/* Check that we can dynamically delete code. */
void test_deleting_code(void) {
uint8_t *load_area = (uint8_t *) allocate_code_space(1);
uint8_t buf[BUF_SIZE];
int rc;
int (*func)(void);
copy_and_pad_fragment(buf, sizeof(buf), &template_func, &template_func_end);
rc = nacl_dyncode_create(load_area, buf, sizeof(buf));
assert(rc == 0);
func = (int (*)(void)) (uintptr_t) load_area;
rc = func();
assert(rc == MARKER_OLD);
rc = dyncode_delete_with_retry(load_area, sizeof(buf));
assert(rc == 0);
assert(load_area[0] != buf[0]);
/* Attempting to unload the code again should fail. */
rc = nacl_dyncode_delete(load_area, sizeof(buf));
assert(rc == -1);
assert(errno == EFAULT);
/*
* We should be able to load new code at the same address. This
* assumes that no other threads are running, otherwise this request
* can be rejected.
*
* This fails under ARM QEMU. QEMU will flush its instruction
* translation cache based on writes to the same virtual address,
* but it ignores our explicit cache flush system calls. Valgrind
* has a similar problem, except that there is no cache flush system
* call on x86.
*/
if (getenv("UNDER_QEMU_ARM") != NULL ||
getenv("RUNNING_ON_VALGRIND") != NULL) {
printf("Skipping loading new code under emulator\n");
} else {
printf("Testing loading new code...\n");
copy_and_pad_fragment(buf, sizeof(buf), &template_func_replacement,
&template_func_replacement_end);
rc = nacl_dyncode_create(load_area, buf, sizeof(buf));
assert(rc == 0);
func = (int (*)(void)) (uintptr_t) load_area;
rc = func();
assert(rc == MARKER_NEW);
rc = nacl_dyncode_delete(load_area, sizeof(buf));
assert(rc == 0);
assert(load_area[0] != buf[0]);
}
}
/*
* If threading tests have run before in this process, nacl_dyncode_delete will
* return EAGAIN if the threads have not finished trusted-side cleanup yet.
* (this is related to the
* https://code.google.com/p/nativeclient/issues/detail?id=1028).
* If we have joined the thread already, then we just need to wait until it
* finishes untrusted-side cleanup and calls IRT thread_exit. Doing this allows
* the tests to run in any order. Only the first deletion in a non-threaded test
* needs to do this.
*/
int dyncode_delete_with_retry(void *dest, size_t size) {
int rc;
do {
rc = nacl_dyncode_delete(dest, size);
} while (rc != 0 && errno == EAGAIN);
return rc;
}
void test_deleting_code_from_invalid_ranges(void) {
uint8_t *load_addr = (uint8_t *) allocate_code_space(1) + 32;
uint8_t buf[64];
int rc;
/* We specifically want to test using multiple instruction bundles. */
assert(sizeof(buf) / NACL_BUNDLE_SIZE >= 2);
assert(sizeof(buf) % NACL_BUNDLE_SIZE == 0);
rc = dyncode_delete_with_retry(load_addr, sizeof(buf));
assert(rc == -1);
assert(errno == EFAULT);
fill_hlts(buf, sizeof(buf));
rc = nacl_dyncode_create(load_addr, buf, sizeof(buf));
assert(rc == 0);
/* Overlapping before. */
rc = nacl_dyncode_delete(load_addr - NACL_BUNDLE_SIZE,
sizeof(buf) + NACL_BUNDLE_SIZE);
assert(rc == -1);
assert(errno == EFAULT);
/* Overlapping after. */
rc = nacl_dyncode_delete(load_addr, sizeof(buf) + NACL_BUNDLE_SIZE);
assert(rc == -1);
assert(errno == EFAULT);
/* Missing the end of the loaded chunk. */
rc = nacl_dyncode_delete(load_addr, sizeof(buf) - NACL_BUNDLE_SIZE);
assert(rc == -1);
assert(errno == EFAULT);
/* Missing the start of the loaded chunk. */
rc = nacl_dyncode_delete(load_addr + NACL_BUNDLE_SIZE,
sizeof(buf) - NACL_BUNDLE_SIZE);
assert(rc == -1);
assert(errno == EFAULT);
/* The correct range should work, though. */
rc = nacl_dyncode_delete(load_addr, sizeof(buf));
assert(rc == 0);
}
void test_syscall_wrappers(void) {
/*
* This tests whether various IRT calls generate
* blocking-notification callbacks. The test expectations here are
* subject to change. We might need to update them when the IRT or
* the NaCl trusted runtime are changed.
*
* For example, if the IRT's mutex_lock() is always reported as
* blocking today, it might not be reported as blocking in the
* uncontended case in the future.
*
* Conversely, while the IRT's mutex_unlock() might always be
* reported as non-blocking today, in a future implementation it
* might briefly hold a lock to inspect a futex wait queue, which
* might be reported as blocking.
*
* The user-code libpthread implementation is similarly subject to
* change, but it is one level removed from the IRT interfaces that
* generate blocking-notification callbacks. Therefore, we test the
* IRT interfaces rather than testing pthread_mutex, pthread_cond,
* etc.
*/
unsigned int local_pre_call_count = nacl_pre_calls;
unsigned int local_post_call_count = nacl_pre_calls;
/* A set of nonsense arguments to keep from having a bunch
* of literal values below.
*/
const int fd = -1;
void* ptr = NULL;
const size_t size = 0;
/* Test all syscalls to make sure we are wrapping all the
* syscalls we are trying to wrap. We don't care about the
* args or return values as long as the syscall is made.
*/
CHECK_SYSCALL_PRE();
read(fd, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
write(fd, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_create(ptr, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_modify(ptr, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_delete(ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
nanosleep(ptr, ptr);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
open(ptr, 0, O_RDWR);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
sched_yield();
CHECK_SYSCALL_WRAPPED();
/*
* This initializes __nc_irt_mutex, __nc_irt_cond and __nc_irt_sem
* as a side effect.
*/
struct nacl_irt_thread irt_thread;
__nc_initialize_interfaces(&irt_thread);
/* Check the IRT's mutex interface */
int mutex_handle;
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_mutex.mutex_create(&mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_mutex.mutex_lock(mutex_handle) == 0);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_mutex.mutex_trylock(mutex_handle) == EBUSY);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_mutex.mutex_unlock(mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_mutex.mutex_destroy(mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
/* Check the IRT's condvar interface */
int cond_handle;
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_cond.cond_create(&cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_cond.cond_signal(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_cond.cond_broadcast(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK(__nc_irt_mutex.mutex_create(&mutex_handle) == 0);
CHECK(__nc_irt_mutex.mutex_lock(mutex_handle) == 0);
struct timespec abstime = { 0, 0 };
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_cond.cond_timed_wait_abs(cond_handle, mutex_handle,
&abstime) == ETIMEDOUT);
CHECK_SYSCALL_WRAPPED();
CHECK(__nc_irt_mutex.mutex_unlock(mutex_handle) == 0);
CHECK(__nc_irt_mutex.mutex_destroy(mutex_handle) == 0);
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_cond.cond_destroy(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
/* Check the IRT's semaphore interface */
/* Semaphore with value 1 (we're the only user of it) */
int sem_handle;
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_sem.sem_create(&sem_handle, 1) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_sem.sem_wait(sem_handle) == 0);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_sem.sem_post(sem_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(__nc_irt_sem.sem_destroy(sem_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
}
/* nacl_dyncode_delete() succeeds trivially on the empty range. */
void test_deleting_zero_size(void) {
uint8_t *load_addr = (uint8_t *) allocate_code_space(1);
int rc = nacl_dyncode_delete(load_addr, 0);
assert(rc == 0);
}
void test_syscall_wrappers(void) {
/*
* This tests whether various IRT calls generate
* blocking-notification callbacks. The test expectations here are
* subject to change. We might need to update them when the IRT or
* the NaCl trusted runtime are changed.
*
* For example, if the IRT's mutex_lock() is always reported as
* blocking today, it might not be reported as blocking in the
* uncontended case in the future.
*
* Conversely, while the IRT's mutex_unlock() might always be
* reported as non-blocking today, in a future implementation it
* might briefly hold a lock to inspect a futex wait queue, which
* might be reported as blocking.
*
* The user-code libpthread implementation is similarly subject to
* change, but it is one level removed from the IRT interfaces that
* generate blocking-notification callbacks. Therefore, we test the
* IRT interfaces rather than testing pthread_mutex, pthread_cond,
* etc.
*/
unsigned int local_pre_call_count = nacl_pre_calls;
unsigned int local_post_call_count = nacl_pre_calls;
/* A set of nonsense arguments to keep from having a bunch
* of literal values below.
*/
const int fd = -1;
void* ptr = NULL;
const size_t size = 0;
/* Test all syscalls to make sure we are wrapping all the
* syscalls we are trying to wrap. We don't care about the
* args or return values as long as the syscall is made.
*/
CHECK_SYSCALL_PRE();
read(fd, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
write(fd, ptr, size);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_create(ptr, ptr, size);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_modify(ptr, ptr, size);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
nacl_dyncode_delete(ptr, size);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
nanosleep(ptr, ptr);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
open(ptr, 0, O_RDWR);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
sched_yield();
CHECK_SYSCALL_WRAPPED();
/*
* We only test the following threading-related interfaces when
* using the IRT, because it is awkward to test this when using
* nacl_sys_private, and it doesn't really matter whether
* nacl_sys_private supports the "blockhooks" (a.k.a. "gc_hooks")
* interface because nacl_sys_private bypasses NaCl's stable ABI and
* is not officially supported.
*/
#if TESTS_USE_IRT
struct nacl_irt_futex irt_futex;
struct nacl_irt_mutex irt_mutex;
struct nacl_irt_cond irt_cond;
struct nacl_irt_sem irt_sem;
__libnacl_mandatory_irt_query(NACL_IRT_FUTEX_v0_1,
&irt_futex, sizeof(irt_futex));
__libnacl_mandatory_irt_query(NACL_IRT_MUTEX_v0_1,
&irt_mutex, sizeof(irt_mutex));
__libnacl_mandatory_irt_query(NACL_IRT_COND_v0_1,
&irt_cond, sizeof(irt_cond));
__libnacl_mandatory_irt_query(NACL_IRT_SEM_v0_1,
&irt_sem, sizeof(irt_sem));
/* Check the IRT's futex interface */
int futex_value = 123;
CHECK_SYSCALL_PRE();
CHECK(irt_futex.futex_wait_abs(&futex_value, futex_value + 1, NULL)
== EWOULDBLOCK);
CHECK_SYSCALL_WRAPPED();
int woken_count;
CHECK_SYSCALL_PRE();
CHECK(irt_futex.futex_wake(&futex_value, 1, &woken_count) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK(woken_count == 0);
/* Check the IRT's mutex interface */
int mutex_handle;
CHECK_SYSCALL_PRE();
CHECK(irt_mutex.mutex_create(&mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_mutex.mutex_lock(mutex_handle) == 0);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_mutex.mutex_trylock(mutex_handle) == EBUSY);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_mutex.mutex_unlock(mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_mutex.mutex_destroy(mutex_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
/* Check the IRT's condvar interface */
int cond_handle;
CHECK_SYSCALL_PRE();
CHECK(irt_cond.cond_create(&cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_cond.cond_signal(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_cond.cond_broadcast(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK(irt_mutex.mutex_create(&mutex_handle) == 0);
CHECK(irt_mutex.mutex_lock(mutex_handle) == 0);
struct timespec abstime = { 0, 0 };
CHECK_SYSCALL_PRE();
CHECK(irt_cond.cond_timed_wait_abs(cond_handle, mutex_handle, &abstime)
== ETIMEDOUT);
CHECK_SYSCALL_WRAPPED();
CHECK(irt_mutex.mutex_unlock(mutex_handle) == 0);
CHECK(irt_mutex.mutex_destroy(mutex_handle) == 0);
CHECK_SYSCALL_PRE();
CHECK(irt_cond.cond_destroy(cond_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
/* Check the IRT's semaphore interface */
/* Semaphore with value 1 (we're the only user of it) */
int sem_handle;
CHECK_SYSCALL_PRE();
CHECK(irt_sem.sem_create(&sem_handle, 1) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_sem.sem_wait(sem_handle) == 0);
CHECK_SYSCALL_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_sem.sem_post(sem_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
CHECK_SYSCALL_PRE();
CHECK(irt_sem.sem_destroy(sem_handle) == 0);
CHECK_SYSCALL_NOT_WRAPPED();
#endif
}