Please file new bugs on Launchpad: Invirt or XVM (if you're not sure which, just pick one)

Context Navigation

source: trunk/packages/xen-3.1/xen-3.1/tools/xenstore/xs_crashme.c @ 34

Last change on this file since 34 was 34, checked in by hartmans, 17 years ago
Add xen and xen-common
File size: 9.3 KB

Rev	Line
[34]	1	/* Code which randomly corrupts bits going to the daemon.
	2	Copyright (C) 2005 Rusty Russell IBM Corporation
	3
	4	This program is free software; you can redistribute it and/or modify
	5	it under the terms of the GNU General Public License as published by
	6	the Free Software Foundation; either version 2 of the License, or
	7	(at your option) any later version.
	8
	9	This program is distributed in the hope that it will be useful,
	10	but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	GNU General Public License for more details.
	13
	14	You should have received a copy of the GNU General Public License
	15	along with this program; if not, write to the Free Software
	16	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	*/
	18	#include <stdbool.h>
	19	#include <stdio.h>
	20	#include <sys/types.h>
	21	#include <stdarg.h>
	22	#include <string.h>
	23	#include <sys/time.h>
	24	#include "xs.h"
	25	#include "talloc.h"
	26	#include <errno.h>
	27
	28	#define XSTEST
	29	#define RAND_FREQ 128 /* One char in 32 is corrupted. */
	30
	31	/* jhash.h: Jenkins hash support.
	32	*
	33	* Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net)
	34	*
	35	* http://burtleburtle.net/bob/hash/
	36	*
	37	* These are the credits from Bob's sources:
	38	*
	39	* lookup2.c, by Bob Jenkins, December 1996, Public Domain.
	40	* hash(), hash2(), hash3, and mix() are externally useful functions.
	41	* Routines to test the hash are included if SELF_TEST is defined.
	42	* You can use this free for any purpose. It has no warranty.
	43	*
	44	* Copyright (C) 2003 David S. Miller (davem@redhat.com)
	45	*
	46	* I've modified Bob's hash to be useful in the Linux kernel, and
	47	* any bugs present are surely my fault. -DaveM
	48	*/
	49
	50	/* NOTE: Arguments are modified. */
	51	#define __jhash_mix(a, b, c) \
	52	{ \
	53	a -= b; a -= c; a ^= (c>>13); \
	54	b -= c; b -= a; b ^= (a<<8); \
	55	c -= a; c -= b; c ^= (b>>13); \
	56	a -= b; a -= c; a ^= (c>>12); \
	57	b -= c; b -= a; b ^= (a<<16); \
	58	c -= a; c -= b; c ^= (b>>5); \
	59	a -= b; a -= c; a ^= (c>>3); \
	60	b -= c; b -= a; b ^= (a<<10); \
	61	c -= a; c -= b; c ^= (b>>15); \
	62	}
	63
	64	/* The golden ration: an arbitrary value */
	65	#define JHASH_GOLDEN_RATIO 0x9e3779b9
	66
	67	/* The most generic version, hashes an arbitrary sequence
	68	* of bytes. No alignment or length assumptions are made about
	69	* the input key.
	70	*/
	71	static inline uint32_t jhash(const void *key, uint32_t length, uint32_t initval)
	72	{
	73	uint32_t a, b, c, len;
	74	const uint8_t *k = key;
	75
	76	len = length;
	77	a = b = JHASH_GOLDEN_RATIO;
	78	c = initval;
	79
	80	while (len >= 12) {
	81	a += (k[0] +((uint32_t)k[1]<<8) +((uint32_t)k[2]<<16) +((uint32_t)k[3]<<24));
	82	b += (k[4] +((uint32_t)k[5]<<8) +((uint32_t)k[6]<<16) +((uint32_t)k[7]<<24));
	83	c += (k[8] +((uint32_t)k[9]<<8) +((uint32_t)k[10]<<16)+((uint32_t)k[11]<<24));
	84
	85	__jhash_mix(a,b,c);
	86
	87	k += 12;
	88	len -= 12;
	89	}
	90
	91	c += length;
	92	switch (len) {
	93	case 11: c += ((uint32_t)k[10]<<24);
	94	case 10: c += ((uint32_t)k[9]<<16);
	95	case 9 : c += ((uint32_t)k[8]<<8);
	96	case 8 : b += ((uint32_t)k[7]<<24);
	97	case 7 : b += ((uint32_t)k[6]<<16);
	98	case 6 : b += ((uint32_t)k[5]<<8);
	99	case 5 : b += k[4];
	100	case 4 : a += ((uint32_t)k[3]<<24);
	101	case 3 : a += ((uint32_t)k[2]<<16);
	102	case 2 : a += ((uint32_t)k[1]<<8);
	103	case 1 : a += k[0];
	104	};
	105
	106	__jhash_mix(a,b,c);
	107
	108	return c;
	109	}
	110
	111	/* A special optimized version that handles 1 or more of uint32_ts.
	112	* The length parameter here is the number of uint32_ts in the key.
	113	*/
	114	static inline uint32_t jhash2(uint32_t *k, uint32_t length, uint32_t initval)
	115	{
	116	uint32_t a, b, c, len;
	117
	118	a = b = JHASH_GOLDEN_RATIO;
	119	c = initval;
	120	len = length;
	121
	122	while (len >= 3) {
	123	a += k[0];
	124	b += k[1];
	125	c += k[2];
	126	__jhash_mix(a, b, c);
	127	k += 3; len -= 3;
	128	}
	129
	130	c += length * 4;
	131
	132	switch (len) {
	133	case 2 : b += k[1];
	134	case 1 : a += k[0];
	135	};
	136
	137	__jhash_mix(a,b,c);
	138
	139	return c;
	140	}
	141
	142
	143	/* A special ultra-optimized versions that knows they are hashing exactly
	144	* 3, 2 or 1 word(s).
	145	*
	146	* NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally
	147	* done at the end is not done here.
	148	*/
	149	static inline uint32_t jhash_3words(uint32_t a, uint32_t b, uint32_t c, uint32_t initval)
	150	{
	151	a += JHASH_GOLDEN_RATIO;
	152	b += JHASH_GOLDEN_RATIO;
	153	c += initval;
	154
	155	__jhash_mix(a, b, c);
	156
	157	return c;
	158	}
	159
	160	static inline uint32_t jhash_2words(uint32_t a, uint32_t b, uint32_t initval)
	161	{
	162	return jhash_3words(a, b, 0, initval);
	163	}
	164
	165	static inline uint32_t jhash_1word(uint32_t a, uint32_t initval)
	166	{
	167	return jhash_3words(a, 0, 0, initval);
	168	}
	169
	170	static unsigned int get_randomness(int *state)
	171	{
	172	return jhash_1word((state)++, state * 1103515243);
	173	}
	174
	175	static int state;
	176
	177	/* Lengthening headers is pointless: other end will just wait for more
	178	* data and timeout. We merely shorten the length. */
	179	static void corrupt_header(char output, const struct xsd_sockmsg msg,
	180	unsigned int *next_bit)
	181	{
	182	struct xsd_sockmsg newmsg = *msg;
	183
	184	while (next_bit < sizeof(msg)) {
	185	if (newmsg.len)
	186	newmsg.len = get_randomness(&state) % newmsg.len;
	187	*next_bit += get_randomness(&state) % RAND_FREQ;
	188	}
	189	memcpy(output, &newmsg, sizeof(newmsg));
	190	}
	191
	192	#define read_all_choice read_all
	193	static bool write_all_choice(int fd, const void *data, unsigned int len)
	194	{
	195	char corrupt_data[len];
	196	bool ret;
	197	static unsigned int next_bit;
	198
	199	if (len == sizeof(struct xsd_sockmsg)
	200	&& ((unsigned long)data % __alignof__(struct xsd_sockmsg)) == 0)
	201	corrupt_header(corrupt_data, data, &next_bit);
	202	else {
	203	memcpy(corrupt_data, data, len);
	204	while (next_bit < len * CHAR_BIT) {
	205	corrupt_data[next_bit/CHAR_BIT]
	206	^= (1 << (next_bit%CHAR_BIT));
	207	next_bit += get_randomness(&state) % RAND_FREQ;
	208	}
	209	}
	210
	211	ret = xs_write_all(fd, corrupt_data, len);
	212	next_bit -= len * CHAR_BIT;
	213	return ret;
	214	}
	215
	216	#include "xs.c"
	217
	218	static char *random_path(void)
	219	{
	220	unsigned int i;
	221	char *ret = NULL;
	222
	223	if (get_randomness(&state) % 20 == 0)
	224	return talloc_strdup(NULL, "/");
	225
	226	for (i = 0; i < 1 \|\| (get_randomness(&state) % 2); i++) {
	227	ret = talloc_asprintf_append(ret, "/%i",
	228	get_randomness(&state) % 15);
	229	}
	230	return ret;
	231	}
	232
	233	/* Do the next operation, return the results. */
	234	static void do_next_op(struct xs_handle *h, bool verbose)
	235	{
	236	char *name;
	237	unsigned int num;
	238
	239	if (verbose)
	240	printf("State %i: ", state);
	241
	242	name = random_path();
	243	switch (get_randomness(&state) % 9) {
	244	case 0:
	245	if (verbose)
	246	printf("DIR %s\n", name);
	247	free(xs_directory(h, name, &num));
	248	break;
	249	case 1:
	250	if (verbose)
	251	printf("READ %s\n", name);
	252	free(xs_read(h, name, &num));
	253	break;
	254	case 2: {
	255	char *contents = talloc_asprintf(NULL, "%i",
	256	get_randomness(&state));
	257	unsigned int len = get_randomness(&state)%(strlen(contents)+1);
	258	if (verbose)
	259	printf("WRITE %s %.*s\n", name, len, contents);
	260	xs_write(h, name, contents, len);
	261	break;
	262	}
	263	case 3:
	264	if (verbose)
	265	printf("MKDIR %s\n", name);
	266	xs_mkdir(h, name);
	267	break;
	268	case 4:
	269	if (verbose)
	270	printf("RM %s\n", name);
	271	xs_rm(h, name);
	272	break;
	273	case 5:
	274	if (verbose)
	275	printf("GETPERMS %s\n", name);
	276	free(xs_get_permissions(h, name, &num));
	277	break;
	278	case 6: {
	279	unsigned int i, num = get_randomness(&state)%8;
	280	struct xs_permissions perms[num];
	281
	282	if (verbose)
	283	printf("SETPERMS %s: ", name);
	284	for (i = 0; i < num; i++) {
	285	perms[i].id = get_randomness(&state)%8;
	286	perms[i].perms = get_randomness(&state)%4;
	287	if (verbose)
	288	printf("%i%c ", perms[i].id,
	289	perms[i].perms == XS_PERM_WRITE ? 'W'
	290	: perms[i].perms == XS_PERM_READ ? 'R'
	291	: perms[i].perms ==
	292	(XS_PERM_READ\|XS_PERM_WRITE) ? 'B'
	293	: 'N');
	294	}
	295	if (verbose)
	296	printf("\n");
	297	xs_set_permissions(h, name, perms, num);
	298	break;
	299	}
	300	case 7: {
	301	if (verbose)
	302	printf("START %s\n", name);
	303	xs_transaction_start(h);
	304	break;
	305	}
	306	case 8: {
	307	bool abort = (get_randomness(&state) % 2);
	308
	309	if (verbose)
	310	printf("STOP %s\n", abort ? "ABORT" : "COMMIT");
	311	xs_transaction_end(h, abort);
	312	break;
	313	}
	314	default:
	315	barf("Impossible randomness");
	316	}
	317	}
	318
	319	static struct xs_handle *h;
	320	static void alarmed(int sig __attribute__((unused)))
	321	{
	322	/* We force close on timeout. */
	323	close(h->fd);
	324	}
	325
	326	static int start_daemon(void)
	327	{
	328	int fds[2];
	329	int daemon_pid;
	330
	331	/* Start daemon. */
	332	pipe(fds);
	333	if ((daemon_pid = fork())) {
	334	/* Child writes PID when its ready: we wait for that. */
	335	char buffer[20];
	336	close(fds[1]);
	337	if (read(fds[0], buffer, sizeof(buffer)) < 0)
	338	barf("Failed to summon daemon");
	339	close(fds[0]);
	340	return daemon_pid;
	341	} else {
	342	dup2(fds[1], STDOUT_FILENO);
	343	close(fds[0]);
	344	#if 1
	345	execlp("valgrind", "valgrind", "--log-file=/tmp/xs_crashme.vglog", "-q", "./xenstored_test", "--output-pid",
	346	"--no-fork", "--trace-file=/tmp/trace", NULL);
	347	#else
	348	execlp("./xenstored_test", "xenstored_test", "--output-pid",
	349	"--no-fork", NULL);
	350	#endif
	351	exit(1);
	352	}
	353	}
	354
	355
	356	int main(int argc, char **argv)
	357	{
	358	unsigned int i;
	359	int pid;
	360
	361	if (argc != 3 && argc != 4)
	362	barf("Usage: xs_crashme <iterations> <seed> [pid]");
	363
	364	if (argc == 3)
	365	pid = start_daemon();
	366	else
	367	pid = atoi(argv[3]);
	368
	369	state = atoi(argv[2]);
	370	h = xs_daemon_open();
	371	if (!h)
	372	barf_perror("Opening connection to daemon");
	373	signal(SIGALRM, alarmed);
	374	for (i = 0; i < (unsigned)atoi(argv[1]); i++) {
	375	alarm(1);
	376	do_next_op(h, false);
	377	if (i % (atoi(argv[1]) / 72 ?: 1) == 0) {
	378	printf(".");
	379	fflush(stdout);
	380	}
	381	if (kill(pid, 0) != 0)
	382	barf_perror("Pinging daemon on iteration %i", i);
	383	if (h->fd < 0) {
	384	xs_daemon_close(h);
	385	h = xs_daemon_open();
	386	if (!h)
	387	barf_perror("Connecting on iteration %i", i);
	388	}
	389	}
	390	kill(pid, SIGTERM);
	391	return 0;
	392	}
	393

Note: See TracBrowser for help on using the repository browser.

Download in other formats: