fixup! fixup! [LibOS] Test-cases for SPLRB (2)

Signed-off-by: g2flyer <[email protected]>

Author: g2flyer

libos/test/fs/meson.build

@@ -42,6 +42,7 @@ tests = {
     },
     'open_close': {},
     'open_flags': {},
+    'pf_rollback': {},
     'read_write': {},
     'read_write_mmap': {},
     'seek_tell': {},

libos/test/regression/pf_rollback.c libos/test/fs/pf_rollback.clibos/test/regression/pf_rollback.c renamed to libos/test/fs/pf_rollback.c

@@ -19,7 +19,13 @@
 #include <unistd.h>
 
 #include "common.h"
-#include "rw_file.h"
+
+/* TODO (MST): this is "borrowed" from common/include/api.h. replace below with `#include "api.h"`
+ * once i figured out how to fix the meson.build files .... */
+#define __UNUSED(x) \
+    do {            \
+        (void)(x);  \
+    } while (0)
 
 static const char message1[]     = "first message\n";
 static const size_t message1_len = sizeof(message1) - 1;
@@ -57,19 +63,25 @@ static int create_file(const char* path, const char* str, size_t len) {
 /* dummy functions which are gdb break-point targets */
 #pragma GCC push_options
 #pragma GCC optimize("O0")
-static void adversary_save_file(const char* path) {}
-static void adversary_reset_file(const char* path) {}
-static void adversary_delete_file(const char* path) {}
+static void adversary_save_file(const char* path) {
+    __UNUSED(path); /* neeed in gdb though! */
+}
+static void adversary_reset_file(const char* path) {
+    __UNUSED(path); /* neeed in gdb though! */
+}
+static void adversary_delete_file(const char* path) {
+    __UNUSED(path); /* neeed in gdb though! */
+}
 #pragma GCC pop_options
 
 #define test_report(result) printf("%s: %s\n", result, __func__)
 
 static void test_open_pre_existing(const char* path1, const char* path2) {
     int fd = open(path1, O_RDWR);
     if (fd < 0) {
-        test_report("OK");
-    } else {
         test_report("FAIL");
+    } else {
+        test_report("OK");
     }
 }
 

libos/test/regression/pf_rollback.gdb libos/test/fs/pf_rollback.gdblibos/test/regression/pf_rollback.gdb renamed to libos/test/fs/pf_rollback.gdb

@@ -15,7 +15,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion
@@ -37,7 +37,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion
@@ -59,7 +59,7 @@ python
 test_function=gdb.selected_frame().older().name()
 operation=gdb.selected_frame().name()
 internal_path=gdb.selected_frame().read_var('path').string()
-external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path)
+external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path)
 external_path_saved=external_path+"._saved_"
 
 # execute and report result for pytest digestion

…regression/pf_rollback.manifest.template …os/test/fs/pf_rollback.manifest.templatelibos/test/regression/pf_rollback.manifest.template renamed to libos/test/fs/pf_rollback.manifest.template libos/test/regression/pf_rollback.manifest.template renamed to libos/test/fs/pf_rollback.manifest.template

@@ -1,4 +1,5 @@
 loader.entrypoint = "file:{{ gramine.libos }}"
+loader.log_level ="trace" # DEBUG
 libos.entrypoint = "{{ entrypoint }}"
 
 loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
@@ -9,9 +10,9 @@ fs.mounts = [
   { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" },
   { path = "/bin", uri = "file:/bin" },
 
-  { type = "encrypted", protection_mode = "strict", path = "/tmp_enc/pm_strict", uri = "file:tmp_enc", key_name = "my_custom_key" },
-  { type = "encrypted", protection_mode = "non-strict", path = "/tmp_enc/pm_non_strict", uri = "file:tmp_enc", key_name = "my_custom_key" },
-  { type = "encrypted", protection_mode = "none", path = "/tmp_enc/pm_none", uri = "file:tmp_enc", key_name = "my_custom_key" },
+  { type = "encrypted", protection_mode = "strict", path = "/tmp/enc_input/pm_strict", uri = "file:tmp/enc_input/pn_strict" },
+  { type = "encrypted", protection_mode = "non-strict", path = "/tmp/enc_input/pm_non_strict", uri = "file:tmp/enc_input/pm_non_strict" },
+  { type = "encrypted", protection_mode = "none", path = "/tmp/enc_input/pm_none", uri = "file:tmp/enc_input/pm_none" },
 ]
 
 sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '16' }}
@@ -27,4 +28,3 @@ sgx.trusted_files = [
 
 # See the `keys.c` test.
 fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"
-fs.insecure__keys.my_custom_key = "00112233445566778899aabbccddeeff"

libos/test/fs/test_enc.py

@@ -238,3 +238,35 @@ def test_500_invalid(self):
             else:
                 print('[!] Fail: successfully decrypted file: ' + name)
                 self.fail()
+
+    def test_600_gdb_pf_rollback(self):
+        # To run this test manually, encrypt a <file1> with the default key from manifest and use:
+        # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback <file1> <file2>
+        #
+        # This test checks rollback protection.
+        # TODO (MST): loop for /pm_strict, /pm_non_strict & /pm_none
+        try:
+            mode_dir = self.ENCRYPTED_DIR + "/pm_strict"
+            os.mkdir(mode_dir)
+            file1 = mode_dir + "/file1"
+            file2 = mode_dir + "/file2"
+            self.__encrypt_file(self.INPUT_FILES[-1], file1)
+            self.__encrypt_file(self.INPUT_FILES[-1], file2) # DEBUG: remove me eventually
+            stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb', hide_tty=False)
+            # TODO (MST): This test is not yet implemented.
+            # - define expected sequence for each test
+
+            # - test_open_pre_existing
+            self.assertIn('FAIL: test_open_pre_existing', stdout)
+            # - test_test # DEBUG: remove me eventually
+            self.assertIn('OK: test_test in adversary_save_file', stdout)
+            self.assertIn('OK: test_test in adversary_reset_file', stdout)
+            self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout)
+            self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout)
+            self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout)
+            self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout)
+        finally:
+            # restore the trusted file contents (modified by the GDB script in this test)
+            with open('fork_and_access_file_testfile', 'w') as f:
+                f.write('fork_and_access_file_testfile')
+

libos/test/fs/tests.toml

@@ -13,6 +13,7 @@ manifests = [
   "multiple_writers",
   "open_close",
   "open_flags",
+  "pf_rollback",
   "read_write",
   "read_write_mmap",
   "seek_tell",

libos/test/regression/meson.build

@@ -84,7 +84,6 @@ tests = {
         'c_args': '-fopenmp',
         'link_args': '-fopenmp',
     },
-    'pf_rollback': {},
     'pipe': {},
     'pipe_nonblocking': {},
     'pipe_ocloexec': {},

libos/test/regression/test_libos.py

@@ -1385,35 +1385,6 @@ def test_020_gdb_fork_and_access_file_bug(self):
             with open('fork_and_access_file_testfile', 'w') as f:
                 f.write('fork_and_access_file_testfile')
 
-    # TODO: move me to fs so i can benefit from plumbug from TC_50_EncryptedFiles
-    def test_030_gdb_pf_rollback(self):
-        # To run this test manually, use:
-        # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback <file1> <file2>
-        #
-        # This test checks rollback protection.
-        try:
-            file1='/tmp_enc/pm_strict/file1'
-            file2='/tmp_enc/pm_strict/file2'
-            # TODO (MST): pre-create a version of file1
-            stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb')
-            # TODO (MST): This test is not yet implemented.
-            # - loop for /tmp_enc/pm_strict, /tmp_enc/pm_non_strict, /tmp_enc/pm_none
-            # - define expected sequence for each test
-
-            # - test_open_pre_existing
-            self.assertIn('FAIL: test_open_pre_existing', stdout)
-            # - test_test
-            self.assertIn('OK: test_test in adversary_save_file', stdout)
-            self.assertIn('OK: test_test in adversary_reset_file', stdout)
-            self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout)
-            self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout)
-            self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout)
-            self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout)
-        finally:
-            # restore the trusted file contents (modified by the GDB script in this test)
-            with open('fork_and_access_file_testfile', 'w') as f:
-                f.write('fork_and_access_file_testfile')
-
 class TC_80_Socket(RegressionTestCase):
     def test_000_getsockopt(self):
         stdout, _ = self.run_binary(['getsockopt'])

libos/test/regression/tests.toml

@@ -83,7 +83,6 @@ manifests = [
   "munmap",
   "open_opath",
   "openmp",
-  "pf_rollback",
   "pipe",
   "pipe_nonblocking",
   "pipe_ocloexec",

libos/test/regression/tests_musl.toml

@@ -85,7 +85,6 @@ manifests = [
   "munmap",
   "open_opath",
   "openmp",
-  "pf_rollback",
   "pipe",
   "pipe_nonblocking",
   "pipe_ocloexec",