diff --git a/libos/test/fs/meson.build b/libos/test/fs/meson.build index ce3f8b2e90..8fef3e38f0 100644 --- a/libos/test/fs/meson.build +++ b/libos/test/fs/meson.build @@ -42,6 +42,7 @@ tests = { }, 'open_close': {}, 'open_flags': {}, + 'pf_rollback': {}, 'read_write': {}, 'read_write_mmap': {}, 'seek_tell': {}, diff --git a/libos/test/regression/pf_rollback.c b/libos/test/fs/pf_rollback.c similarity index 86% rename from libos/test/regression/pf_rollback.c rename to libos/test/fs/pf_rollback.c index 42ab94e4ad..e46ca0ce89 100644 --- a/libos/test/regression/pf_rollback.c +++ b/libos/test/fs/pf_rollback.c @@ -19,7 +19,13 @@ #include #include "common.h" -#include "rw_file.h" + +/* TODO (MST): this is "borrowed" from common/include/api.h. replace below with `#include "api.h"` + * once i figured out how to fix the meson.build files .... */ +#define __UNUSED(x) \ + do { \ + (void)(x); \ + } while (0) static const char message1[] = "first message\n"; static const size_t message1_len = sizeof(message1) - 1; @@ -57,9 +63,15 @@ static int create_file(const char* path, const char* str, size_t len) { /* dummy functions which are gdb break-point targets */ #pragma GCC push_options #pragma GCC optimize("O0") -static void adversary_save_file(const char* path) {} -static void adversary_reset_file(const char* path) {} -static void adversary_delete_file(const char* path) {} +static void adversary_save_file(const char* path) { + __UNUSED(path); /* neeed in gdb though! */ +} +static void adversary_reset_file(const char* path) { + __UNUSED(path); /* neeed in gdb though! */ +} +static void adversary_delete_file(const char* path) { + __UNUSED(path); /* neeed in gdb though! */ +} #pragma GCC pop_options #define test_report(result) printf("%s: %s\n", result, __func__) @@ -67,9 +79,9 @@ static void adversary_delete_file(const char* path) {} static void test_open_pre_existing(const char* path1, const char* path2) { int fd = open(path1, O_RDWR); if (fd < 0) { - test_report("OK"); - } else { test_report("FAIL"); + } else { + test_report("OK"); } } diff --git a/libos/test/regression/pf_rollback.gdb b/libos/test/fs/pf_rollback.gdb similarity index 90% rename from libos/test/regression/pf_rollback.gdb rename to libos/test/fs/pf_rollback.gdb index f92f682624..72330f543f 100644 --- a/libos/test/regression/pf_rollback.gdb +++ b/libos/test/fs/pf_rollback.gdb @@ -15,7 +15,7 @@ python test_function=gdb.selected_frame().older().name() operation=gdb.selected_frame().name() internal_path=gdb.selected_frame().read_var('path').string() -external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path) +external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path) external_path_saved=external_path+"._saved_" # execute and report result for pytest digestion @@ -37,7 +37,7 @@ python test_function=gdb.selected_frame().older().name() operation=gdb.selected_frame().name() internal_path=gdb.selected_frame().read_var('path').string() -external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path) +external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path) external_path_saved=external_path+"._saved_" # execute and report result for pytest digestion @@ -59,7 +59,7 @@ python test_function=gdb.selected_frame().older().name() operation=gdb.selected_frame().name() internal_path=gdb.selected_frame().read_var('path').string() -external_path=re.sub(r'/tmp_enc/pm_[^/]*/', './tmp_enc/', internal_path) +external_path=re.sub(r'/tmp/enc_input/', './tmp/enc_input/', internal_path) external_path_saved=external_path+"._saved_" # execute and report result for pytest digestion diff --git a/libos/test/regression/pf_rollback.manifest.template b/libos/test/fs/pf_rollback.manifest.template similarity index 73% rename from libos/test/regression/pf_rollback.manifest.template rename to libos/test/fs/pf_rollback.manifest.template index 4298007eb8..0c9f81ca7c 100644 --- a/libos/test/regression/pf_rollback.manifest.template +++ b/libos/test/fs/pf_rollback.manifest.template @@ -1,4 +1,5 @@ loader.entrypoint = "file:{{ gramine.libos }}" +loader.log_level ="trace" # DEBUG libos.entrypoint = "{{ entrypoint }}" loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}" @@ -9,9 +10,9 @@ fs.mounts = [ { path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, { path = "/bin", uri = "file:/bin" }, - { type = "encrypted", protection_mode = "strict", path = "/tmp_enc/pm_strict", uri = "file:tmp_enc", key_name = "my_custom_key" }, - { type = "encrypted", protection_mode = "non-strict", path = "/tmp_enc/pm_non_strict", uri = "file:tmp_enc", key_name = "my_custom_key" }, - { type = "encrypted", protection_mode = "none", path = "/tmp_enc/pm_none", uri = "file:tmp_enc", key_name = "my_custom_key" }, + { type = "encrypted", protection_mode = "strict", path = "/tmp/enc_input/pm_strict", uri = "file:tmp/enc_input/pn_strict" }, + { type = "encrypted", protection_mode = "non-strict", path = "/tmp/enc_input/pm_non_strict", uri = "file:tmp/enc_input/pm_non_strict" }, + { type = "encrypted", protection_mode = "none", path = "/tmp/enc_input/pm_none", uri = "file:tmp/enc_input/pm_none" }, ] sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '16' }} @@ -27,4 +28,3 @@ sgx.trusted_files = [ # See the `keys.c` test. fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100" -fs.insecure__keys.my_custom_key = "00112233445566778899aabbccddeeff" diff --git a/libos/test/fs/test_enc.py b/libos/test/fs/test_enc.py index 6eccc02e19..3d9fbecd14 100644 --- a/libos/test/fs/test_enc.py +++ b/libos/test/fs/test_enc.py @@ -238,3 +238,35 @@ def test_500_invalid(self): else: print('[!] Fail: successfully decrypted file: ' + name) self.fail() + + def test_600_gdb_pf_rollback(self): + # To run this test manually, encrypt a with the default key from manifest and use: + # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback + # + # This test checks rollback protection. + # TODO (MST): loop for /pm_strict, /pm_non_strict & /pm_none + try: + mode_dir = self.ENCRYPTED_DIR + "/pm_strict" + os.mkdir(mode_dir) + file1 = mode_dir + "/file1" + file2 = mode_dir + "/file2" + self.__encrypt_file(self.INPUT_FILES[-1], file1) + self.__encrypt_file(self.INPUT_FILES[-1], file2) # DEBUG: remove me eventually + stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb', hide_tty=False) + # TODO (MST): This test is not yet implemented. + # - define expected sequence for each test + + # - test_open_pre_existing + self.assertIn('FAIL: test_open_pre_existing', stdout) + # - test_test # DEBUG: remove me eventually + self.assertIn('OK: test_test in adversary_save_file', stdout) + self.assertIn('OK: test_test in adversary_reset_file', stdout) + self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout) + self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout) + self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout) + self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout) + finally: + # restore the trusted file contents (modified by the GDB script in this test) + with open('fork_and_access_file_testfile', 'w') as f: + f.write('fork_and_access_file_testfile') + diff --git a/libos/test/fs/tests.toml b/libos/test/fs/tests.toml index 362b737322..4e4991e994 100644 --- a/libos/test/fs/tests.toml +++ b/libos/test/fs/tests.toml @@ -13,6 +13,7 @@ manifests = [ "multiple_writers", "open_close", "open_flags", + "pf_rollback", "read_write", "read_write_mmap", "seek_tell", diff --git a/libos/test/regression/meson.build b/libos/test/regression/meson.build index b8cd8ccbb9..11c1f0156a 100644 --- a/libos/test/regression/meson.build +++ b/libos/test/regression/meson.build @@ -84,7 +84,6 @@ tests = { 'c_args': '-fopenmp', 'link_args': '-fopenmp', }, - 'pf_rollback': {}, 'pipe': {}, 'pipe_nonblocking': {}, 'pipe_ocloexec': {}, diff --git a/libos/test/regression/test_libos.py b/libos/test/regression/test_libos.py index f5d762b001..3f16eae33e 100644 --- a/libos/test/regression/test_libos.py +++ b/libos/test/regression/test_libos.py @@ -1385,35 +1385,6 @@ def test_020_gdb_fork_and_access_file_bug(self): with open('fork_and_access_file_testfile', 'w') as f: f.write('fork_and_access_file_testfile') - # TODO: move me to fs so i can benefit from plumbug from TC_50_EncryptedFiles - def test_030_gdb_pf_rollback(self): - # To run this test manually, use: - # GDB=1 GDB_SCRIPT=pf_rollback.gdb gramine-[sgx|direct] pf_rollback - # - # This test checks rollback protection. - try: - file1='/tmp_enc/pm_strict/file1' - file2='/tmp_enc/pm_strict/file2' - # TODO (MST): pre-create a version of file1 - stdout, _ = self.run_gdb(['pf_rollback', file1, file2], 'pf_rollback.gdb') - # TODO (MST): This test is not yet implemented. - # - loop for /tmp_enc/pm_strict, /tmp_enc/pm_non_strict, /tmp_enc/pm_none - # - define expected sequence for each test - - # - test_open_pre_existing - self.assertIn('FAIL: test_open_pre_existing', stdout) - # - test_test - self.assertIn('OK: test_test in adversary_save_file', stdout) - self.assertIn('OK: test_test in adversary_reset_file', stdout) - self.assertIn(f'OK: test_test in adversary_delete_file({file1})', stdout) - self.assertIn(f'OK: test_test in adversary_delete_file({file2})', stdout) - self.assertIn('EXITING GDB WITHOUT A GRAMINE ERROR', stdout) - self.assertNotIn('EXITING GDB WITH A GRAMINE ERROR', stdout) - finally: - # restore the trusted file contents (modified by the GDB script in this test) - with open('fork_and_access_file_testfile', 'w') as f: - f.write('fork_and_access_file_testfile') - class TC_80_Socket(RegressionTestCase): def test_000_getsockopt(self): stdout, _ = self.run_binary(['getsockopt']) diff --git a/libos/test/regression/tests.toml b/libos/test/regression/tests.toml index 0108e6ef8f..1ed4da79f4 100644 --- a/libos/test/regression/tests.toml +++ b/libos/test/regression/tests.toml @@ -83,7 +83,6 @@ manifests = [ "munmap", "open_opath", "openmp", - "pf_rollback", "pipe", "pipe_nonblocking", "pipe_ocloexec", diff --git a/libos/test/regression/tests_musl.toml b/libos/test/regression/tests_musl.toml index 11fd1b8a0d..d8cbfac653 100644 --- a/libos/test/regression/tests_musl.toml +++ b/libos/test/regression/tests_musl.toml @@ -85,7 +85,6 @@ manifests = [ "munmap", "open_opath", "openmp", - "pf_rollback", "pipe", "pipe_nonblocking", "pipe_ocloexec",