1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 /*
18 * This test TA takes an input of uint32_t and checks how close it is to a magic
19 * number. For every bit that's correct starting from LSB, a new nop*() function
20 * is called, i.e. a new coverage edge is discovered.
21 *
22 * If the magic number is guessed correctly, this app will abort, bringing down
23 * all of Trusty along with it.
24 */
25
26 #define TLOG_TAG "coverage-test-srv"
27
28 #include <lib/tipc/tipc_srv.h>
29 #include <lk/err_ptr.h>
30 #include <stdlib.h>
31 #include <trusty_log.h>
32
33 static const struct tipc_port_acl port_acl = {
34 .flags = IPC_PORT_ALLOW_TA_CONNECT | IPC_PORT_ALLOW_NS_CONNECT,
35 };
36
37 static const struct tipc_port port = {
38 .name = "com.android.trusty.sancov.test.srv",
39 .msg_max_size = sizeof(uint32_t),
40 .msg_queue_len = 1,
41 .acl = &port_acl,
42 };
43
44 #define NOP(idx) \
45 __attribute__((noinline)) static void nop##idx(void) { return; }
46
47 NOP(0);
48 NOP(1);
49 NOP(2);
50 NOP(3);
51 NOP(4);
52 NOP(5);
53 NOP(6);
54 NOP(7);
55 NOP(8);
56 NOP(9);
57 NOP(10);
58 NOP(11);
59 NOP(12);
60 NOP(13);
61 NOP(14);
62 NOP(15);
63 NOP(16);
64 NOP(17);
65 NOP(18);
66 NOP(19);
67 NOP(20);
68 NOP(21);
69 NOP(22);
70 NOP(23);
71 NOP(24);
72 NOP(25);
73 NOP(26);
74 NOP(27);
75 NOP(28);
76 NOP(29);
77 NOP(30);
78 NOP(31);
79
80 static void (*coverage_reward[])(void) = {
81 nop0, nop1, nop2, nop3, nop4, nop5, nop6, nop7,
82 nop8, nop9, nop10, nop11, nop12, nop13, nop14, nop15,
83 nop16, nop17, nop18, nop19, nop20, nop21, nop22, nop23,
84 nop24, nop25, nop26, nop27, nop28, nop29, nop30, nop31,
85 };
86
87 /*
88 * Magic number is 0xdeadbeef. For every bit that's correct starting from LSB,
89 * a new nop*() function is called, i.e. a new coverage edge is discovered.
90 */
check_key(uint32_t msg)91 __attribute__((noinline)) static uint32_t check_key(uint32_t msg) {
92 uint32_t magic = 0xdeadbeef;
93
94 for (size_t i = 0; i < sizeof(msg) * 8; i++) {
95 uint32_t mask = ~(((uint32_t)-1) << i);
96 if ((msg & mask) == (magic & mask)) {
97 coverage_reward[i]();
98 } else {
99 return 0;
100 }
101 }
102
103 /* Abort if magic number was discovered */
104 if (msg == magic) {
105 abort();
106 }
107
108 return 0;
109 }
110
on_message(const struct tipc_port * port,handle_t chan,void * ctx)111 static int on_message(const struct tipc_port* port, handle_t chan, void* ctx) {
112 int rc;
113 uint32_t msg;
114
115 rc = tipc_recv1(chan, 0, &msg, sizeof(msg));
116 if (rc != (int)sizeof(msg)) {
117 TLOGE("failed (%d) to receive msg\n", rc);
118 if (rc >= 0) {
119 rc = ERR_BAD_LEN;
120 }
121 return rc;
122 }
123
124 msg = check_key(msg);
125
126 rc = tipc_send1(chan, &msg, sizeof(msg));
127 if (rc != (int)sizeof(msg)) {
128 TLOGE("failed (%d) to send msg\n", rc);
129 if (rc >= 0) {
130 rc = ERR_BAD_LEN;
131 }
132 return rc;
133 }
134
135 return NO_ERROR;
136 }
137
138 static const struct tipc_srv_ops ops = {
139 .on_message = on_message,
140 };
141
main(void)142 int main(void) {
143 int rc;
144 struct tipc_hset* hset;
145
146 hset = tipc_hset_create();
147 if (IS_ERR(hset)) {
148 TLOGE("failed (%d) to create handle set\n", PTR_ERR(hset));
149 return PTR_ERR(hset);
150 }
151
152 rc = tipc_add_service(hset, &port, 1, 1, &ops);
153 if (rc != NO_ERROR) {
154 TLOGE("failed (%d) to initialize coverage test service\n", rc);
155 return rc;
156 }
157
158 return tipc_run_event_loop(hset);
159 }
160