vcpu_count].vcpu = vcpus[vcpu_count]; + pthread_create(&vcpu_threads[vcpu_count], NULL, vcpu_thread, &ctxs[vcpu_count]); + }} + + ret = crosvm_start(crosvm); + if (ret) {{ + fprintf(stderr, "failed to tell crosvm to start: %d\n", ret); + return 1; + }} + + ret = read(kill_evt, &dummy, sizeof(dummy)); + if (ret == -1) {{ + fprintf(stderr, "failed to read kill eventfd: %d\n", errno); + return 1; + }} + + return check_result(crosvm, mem); +}} diff --git a/tests/plugins.rs b/tests/plugins.rs index 94b0767..bdefff9 100644 --- a/tests/plugins.rs +++ b/tests/plugins.rs @@ -5,18 +5,22 @@ #![cfg(feature = "plugin")] extern crate rand; +extern crate sys_util; use rand::{thread_rng, Rng}; use std::ffi::OsString; -use std::fs::remove_file; -use std::io::Write; +use std::fs::{File, remove_file}; +use std::io::{Write, Read}; use std::env::{current_exe, var_os}; use std::path::{Path, PathBuf}; use std::process::{Command, Stdio}; use std::thread::sleep; +use std::os::unix::io::AsRawFd; use std::time::Duration; +use sys_util::{SharedMemory, ioctl}; + struct RemovePath(PathBuf); impl Drop for RemovePath { fn drop(&mut self) { @@ -89,9 +93,7 @@ fn run_plugin(bin_path: &Path, with_sandbox: bool) { cmd.arg("--disable-sandbox"); } - let mut child = cmd - .spawn() - .expect("failed to spawn crosvm"); + let mut child = cmd.spawn().expect("failed to spawn crosvm"); for _ in 0..12 { match child.try_wait().expect("failed to wait for crosvm") { Some(status) => { @@ -112,6 +114,97 @@ fn test_plugin(src: &str) { run_plugin(&bin_path.0, true); } +fn keep_fd_on_exec(f: &F) { + unsafe { + ioctl(f, 0x5450 /* FIONCLEX */); + } +} + +/// Takes assembly source code and returns the resulting assembly code. +fn build_assembly(src: &str) -> Vec { + // Creates a shared memory region with the assembly source code in it. + let in_shm = SharedMemory::new(None).unwrap(); + let mut in_shm_file: File = in_shm.into(); + keep_fd_on_exec(&in_shm_file); + in_shm_file.write_all(src.as_bytes()).unwrap(); + + // Creates a shared memory region that will hold the nasm output. + let mut out_shm_file: File = SharedMemory::new(None).unwrap().into(); + keep_fd_on_exec(&out_shm_file); + + // Runs nasm with the input and output files set to the FDs of the above shared memory regions, + // which we have preserved accross exec. + let status = Command::new("nasm") + .arg(format!("/proc/self/fd/{}", in_shm_file.as_raw_fd())) + .args(&["-f", "bin", "-o"]) + .arg(format!("/proc/self/fd/{}", out_shm_file.as_raw_fd())) + .status() + .expect("failed to spawn assembler"); + assert!(status.success()); + + let mut out_bytes = Vec::new(); + out_shm_file.read_to_end(&mut out_bytes).unwrap(); + out_bytes +} + +// Converts the input bytes to an output string in the format "0x01,0x02,0x03...". +fn format_as_hex(data: &[u8]) -> String { + let mut out = String::new(); + for (i, d) in data.iter().enumerate() { + out.push_str(&format!("0x{:02x}", d)); + if i < data.len() - 1 { + out.push(',') + } + } + out +} + +// A testing framework for creating simple plugins. +struct MiniPlugin { + // The size in bytes of the guest memory based at 0x0000. + mem_size: u64, + // The address in guest memory to load the assembly code. + load_address: u32, + // The nasm syntax 16-bit assembly code that will assembled and loaded into guest memory. + assembly_src: &'static str, + // The C source code that will be included in the mini_plugin_template.c file. This code must + // define the forward declarations above the {src} line so that the completed plugin source will + // compile. + src: &'static str, +} + +impl Default for MiniPlugin { + fn default() -> Self { + MiniPlugin { + mem_size: 0x2000, + load_address: 0x1000, + assembly_src: "hlt", + src: "", + } + } +} + +// Builds and tests the given MiniPlugin definiton. +fn test_mini_plugin(plugin: &MiniPlugin) { + // Adds a preamble to ensure the output opcodes are 16-bit real mode and the lables start at the + // load address. + let assembly_src = format!("org 0x{:x}\nbits 16\n{}", + plugin.load_address, + plugin.assembly_src); + + // Builds the assembly and convert it to a C literal array format. + let assembly = build_assembly(&assembly_src); + let assembly_hex = format_as_hex(&assembly); + + // Glues the pieces of this plugin together and tests the completed plugin. + let generated_src = format!(include_str!("mini_plugin_template.c"), + mem_size = plugin.mem_size, + load_address = plugin.load_address, + assembly_code = assembly_hex, + src = plugin.src); + test_plugin(&generated_src); +} + #[test] fn test_adder() { test_plugin(include_str!("plugin_adder.c")); @@ -131,3 +224,74 @@ fn test_ioevent() { fn test_irqfd() { test_plugin(include_str!("plugin_irqfd.c")); } + +#[test] +fn test_debugregs() { + let mini_plugin = MiniPlugin { + assembly_src: "org 0x1000 + bits 16 + mov dr0, ebx + mov eax, dr1 + mov byte [0x3000], 1", + src: r#" + #define DR1_VALUE 0x12 + #define RBX_VALUE 0xabcdef00 + #define KILL_ADDRESS 0x3000 + + int g_kill_evt; + struct kvm_regs g_regs; + struct kvm_debugregs g_dregs; + + int setup_vm(struct crosvm *crosvm, void *mem) { + g_kill_evt = crosvm_get_shutdown_eventfd(crosvm); + crosvm_reserve_range(crosvm, CROSVM_ADDRESS_SPACE_MMIO, KILL_ADDRESS, 1); + return 0; + } + + int handle_vpcu_init(struct crosvm_vcpu *vcpu, struct kvm_regs *regs, + struct kvm_sregs *sregs) + { + regs->rbx = RBX_VALUE; + struct kvm_debugregs dregs; + crosvm_vcpu_get_debugregs(vcpu, &dregs); + dregs.db[1] = DR1_VALUE; + crosvm_vcpu_set_debugregs(vcpu, &dregs); + return 0; + } + + int handle_vpcu_evt(struct crosvm_vcpu *vcpu, struct crosvm_vcpu_event evt) { + if (evt.kind == CROSVM_VCPU_EVENT_KIND_IO_ACCESS && + evt.io_access.address_space == CROSVM_ADDRESS_SPACE_MMIO && + evt.io_access.address == KILL_ADDRESS && + evt.io_access.is_write && + evt.io_access.length == 1 && + evt.io_access.data[0] == 1) + { + uint64_t dummy = 1; + crosvm_vcpu_get_debugregs(vcpu, &g_dregs); + crosvm_vcpu_get_regs(vcpu, &g_regs); + write(g_kill_evt, &dummy, sizeof(dummy)); + return 1; + } + return 0; + } + + int check_result(struct crosvm *vcpu, void *mem) { + if (g_dregs.db[1] != DR1_VALUE) { + fprintf(stderr, "dr1 register has unexpected value: 0x%x\n", g_dregs.db[1]); + return 1; + } + if (g_dregs.db[0] != RBX_VALUE) { + fprintf(stderr, "dr0 register has unexpected value: 0x%x\n", g_dregs.db[0]); + return 1; + } + if (g_regs.rax != DR1_VALUE) { + fprintf(stderr, "eax register has unexpected value: 0x%x\n", g_regs.rax); + return 1; + } + return 0; + }"#, + ..Default::default() + }; + test_mini_plugin(&mini_plugin); +} -- cgit 1.4.1