fixup! fixup! [LibOS] Test-cases for SPLRB (2)

Signed-off-by: g2flyer <[email protected]>
gramineproject · Jun 11, 2024 · 50794dd · 50794dd
1 parent 4201693
commit 50794dd
Show file tree

Hide file tree

Showing 10 changed files with 59 additions and 45 deletions.
diff --git a/libos/test/fs/meson.build b/libos/test/fs/meson.build
@@ -42,6 +42,7 @@ tests = {
  },
  'open_close': {},
  'open_flags': {},
+ 'pf_rollback': {},
  'read_write': {},
  'read_write_mmap': {},
  'seek_tell': {},

diff --git a/libos/test/regression/pf_rollback.c → libos/test/fs/pf_rollback.c b/libos/test/regression/pf_rollback.c → libos/test/fs/pf_rollback.c
@@ -19,7 +19,13 @@
 #include <unistd.h>
 
 #include "common.h"
-#include "rw_file.h"
+
+/* TODO (MST): this is "borrowed" from common/include/api.h. replace below with `#include "api.h"`
+ * once i figured out how to fix the meson.build files .... */
+#define __UNUSED(x) \
+ do { \
+ (void)(x); \
+ } while (0)
 
 static const char message1[] = "first message\n";
 static const size_t message1_len = sizeof(message1) - 1;
@@ -57,19 +63,25 @@ static int create_file(const char* path, const char* str, size_t len) {
 /* dummy functions which are gdb break-point targets */
 #pragma GCC push_options
 #pragma GCC optimize("O0")
-static void adversary_save_file(const char* path) {}
-static void adversary_reset_file(const char* path) {}
-static void adversary_delete_file(const char* path) {}
+static void adversary_save_file(const char* path) {
+ __UNUSED(path); /* neeed in gdb though! */
+}
+static void adversary_reset_file(const char* path) {
+ __UNUSED(path); /* neeed in gdb though! */
+}
+static void adversary_delete_file(const char* path) {
+ __UNUSED(path); /* neeed in gdb though! */
+}
 #pragma GCC pop_options
 
 #define test_report(result) printf("%s: %s\n", result, __func__)
 
 static void test_open_pre_existing(const char* path1, const char* path2) {
  int fd = open(path1, O_RDWR);
  if (fd < 0) {
- test_report("OK");
- } else {
  test_report("FAIL");
+ } else {
+ test_report("OK");
  }
 }
 

diff --git a/libos/test/regression/pf_rollback.gdb → libos/test/fs/pf_rollback.gdb b/libos/test/regression/pf_rollback.gdb → libos/test/fs/pf_rollback.gdb
@@ -15,7 +15,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion
@@ -37,7 +37,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion
@@ -59,7 +59,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion

diff --git a/.../regression/pf_rollback.manifest.template → libos/test/fs/pf_rollback.manifest.template b/.../regression/pf_rollback.manifest.template → libos/test/fs/pf_rollback.manifest.template
@@ -1,4 +1,5 @@
 loader.entrypoint = "file:{{ gramine.libos }}"
+loader.log_level ="trace" # DEBUG
 libos.entrypoint = "{{ entrypoint }}"
 
 loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
@@ -9,9 +10,9 @@ fs.mounts = [
  { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
  { path = "/bin", uri = "file:/bin" },
 
- { type = "encrypted", protection_mode = "strict", path = "/tmp_enc/pm_strict", uri = "file:tmp_enc", key_name = "my_custom_key" },
- { type = "encrypted", protection_mode = "non-strict", path = "/tmp_enc/pm_non_strict", uri = "file:tmp_enc", key_name = "my_custom_key" },
- { type = "encrypted", protection_mode = "none", path = "/tmp_enc/pm_none", uri = "file:tmp_enc", key_name = "my_custom_key" },
+ { type = "encrypted", protection_mode = "strict", path = "/tmp/enc_input/pm_strict", uri = "file:tmp/enc_input/pn_strict" },
+ { type = "encrypted", protection_mode = "non-strict", path = "/tmp/enc_input/pm_non_strict", uri = "file:tmp/enc_input/pm_non_strict" },
+ { type = "encrypted", protection_mode = "none", path = "/tmp/enc_input/pm_none", uri = "file:tmp/enc_input/pm_none" },
 ]
 
 sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '16' }}
@@ -27,4 +28,3 @@ sgx.trusted_files = [
 
 # See the `keys.c` test.
 fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"
-fs.insecure__keys.my_custom_key = "00112233445566778899aabbccddeeff"
diff --git a/libos/test/fs/test_enc.py b/libos/test/fs/test_enc.py
@@ -238,3 +238,35 @@ def test_500_invalid(self):
  else:
  print('[!] Fail: successfully decrypted file: ' + name)
  self.fail()
+
+ def test_600_gdb_pf_rollback(self):
+ # To run this test manually, encrypt a <file1> with the default key from manifest and use:
+ # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback <file1> <file2>
+ #
+ # This test checks rollback protection.
+ # TODO (MST): loop for /pm_strict, /pm_non_strict & /pm_none
+ try:
+ mode_dir = self.ENCRYPTED_DIR + "/pm_strict"
+ os.mkdir(mode_dir)
+ file1 = mode_dir + "/file1"
+ file2 = mode_dir + "/file2"
+ self.__encrypt_file(self.INPUT_FILES[-1], file1)
+ self.__encrypt_file(self.INPUT_FILES[-1], file2) # DEBUG: remove me eventually
+ stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb', hide_tty=False)
+ # TODO (MST): This test is not yet implemented.
+ # - define expected sequence for each test
+
+ # - test_open_pre_existing
+ self.assertIn('FAIL: test_open_pre_existing', stdout)
+ # - test_test # DEBUG: remove me eventually
+ self.assertIn('OK: test_test in adversary_save_file', stdout)
+ self.assertIn('OK: test_test in adversary_reset_file', stdout)
+ self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout)
+ self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout)
+ self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout)
+ self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout)
+ finally:
+ # restore the trusted file contents (modified by the GDB script in this test)
+ with open('fork_and_access_file_testfile', 'w') as f:
+ f.write('fork_and_access_file_testfile')
+
diff --git a/libos/test/fs/tests.toml b/libos/test/fs/tests.toml
@@ -13,6 +13,7 @@ manifests = [
  "multiple_writers",
  "open_close",
  "open_flags",
+ "pf_rollback",
  "read_write",
  "read_write_mmap",
  "seek_tell",

diff --git a/libos/test/regression/meson.build b/libos/test/regression/meson.build
@@ -84,7 +84,6 @@ tests = {
  'c_args': '-fopenmp',
  'link_args': '-fopenmp',
  },
- 'pf_rollback': {},
  'pipe': {},
  'pipe_nonblocking': {},
  'pipe_ocloexec': {},

diff --git a/libos/test/regression/test_libos.py b/libos/test/regression/test_libos.py
@@ -1385,35 +1385,6 @@ def test_020_gdb_fork_and_access_file_bug(self):
  with open('fork_and_access_file_testfile', 'w') as f:
  f.write('fork_and_access_file_testfile')
 
- # TODO: move me to fs so i can benefit from plumbug from TC_50_EncryptedFiles
- def test_030_gdb_pf_rollback(self):
- # To run this test manually, use:
- # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback <file1> <file2>
- #
- # This test checks rollback protection.
- try:
- file1='/tmp_enc/pm_strict/file1'
- file2='/tmp_enc/pm_strict/file2'
- # TODO (MST): pre-create a version of file1
- stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb')
- # TODO (MST): This test is not yet implemented.
- # - loop for /tmp_enc/pm_strict, /tmp_enc/pm_non_strict, /tmp_enc/pm_none
- # - define expected sequence for each test
-
- # - test_open_pre_existing
- self.assertIn('FAIL: test_open_pre_existing', stdout)
- # - test_test
- self.assertIn('OK: test_test in adversary_save_file', stdout)
- self.assertIn('OK: test_test in adversary_reset_file', stdout)
- self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout)
- self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout)
- self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout)
- self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout)
- finally:
- # restore the trusted file contents (modified by the GDB script in this test)
- with open('fork_and_access_file_testfile', 'w') as f:
- f.write('fork_and_access_file_testfile')
-
 class TC_80_Socket(RegressionTestCase):
  def test_000_getsockopt(self):
  stdout, _ = self.run_binary(['getsockopt'])

diff --git a/libos/test/regression/tests.toml b/libos/test/regression/tests.toml
@@ -83,7 +83,6 @@ manifests = [
  "munmap",
  "open_opath",
  "openmp",
- "pf_rollback",
  "pipe",
  "pipe_nonblocking",
  "pipe_ocloexec",

diff --git a/libos/test/regression/tests_musl.toml b/libos/test/regression/tests_musl.toml
@@ -85,7 +85,6 @@ manifests = [
  "munmap",
  "open_opath",
  "openmp",
- "pf_rollback",
  "pipe",
  "pipe_nonblocking",
  "pipe_ocloexec",