From: David van Moolenbroek Date: Tue, 2 Oct 2012 15:49:23 +0000 (+0000) Subject: swifi: various improvements X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/zpipe.c?a=commitdiff_plain;h=875abb872412bde4d3ba5da66423f55431e19dcf;p=minix.git swifi: various improvements - no longer inject fewer faults than instructed; - no longer apply a limit on the number of injected faults; - refactory to allow for random faults (type 99); - also allow for stop faults (type 50); - massive dead code cleanup; - move outdated test cruft into tests/ subdirectory; it is kept only as an example of how to use swifi. Change-Id: I8a3cb71902dfaadb7bf785723b917307db83d0d5 --- diff --git a/minix/commands/swifi/Makefile b/minix/commands/swifi/Makefile index 88d14b3a7..b73072160 100644 --- a/minix/commands/swifi/Makefile +++ b/minix/commands/swifi/Makefile @@ -3,9 +3,9 @@ PROG= swifi SRCS= systest.c fault_model.c extra.c db_sym.c db_disasm.c \ db_access.c read_nlist.c -CPPFLAGS+= -DCONFIG_SWIFI +MAN= + DPADD+= ${LIBELF} LDADD+= -lelf -MAN= .include diff --git a/minix/commands/swifi/db_disasm.c b/minix/commands/swifi/db_disasm.c index f2ec126f7..9d86ac3ad 100644 --- a/minix/commands/swifi/db_disasm.c +++ b/minix/commands/swifi/db_disasm.c @@ -28,9 +28,6 @@ * Instruction disassembler. */ -#if 0 -#include -#endif #include "ddb.h" #include "db_access.h" @@ -861,12 +858,6 @@ static const int db_lengths[] = { result = db_get_value((loc), (size), (is_signed)); \ (loc) += (size); -/*static db_addr_t -// db_disasm_esc __P((db_addr_t loc, int inst, int short_addr, -// int size, const char *seg)); -//static void db_print_address __P((const char *seg, int size, -// struct i_addr *addrp)); -*/ static db_addr_t db_read_address __P((db_addr_t loc, int short_addr, int regmodrm, struct i_addr *addrp)); diff --git a/minix/commands/swifi/db_sym.c b/minix/commands/swifi/db_sym.c index 72964fc72..8c94b5d10 100644 --- a/minix/commands/swifi/db_sym.c +++ b/minix/commands/swifi/db_sym.c @@ -28,15 +28,6 @@ * Author: David B. Golub, Carnegie Mellon University * Date: 7/90 */ -#if 0 -//#include -//#include -#endif -#if 0 -#include -#include -#include -#endif #include "ddb.h" #include "db_sym.h" #include "swifi.h" @@ -49,276 +40,6 @@ #ifndef MAXNOSYMTABS #define MAXNOSYMTABS 3 /* mach, ux, emulator */ #endif -#if 0 - -static db_symtab_t db_symtabs[MAXNOSYMTABS] = {{0,},}; -static int db_nsymtab = 0; - -static db_symtab_t *db_last_symtab; - -static db_sym_t db_lookup __P(( char *symstr)); -static char *db_qualify __P((db_sym_t sym, char *symtabname)); -static boolean_t db_symbol_is_ambiguous __P((db_sym_t sym)); -static boolean_t db_line_at_pc __P((db_sym_t, char **, int *, - db_expr_t)); - -/* - * Add symbol table, with given name, to list of symbol tables. - */ -void -db_add_symbol_table(start, end, name, ref) - char *start; - char *end; - char *name; - char *ref; -{ - if (db_nsymtab >= MAXNOSYMTABS) { - printk ("No slots left for %s symbol table", name); - panic ("db_sym.c: db_add_symbol_table"); - } - - db_symtabs[db_nsymtab].start = start; - db_symtabs[db_nsymtab].end = end; - db_symtabs[db_nsymtab].name = name; - db_symtabs[db_nsymtab].private = ref; - db_nsymtab++; -} - -/* - * db_qualify("vm_map", "ux") returns "unix:vm_map". - * - * Note: return value points to static data whose content is - * overwritten by each call... but in practice this seems okay. - */ -static char * -db_qualify(sym, symtabname) - db_sym_t sym; - register char *symtabname; -{ - char *symname; - static char tmp[256]; - - db_symbol_values(sym, &symname, 0); - strcpy(tmp,symtabname); - strcat(tmp,":"); - strcat(tmp,symname); - return tmp; -} - - -boolean_t -db_eqname(src, dst, c) - char *src; - char *dst; - char c; -{ - if (!strcmp(src, dst)) - return (TRUE); - if (src[0] == c) - return (!strcmp(src+1,dst)); - return (FALSE); -} - -boolean_t -db_value_of_name(name, valuep) - char *name; - db_expr_t *valuep; -{ - db_sym_t sym; - - sym = db_lookup(name); - if (sym == DB_SYM_NULL) - return (FALSE); - db_symbol_values(sym, &name, valuep); - return (TRUE); -} - - -/* - * Lookup a symbol. - * If the symbol has a qualifier (e.g., ux:vm_map), - * then only the specified symbol table will be searched; - * otherwise, all symbol tables will be searched. - */ -static db_sym_t -db_lookup(symstr) - char *symstr; -{ - db_sym_t sp; - register int i; - int symtab_start = 0; - int symtab_end = db_nsymtab; - register char *cp; - - /* - * Look for, remove, and remember any symbol table specifier. - */ - for (cp = symstr; *cp; cp++) { - if (*cp == ':') { - *cp = '\0'; - for (i = 0; i < db_nsymtab; i++) { - if (! strcmp(symstr, db_symtabs[i].name)) { - symtab_start = i; - symtab_end = i + 1; - break; - } - } - *cp = ':'; - if (i == db_nsymtab) { - db_error("invalid symbol table name"); - } - symstr = cp+1; - } - } - - /* - * Look in the specified set of symbol tables. - * Return on first match. - */ - for (i = symtab_start; i < symtab_end; i++) { - sp = X_db_lookup(&db_symtabs[i], symstr); - if (sp) { - db_last_symtab = &db_symtabs[i]; - return sp; - } - } - return 0; -} - -/* - * Does this symbol name appear in more than one symbol table? - * Used by db_symbol_values to decide whether to qualify a symbol. - */ -static boolean_t db_qualify_ambiguous_names = FALSE; - -static boolean_t -db_symbol_is_ambiguous(sym) - db_sym_t sym; -{ - char *sym_name; - register int i; - register - boolean_t found_once = FALSE; - - if (!db_qualify_ambiguous_names) - return FALSE; - - db_symbol_values(sym, &sym_name, 0); - for (i = 0; i < db_nsymtab; i++) { - if (X_db_lookup(&db_symtabs[i], sym_name)) { - if (found_once) - return TRUE; - found_once = TRUE; - } - } - return FALSE; -} - -/* - * Find the closest symbol to val, and return its name - * and the difference between val and the symbol found. - */ -db_sym_t -db_search_symbol( val, strategy, offp) - register db_addr_t val; - db_strategy_t strategy; - db_expr_t *offp; -{ - register - unsigned int diff; - unsigned int newdiff; - register int i; - db_sym_t ret = DB_SYM_NULL, sym; - - newdiff = diff = ~0; - db_last_symtab = 0; - for (i = 0; i < db_nsymtab; i++) { - sym = X_db_search_symbol(&db_symtabs[i], val, strategy, &newdiff); - if (newdiff < diff) { - db_last_symtab = &db_symtabs[i]; - diff = newdiff; - ret = sym; - } - } - *offp = diff; - return ret; -} - -/* - * Return name and value of a symbol - */ -void -db_symbol_values(sym, namep, valuep) - db_sym_t sym; - char **namep; - db_expr_t *valuep; -{ - db_expr_t value; - - if (sym == DB_SYM_NULL) { - *namep = 0; - return; - } - - X_db_symbol_values(sym, namep, &value); - if (db_symbol_is_ambiguous(sym)) - *namep = db_qualify(sym, db_last_symtab->name); - if (valuep) - *valuep = value; -} - - -/* - * Print a the closest symbol to value - * - * After matching the symbol according to the given strategy - * we print it in the name+offset format, provided the symbol's - * value is close enough (eg smaller than db_maxoff). - * We also attempt to print [filename:linenum] when applicable - * (eg for procedure names). - * - * If we could not find a reasonable name+offset representation, - * then we just print the value in hex. Small values might get - * bogus symbol associations, e.g. 3 might get some absolute - * value like _INCLUDE_VERSION or something, therefore we do - * not accept symbols whose value is "small" (and use plain hex). - */ - - -void -db_printsym(off, strategy) - db_expr_t off; - db_strategy_t strategy; -{ - db_expr_t d; - char *filename; - char *name; - db_expr_t value; - int linenum; - db_sym_t cursym; - - cursym = db_search_symbol(off, strategy, &d); - db_symbol_values(cursym, &name, &value); - if (name == 0) - value = off; - if (value >= DB_SMALL_VALUE_MIN && value <= DB_SMALL_VALUE_MAX) { - printk("0x%x", off); - return; - } - if (name == 0 || d >= db_maxoff) { - printk("0x%x", off); - return; - } - printk("%s", name); - if (d) - printk("+0x%x", d); - if (strategy == DB_STGY_PROC) { - // if (db_line_at_pc(cursym, &filename, &linenum, off)) - // printk(" [%s:%d]", filename, linenum); - } -} - -#endif unsigned int db_maxoff = 0x10000; unsigned long modAddr = 0; @@ -438,7 +159,7 @@ find_faulty_instr(db_expr_t off, int type, int *instr_len) found=1; break; - } else if(type==NOP_FAULT) { + } else if(type==NOP_FAULT || type==STOP_FAULT) { /* 5b) nop*: replace instruction with nop */ if(cur_value> off) { found=1; @@ -563,9 +284,6 @@ find_faulty_instr(db_expr_t off, int type, int *instr_len) if (d) printk("+0x%x", d); printk(" @ %x, ", value); printk("instr @ %x, len=%d, ", off, *instr_len); -#if 0 - // db_disasm(prev_value, FALSE); -#endif } return off; } else { @@ -574,25 +292,3 @@ find_faulty_instr(db_expr_t off, int type, int *instr_len) return 0; } } - -#if 0 -static boolean_t -db_line_at_pc( sym, filename, linenum, pc) - db_sym_t sym; - char **filename; - int *linenum; - db_expr_t pc; -{ - return X_db_line_at_pc( db_last_symtab, sym, filename, linenum, pc); -} - -int -db_sym_numargs(sym, nargp, argnames) - db_sym_t sym; - int *nargp; - char **argnames; -{ - return X_db_sym_numargs(db_last_symtab, sym, nargp, argnames); -} - -#endif diff --git a/minix/commands/swifi/extra.c b/minix/commands/swifi/extra.c index 1b2135e4f..b67461b14 100644 --- a/minix/commands/swifi/extra.c +++ b/minix/commands/swifi/extra.c @@ -19,45 +19,6 @@ char *victim_exe= NULL; static struct nlist *exe_nlist; static int exe_nlist_n; -/* unsigned long __get_free_page(int type) { assert(0); } */ -/* void *kmalloc(size_t size, int type) { assert(0); } */ -void free_page(unsigned long page) { assert(0); } -/* void kfree(void *mem) { assert(0); } */ -void vfree(void *mem) { assert(0); } - -size_t strncpy_from_user(char *addr, const char *user_name, size_t size) -{ assert(0); return 0; } - -/* void lock_kernel(void) { assert(0); } */ -/* void unlock_kernel(void) { assert(0); } */ -/* void __asm__(char *str) { assert(0); } */ - -extern void *__vmalloc(unsigned long size, int gfp_mask, pgprot_t prot) -{ assert(0); return NULL; } - -#if 0 -void kallsyms_sections(void *infop, - int (*fp)(void *token, const char *modname, const char *secname, - ElfW(Addr) secstart, ElfW(Addr) secend, ElfW(Word) secflags)) -{ assert(0); } -#endif - -unsigned long __generic_copy_to_user(void *x, const void *y, unsigned long z) -{ assert(0); return -1; } -unsigned long __generic_copy_from_user(void *x, const void *y, unsigned long z) -{ assert(0); return -1; } - -/* void read_lock(struct lock *lock) { assert(0); } */ -/* void read_unlock(struct lock *lock) { assert(0); } */ -void udelay(unsigned long usecs) { assert(0); } -int copy_to_user(void * result_record, void *res, size_t size) -{ - memcpy(result_record, res, size); - return 0; -} - -void panic(char *str) { assert(0); } - void printk(char *fmt, ...) { va_list ap; @@ -96,16 +57,6 @@ int kallsyms_address_to_symbol(db_expr_t off, above= &exe_nlist[i]; } } -#if 0 - if (below) - { - printf("found '%s' at 0x%x\n", below->n_name, below->n_value); - } - if (above) - { - printf("found '%s' at 0x%x\n", above->n_name, above->n_value); - } -#endif btext |= TRAP_BIT; etext |= TRAP_BIT; @@ -129,10 +80,6 @@ int kallsyms_address_to_symbol(db_expr_t off, return 1; } -struct module *module_list; -struct task_struct *task_list; -struct lock tasklist_lock; - unsigned long text_read_ul(void *addr) { int i; diff --git a/minix/commands/swifi/extra.h b/minix/commands/swifi/extra.h index 89e40743c..274584813 100644 --- a/minix/commands/swifi/extra.h +++ b/minix/commands/swifi/extra.h @@ -7,46 +7,6 @@ Compatibility with the linux kernel environment #include #include -#if 0 -struct module -{ - struct module *next; - char *name; -}; -extern struct module *module_list; -#endif - -struct thread -{ - unsigned long esp; -}; - -struct task_struct -{ - struct thread thread; - struct task_struct *next; -}; - -unsigned long __get_free_page(int type); -void *kmalloc(size_t size, int type); -#define GFP_KERNEL 1 -void free_page(unsigned long page); -void kfree(void *mem); -void vfree(void *mem); - -size_t strncpy_from_user(char *addr, const char *user_name, size_t size); - -void lock_kernel(void); -void unlock_kernel(void); - -/* void __asm__(char *str); */ - -#define for_each_task(t) for(t= task_list; t; t=t->next) -extern struct task_struct *task_list; - -typedef struct { int foo; } pgprot_t; -extern void *__vmalloc(unsigned long size, int gfp_mask, pgprot_t prot); - #define ElfW(type) Elf_ ## type typedef unsigned long Elf_Addr; typedef unsigned long Elf_Word; @@ -55,25 +15,6 @@ void kallsyms_sections(void *infop, int (*fp)(void *token, const char *modname, const char *secname, ElfW(Addr) secstart, ElfW(Addr) secend, ElfW(Word) secflags)); -unsigned long __generic_copy_to_user(void *, const void *, unsigned long); -unsigned long __generic_copy_from_user(void *, const void *, unsigned long); - -struct lock { int dummy; }; -extern struct lock tasklist_lock; -void read_lock(struct lock *lock); -void read_unlock(struct lock *lock); - -void udelay(unsigned long usecs); - -int copy_to_user(void * result_record, void *res, size_t size); - -void panic(char *str); - -#define PAGE_SIZE (0x1000) -#define PAGE_MASK (0x0fff) -#define PAGE_OFFSET 0 /* What does this do? */ -#define TASK_SIZE 0 /* What does this do? */ - void printk(char *fmt, ...); #include "ddb.h" diff --git a/minix/commands/swifi/fault_model.c b/minix/commands/swifi/fault_model.c index 98afd115e..09c9864ee 100644 --- a/minix/commands/swifi/fault_model.c +++ b/minix/commands/swifi/fault_model.c @@ -6,8 +6,8 @@ * * The source code in this file can be freely used, adapted, * and redistributed in source or binary form, so long as an - * acknowledgment appears in derived source files. No warranty - * is attached; * we cannot take responsibility for errors or + * acknowledgment appears in derived source files. No warranty + * is attached; we cannot take responsibility for errors or * fitness for use. * */ @@ -15,16 +15,16 @@ /* * Fault injector for testing the usefulness of NOOKS - * + * * Adapted from the SWIFI tools used by Wee Teck Ng to evaluate the RIO * file cache at the University of Michigan - * + * */ -/* - * This tool can inject faults into modules, whether they are loaded into a +/* + * This tool can inject faults into modules, whether they are loaded into a * nook or loaded into the kernel (for comparison testing). - * + * * There are several classes of faults emulated: * - Corruption of text * - corruption @@ -34,1237 +34,274 @@ * - incorrect source/destination (corrupted) * - remove jmp or rep instruction * - change address computation for memory access (not stack) - * - change termination condition for loop (change repeat to repeat - * -while equal, change condition to !condition - - remove instructions loading registers from arguments (ebp+x) - * - * - Corruption of stack - * - Corruption of heap - * - copy overruns - * - use after free + * - change termination condition for loop (change repeat to repeat + * while equal, change condition to !condition) + * - remove instructions loading registers from arguments (ebp+x) */ -#if 0 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#endif +#include +#include + #include "ddb.h" #include "db_sym.h" #include "swifi.h" #include "extra.h" -#include -#define CRASH_INTERVAL 8192 -#define FI_MASK 0xfff -#define P50 0x3fffffff /* 50% of max rand */ -#define P94 0x7851eb84 /* 94% of max rand */ -#define NOP 0x90 - -unsigned long randomSeed=0; /* random number */ -unsigned long injectFault=1; /* inject fault ? */ -unsigned long diskTest=0; /* run disk test instead of rio */ -unsigned long faultInjected=0; /* has fault been injected? */ -unsigned long crashInterval=0; /* interval between injecting fault */ -unsigned long crashCount=0; /* number of times fault is injected */ -unsigned long faultType; -unsigned long numFaults; -char *crashAddr=0; /* track current malloc */ -int crashToggle=1; -int text_fault(char *mod_name, pswifi_result_t res); -int stack_fault(pswifi_result_t res); -int heap_fault(pswifi_result_t res); -int direct_fault(int fault_address, int fault_content, pswifi_result_t res); -int direct_fault1(int fault_address, int fault_content, pswifi_result_t res); -int while1(void); - -int *testVA; - -#if 0 -#define PDEBUG(fmt, args...) \ -do { \ - printk( KERN_ALERT "SWIFI: " fmt, ## args); \ -} while (0) -#else -#include #define PDEBUG(args) /* (printf args) */ -#endif - -#define inline - -#ifdef CONFIG_SWIFI -#if 0 -static inline long -get_mod_name(const char *user_name, char **buf) -{ - unsigned long page; - long retval; - - page = __get_free_page(GFP_KERNEL); - if (!page) - return -ENOMEM; +#define NOP 0x90 - retval = strncpy_from_user((char *)page, user_name, PAGE_SIZE); - if (retval > 0) { - if (retval < PAGE_SIZE) { - *buf = (char *)page; - return retval; - } - retval = -ENAMETOOLONG; - } else if (!retval) - retval = -EINVAL; +static int text_fault(int type, unsigned long btext, unsigned long text_size); - free_page(page); - return retval; -} +static int randomFaults[] = { + TEXT_FAULT, + NOP_FAULT, + SRC_FAULT, + DST_FAULT, + PTR_FAULT, + LOOP_FAULT, + INTERFACE_FAULT +}; -static inline void -put_mod_name(char *buf) +void +swifi_inject_fault(char * module_name, + unsigned long faultType, + unsigned long randomSeed, + unsigned long numFaults) { - free_page((unsigned long)buf); -} -#endif - -long -sys_inject_fault(char * module_name, - unsigned long argFaultType, - unsigned long argRandomSeed, - unsigned long argNumFaults, - pswifi_result_t result_record, - unsigned long argInjectFault) -{ - int result = 0; - unsigned long fault_address = 0; - unsigned long fault_data = 0 ; - char * kern_name = NULL; -#if 0 - struct module * mod = NULL; - int found = 0; -#endif - pswifi_result_t res = NULL; - - if (argNumFaults > SWIFI_MAX_FAULTS) { - result = -E2BIG; - goto Cleanup; - } - res = (pswifi_result_t) malloc((1+argNumFaults) * sizeof(swifi_result_t)); - if (res == NULL) { - result = -ENOMEM; - goto Cleanup; - } - memset(res, 0, (1 + argNumFaults) * sizeof(swifi_result_t)); - - /* - // Capture the name of the module from usermode - */ - -#if 0 - result = get_mod_name(module_name, &kern_name); - if (result < 0) { - goto Cleanup; - } -#endif - - kern_name= module_name; - - + unsigned long btext, etext, text_size; + int type; - -#if 0 - lock_kernel(); - - for (mod = module_list; mod ; mod = mod->next) { - if (strcmp(kern_name, mod->name) == 0) { - found = 1; - break; - } - } - unlock_kernel(); - if (!found) { - result = -ENOENT; - goto Cleanup; - } -#endif - - numFaults = argNumFaults; - faultType = argFaultType; - randomSeed = argRandomSeed; - injectFault = argInjectFault; - - - if(faultType>=DISK_TEST) { - faultType=faultType-DISK_TEST; - diskTest=1; - } - if(faultType==STATS) { -#if 0 - extern long time_vmp, n_vmp; - extern long time_pmp, n_pmp; - - PDEBUG("# vm_map_protect=%ld, total cycle=%ld\n", n_vmp, time_vmp); - PDEBUG("# pmap_protect=%ld, total cycle=%ld\n", n_pmp, time_pmp); - n_vmp=0; time_vmp=0; - n_pmp=0; time_pmp=0; -#endif - } else if (faultType == DIRECT_FAULT) { - fault_address = numFaults; - fault_data = randomSeed; - PDEBUG(("sys inject fault, type %ld, addr=%lx, flip bit%lx\n", - faultType, fault_address, fault_data)); - } else if (faultType == DIRECT_FAULT1) { - fault_address = numFaults; - fault_data = randomSeed; - PDEBUG(("sys inject fault, type %ld, addr=%lx, zero bytes %lx\n", - faultType, fault_address, fault_data)); - } else { - PDEBUG(("sys inject fault, type %ld, seed=%ld, fault=%ld\n", - faultType, randomSeed, numFaults)); - } - faultInjected=1; - - srandom(randomSeed); - /* set warm reboot, leave RAM unchanged - * 0 : don't inject fault - * 1 : run POST, wipe out memory - * 2 : don't test memory - * 3 : don't change memory (doesn't work) - * 4 : don't sync registry - */ - /* default number of faults is 5 */ - if(numFaults<=0 || numFaults>100) numFaults=5; - - switch(faultType) - { - case TEXT_FAULT: - result = text_fault(module_name, res); - break; - case STACK_FAULT: - result = stack_fault(res); - break; - case HEAP_FAULT: - result = heap_fault(res); - break; - case INIT_FAULT: - case NOP_FAULT: - case DST_FAULT: - case SRC_FAULT: - case BRANCH_FAULT: - case PTR_FAULT: - case LOOP_FAULT: - case INTERFACE_FAULT: - case IRQ_FAULT: - result = text_fault(module_name, res); - break; - case FREE_FAULT: - case BCOPY_FAULT: - case SYNC_FAULT: - case ALLOC_FAULT: - crashInterval=CRASH_INTERVAL; /* interval between crash */ - break; - case MEM_LEAK_FAULT: - crashToggle=0; - crashInterval=CRASH_INTERVAL; /* interval between crash */ - break; - case PANIC_FAULT: - panic("testing panic"); - result = 0; - break; - /* case WP_FAULT: page_reg_fault(random()); break; */ - case DIRECT_FAULT: - { - direct_fault(fault_address, fault_data, res); - break; - } - case DIRECT_FAULT1: - { - result = direct_fault1(fault_address, fault_data, res); - - break; - } - /* case PAGE_REG_DUMP: rio_dump(); break; */ - case WHILE1_FAULT: - { - - result = while1(); - - break; - } - /* case CPU_RESET_FAULT: cpu_reset(); break; */; - case COW_FAULT: - { - /* test writing to kernel text. freebsd currently do a COW on a - * write to kernel text. - */ - unsigned long *addr1, *addr2; - - addr1 = (unsigned long *) 0xf0212000; - addr2 = (unsigned long *) 0xf0212010; - PDEBUG(("%p=%lx, %p=%lx\n", addr1, *addr1, addr2, *addr2)); - /* - __asm__ ("movl $0xf0212000, %eax\n\t" \ - "movl $6, 0(%eax)\n\t" \ - "movl $6, 4(%eax)\n\t"); - */ - /* Not implemented on MINIX */ - assert(0); - addr1 = (unsigned long *) 0xf0212000; - addr2 = (unsigned long *) 0xf0212010; - PDEBUG(("after injecting fault\n")); - PDEBUG(("%p=%lx, %p=%lx\n", addr1, *addr1, addr2, *addr2)); - result = 0; - break; - } - - case DEBUGGER_FAULT: - PDEBUG(("Debugger fault")); - /* - __asm__ ("movl %cr4, %ecx\n\t" \ - "movl $42, %ecx; .byte 0x0f, 0x32\n\t" \ - "movl $377, %ecx; .byte 0x0f, 0x32\n\t"); - */ - /* Not implemented on MINIX */ - assert(0); - result = 0; - break; - default: PDEBUG(("unknown fault type %ld\n", faultType)); break; - } - if (copy_to_user(result_record, res, argNumFaults * sizeof(swifi_result_t))) { - result = -EFAULT; - } - Cleanup: -#if 0 - if (kern_name != NULL) { - put_mod_name(kern_name); - } -#endif - if (res != NULL) { - free(res); - } - - return (result); -} - -int while1(void) -{ - int i=0; - - PDEBUG(("entering into while 1 loop\n")); - while(1) { - udelay(20000); - PDEBUG(("delay %4d secs, cpl=0x%x, ipend=0x%x\n", i+=5, 20, 30)); - if(i>(100 * 2500)) - break; - } - return(0); -} - - -int direct_fault(int fault_address, int fault_content, pswifi_result_t res) -{ - unsigned long *addr; - int flip_bit=0; - + if (numFaults == 0) numFaults = 5; - addr = (unsigned long *) (PAGE_OFFSET + fault_address); - - PDEBUG(("%p:0x%lx => ", addr, *addr)); - - flip_bit = 1 << fault_content; + srandom(randomSeed); - res[0].address = (unsigned long) addr; - res[0].old = *addr; - res[0].new = (*addr) ^ flip_bit; + load_nlist(module_name, &btext, &etext); - if (injectFault) { - *addr = (*addr) ^ flip_bit; - } - PDEBUG(("%lx\n", *addr)); - return(0); -} + text_size = etext - btext; -int direct_fault1(int fault_address, int fault_content, pswifi_result_t res) -{ - unsigned long *addr, data; + PDEBUG(("text=%lx-%lx, size=%lx\n", btext, etext, text_size)); + while (numFaults) { + if ((type = faultType) == RANDOM_FAULT) + type = randomFaults[random() % + (sizeof(randomFaults) / sizeof(randomFaults[0]))]; - addr = (unsigned long *) (PAGE_OFFSET + fault_address); - - PDEBUG(("%p:%lx => ", addr, *addr)); - - - data = *addr; - if(fault_content==1) { - data = data & 0xffffff00; - data = data | 0x00000090; - } else if(fault_content==2) { - data = data & 0xffff0000; - data = data | 0x00009090; - } else if(fault_content==3) { - data = data & 0xff000000; - data = data | 0x00909090; - } else if(fault_content==4) { - data = 0x90909090; - } - res[0].address = (unsigned long) addr; - res[0].old = *addr; - res[0].new = data; - if (injectFault) { - *addr = data; + if (text_fault(type, btext, text_size)) + numFaults--; } - - PDEBUG(("%lx\n", *addr)); - - - return(0); } - - - -/* -#include -*/ - -#define MAX_NUM_TASKS 20 - -struct task_struct * -find_task(void) +static int text_fault(int type, unsigned long btext, unsigned long text_size) { - struct task_struct * task = NULL, *result = NULL ; - int i,j; - i = 1 + (random() % MAX_NUM_TASKS); - j = i; - - - do { -#if 0 - read_lock(&tasklist_lock); -#endif - for_each_task(task) { - if (--i == 0) { - result = task; - break; - } - } -#if 0 - read_unlock(&tasklist_lock); -#endif - } while ((i > 0) && (i != j)); + unsigned long *addr, taddr; + int j, flip_bit, len, prefix; + unsigned char *c; - return(result); -} + /* inject faults into text space */ -int -stack_fault(pswifi_result_t res) -{ - unsigned long *addr, size, taddr; - int flip_bit=0; - int count=0; - struct task_struct *task = NULL; + addr = (unsigned long *) + (btext + ((unsigned long) (random()&~0xf) % text_size)); - while(count < numFaults) { - task = find_task(); - if (task == NULL) { - return(-1); - } + /* now the tricky part */ - size = (unsigned long) task + TASK_SIZE - task->thread.esp; + taddr=(unsigned long) addr; + if (type != TEXT_FAULT) { + addr = (unsigned long *) find_faulty_instr(taddr, type, &len); + /* do it over again if we can't find the right instruction */ + if (!addr || !len) + return FALSE; + } - PDEBUG(("stack range=%lx-%lx\n", - (unsigned long) task->thread.esp, - (unsigned long) task + TASK_SIZE)); + PDEBUG(("target addr=%lx, instr addr=%p, %lx=>", taddr, addr, + text_read_ul(addr))); - addr = (unsigned long *) ((long) task->thread.esp + - (random()&~0x3)%size); - taddr=(unsigned long) addr; + switch (type) { + case TEXT_FAULT: flip_bit = random() & 0x1f; - PDEBUG(("%lx:%lx flip bit %d => ", taddr, *addr, flip_bit)); + PDEBUG(("flip bit %d => ", flip_bit)); flip_bit = 1 << flip_bit; - res[count].address = taddr; - res[count].old = *addr; - res[count].new = (*addr) ^ flip_bit; - if (injectFault) { - *addr = ((*addr)^flip_bit); - } - PDEBUG(("%lx\n", *addr)); - count++; - } - return(0); -} + text_write_ul(addr, text_read_ul(addr)^flip_bit); + break; -/* -// Instead of dealing with heaps directly, we look at the area cache of pages -// and vm pages and find an address there. -*/ - - -int heap_fault(pswifi_result_t res) -{ -#ifdef notdef - unsigned long *addr, taddr; - int flip_bit=0; - int count=0; - unsigned long flags; - struct list_head *next; - - addr = (unsigned long *) (map->address + (random()&~0xf)%map->size); - - taddr=(unsigned long) addr; - flip_bit = random() & 0x1f; - PDEBUG("heap range=%lx-%lx ", map->address, map->address + map->size); - PDEBUG("%lx:%lx flip bit %d => ", taddr, *addr, flip_bit); - flip_bit = 1 << flip_bit; - res[count].address = taddr; - res[count].old = *addr; - res[count].new = (*addr) ^ flip_bit; - - if (injectFault) { - *addr = ((*addr)^flip_bit); - } - PDEBUG("%lx\n", *addr); - count++; - } while (count < numFaults); -#endif - return(-1); - -} + case NOP_FAULT: + case INIT_FAULT: + case BRANCH_FAULT: + case INTERFACE_FAULT: + case IRQ_FAULT: + c = (unsigned char *) addr; + for (j = 0; j < len; j++) { + /* replace these bytes with NOP (*c=NOP) */ + text_write_ub(c, NOP); -unsigned long -do_fault_copy_from_user (void *kaddr, const void *udaddr, unsigned long len, - unsigned long (* copy_fn) (void *, const void *, unsigned long)) -{ - unsigned int prob, i=0; - - if ( faultInjected && (faultType==BCOPY_FAULT) ) { - - if (++crashCount == crashInterval) { - - crashCount=0; - prob = random(); - crashInterval = CRASH_INTERVAL + (random() & FI_MASK); - - if (prob < P50) { /* corrupt 1 QW */ - i=1; - } else if (prob < P94) { /* corrupt 2 - 1024 QW */ - i = prob & 0x3fe; - while(!i) { - i = random() & 0x3fe; - } - } else { /* corrupt 2-4 pages */ - i= prob & 0xc00; - while(!i) { - i = random() & 0xc00; - } - } - PDEBUG(("copyin: %p to %p, len=%ld overrun=%d, Intvl=%ld, inj=%ld\n", - udaddr, kaddr, len, i, crashInterval, faultInjected)); - if (faultInjected++ =0xd8 && text_read_ub(c)<=0xdf) { + /* don't mess with fp instruction, yet */ + PDEBUG(("floating point instruction, bailing out\n")); + return FALSE; } - return(copy_fn(udaddr, kaddr, len)); - } else - return(copy_fn(udaddr, kaddr, len)); -} - - -unsigned long -swifi___generic_copy_from_user (void *kaddr, void *udaddr, unsigned long len) -{ - return(do_fault_copy_from_user(kaddr, - udaddr, - len, - __generic_copy_from_user)); -} - -unsigned long -swifi___generic_copy_to_user(void *udaddr, void *kaddr, unsigned long len) -{ - return(do_fault_copy_to_user(udaddr, - kaddr, - len, - __generic_copy_to_user)); -} - - - -void * -swifi_memcpy_fn (void *to, void *from, size_t len) -{ - unsigned int prob, i=0; - - if( faultInjected && (faultType==BCOPY_FAULT) ) { - crashCount++; - if (crashCount == crashInterval) { - crashCount=0; - prob = random(); - crashInterval = CRASH_INTERVAL + (random() & FI_MASK); - - if (prob < P50) { /* corrupt 1 QW */ - i=1; - } else if (prob < P94) { /* corrupt 2 - 1024 QW */ - i= prob & 0x3fe; - while(!i) { - i = random() & 0x3fe; - } - } else { /* corrupt 2-4 pages */ - i=prob&0xc00; - while(!i) { - i = random() & 0xc00; - } - } - - PDEBUG(("memcpy: %p to %p, len=%d overrun=%d, Intvl=%ld, inj=%ld\n", - from, to, len, i, crashInterval, faultInjected)); - if(faultInjected++ =crashInterval) { - - /* alternate between premature freeing and non-free */ - if(crashToggle) { - if(crashAddr) { - PDEBUG(("malloc : freeing %p prematurely\n", - crashAddr)); - kfree_fn(crashAddr); - kfree_fn(addr); - crashAddr=0; - crashToggle=0; - crashCount=0; - crashInterval = CRASH_INTERVAL + (random()&FI_MASK); - if (faultInjected++ > numFaults) { - faultInjected=0; - } - } - } else { - PDEBUG(("free: don't free %p\n", addr)); - if(faultInjected++ > numFaults) { - faultInjected=0; - } - if(faultType==FREE_FAULT) { - crashToggle=1; - } - crashCount=0; - crashInterval = CRASH_INTERVAL + (random()&FI_MASK); - } + c++; + len = len-((long) c - (long) addr); + if (len == 0) + { + PDEBUG(("text_fault: len = %d\n", len)); + return FALSE; } - } else { - kfree_fn(addr); - } -} - -#if 0 -void -swifi_kfree(const void *addr) -{ - do_fault_kfree((void *) addr, kfree); -} -#endif + flip_bit = random() % (len*8); + PDEBUG(("flip bit %d (len=%d) => ", flip_bit, len)); + for(j=0; j=crashInterval) { - PDEBUG(("kmalloc : returning null\n")); - crashCount=0; - crashInterval = CRASH_INTERVAL + (random()&FI_MASK); - if (faultInjected++ > numFaults) { - faultInjected=0; - return(NULL); + j=len; } - + c++; + flip_bit = flip_bit-8; } - } - return(kmalloc_fn(size, flags)); -} + break; - -#if 0 -void * -swifi_kmalloc(size_t size, int flags) -{ - return(do_fault_kmalloc(size, flags, kmalloc)); -} -#endif - - - -void * do_fault_vmalloc(unsigned long size, - int gfp_mask, - pgprot_t prot, - void * (*vmalloc_fn)(unsigned long size, - int gfp_mask, - pgprot_t prot)) -{ - if (faultInjected && (faultType==ALLOC_FAULT)) { - crashCount++; - if(crashCount>=crashInterval) { - PDEBUG(("vmalloc : returning null\n")); - crashCount=0; - crashInterval = CRASH_INTERVAL + (random()&FI_MASK); - if (faultInjected++ > numFaults) { - faultInjected=0; - return(NULL); + case PTR_FAULT: + /* 5f) ptr: if instruction has regmodrm byte (i_has_modrm), + * flip 1 bit in lower byte (0x0f) or any bit in following + * bytes (sib, imm or disp). + */ + c=(unsigned char *) addr; + do { + switch (text_read_ub(c)) { + case 0x66: case 0x67: case 0x26: case 0x36: + case 0x2e: case 0x3e: case 0x64: case 0x65: + case 0xf0: case 0xf2: case 0xf3: + prefix = 1; + break; + default: + prefix = 0; + break; } - + if (prefix) { + c++; + } + } while (prefix); + if(text_read_ub(c)>=0xd8 && text_read_ub(c)<=0xdf) { + /* don't mess with fp instruction, yet */ + PDEBUG(("floating point instruction, bailing out\n")); + return FALSE; } - } - return(vmalloc_fn(size, gfp_mask, prot)); -} - -void * -swifi___vmalloc(unsigned long size, int gfp_mask, pgprot_t prot) -{ - return(do_fault_vmalloc(size, gfp_mask, prot, __vmalloc)); -} - - - -#if 0 -typedef struct section_callback { - const char * module_name; - const char * section_name; - unsigned long sec_start; - unsigned long sec_end; -} section_callback_t; - -static int -text_section_callback(void *token, - const char *modname, - const char *secname, - ElfW(Addr) secstart, - ElfW(Addr) secend, - ElfW(Word) secflags) -{ - section_callback_t * info = (section_callback_t *) token; - - if ((strcmp(modname, info->module_name) == 0) && - (strcmp(secname, info->section_name) == 0)) { - info->sec_start = secstart; - info->sec_end = secend; - return(1); - } - return(0); -} -#endif - - -int text_fault(char *mod_name, pswifi_result_t res) -{ - unsigned long *addr, text_size, offset, page, taddr; - unsigned long btext, etext; - - int count, flip_bit=0, len, rc; - unsigned char *c; -#if 0 - struct module * module; - section_callback_t info; -#endif - -#define MAX_NUM_MODULES 10 - - /* inject faults into text space */ - - for(count=0; countname; - info.module_name = ""; - info.section_name = ".text"; - - kallsyms_sections(&info, text_section_callback); - if (info.sec_start == 0 ) { - return(-1); + if(text_read_ub(c)==0x0f) { + c++; } -#endif - - load_nlist(mod_name, &btext, &etext); - -#if 0 - btext = info.sec_start; - etext = info.sec_end; -#endif - text_size = etext - btext; - - PDEBUG(("text=%lx-%lx, size=%lx\n", btext, etext, text_size)); - - addr = (unsigned long *) - (btext + ((unsigned long) (random()&~0xf) % text_size)); - - /* now the tricky part */ - - taddr=(unsigned long) addr; - if( faultType==INIT_FAULT || - faultType==NOP_FAULT || - faultType==DST_FAULT || - faultType==SRC_FAULT || - faultType==BRANCH_FAULT || - faultType==PTR_FAULT || - faultType==LOOP_FAULT || - faultType==INTERFACE_FAULT || - faultType==IRQ_FAULT ) { - addr = (unsigned long *) find_faulty_instr(taddr, faultType, &len); - /* do it over again if we can't find the right instruction */ - if(!addr || !len ) { - i--; - continue; - } + if(text_read_ub(c)==0x0f) { + c++; } + c++; + len = len-((long) c - (long) addr); + flip_bit = random() % (len*8-4); + PDEBUG(("flip bit %d (len=%d) => ", flip_bit, len)); -printf("len = %d\n", len); + /* mod/rm byte is special */ - PDEBUG(("target addr=%lx, instr addr=%p, %lx=>", taddr, addr, - text_read_ul(addr))); - - offset = (unsigned long) addr&PAGE_MASK; - page = (unsigned long) addr&~PAGE_MASK; - - /* it doesn't matter what we used here to unprotect page, - * as this routine will not be in production code. - */ - - res[count].address = taddr; - res[count].old = text_read_ul(addr); - res[count].new = text_read_ul(addr); - - if (faultType==TEXT_FAULT) { - - flip_bit = random() & 0x1f; - PDEBUG(("flip bit %d => ", flip_bit)); + if (flip_bit < 4) { flip_bit = 1 << flip_bit; - res[count].new = text_read_ul(addr) ^ flip_bit; - - if (injectFault) { - text_write_ul(addr, text_read_ul(addr)^flip_bit); - } + text_write_ub(c, text_read_ub(c)^flip_bit); + } + c++; + flip_bit=flip_bit-4; - } else if (faultType==NOP_FAULT || - faultType==INIT_FAULT || - faultType==BRANCH_FAULT || - faultType==INTERFACE_FAULT || - faultType==IRQ_FAULT) { - c = (unsigned char *) addr; + for(j=1; j=0xd8 && text_read_ub(c)<=0xdf) { - /* don't mess with fp instruction, yet. - * but there shouldn't be any fp instr in kernel. - */ - PDEBUG(("floating point instruction, bailing out\n")); - i--; - continue; - } else if(text_read_ub(c)==0x0f) { - c++; - } - if(text_read_ub(c)==0x0f) { - c++; + j=len; } c++; - len = len-((long) c - (long) addr); - if (len == 0) - { - printf("tex_fault: len = %d\n", len); - count--; - continue; - } -if (len == 0) -{ - int i; - - printf( - "text_fault: bad length at address %p, c = %p, fault type %ld\n", - addr, c, faultType); - printf("bytes:"); - for (i= 0; i<16; i++) - printf(" 0x%02x", text_read_ub((char *)addr+i)); - printf("\n"); - abort(); - *(int *)-4 = 0; -} - flip_bit = random() % (len*8); - PDEBUG(("flip bit %d (len=%d) => ", flip_bit, len)); - for(j=0; j=0xd8 && text_read_ub(c)<=0xdf) { - /* don't mess with fp instruction, yet */ - PDEBUG(("floating point instruction, bailing out\n")); - i--; - continue; - } else if(text_read_ub(c)==0x0f) { - c++; - } - if(text_read_ub(c)==0x0f) { - c++; + if(text_read_ub(c)%2 == 0) { + text_write_ub(c, text_read_ub(c)+1); + } else { + text_write_ub(c, text_read_ub(c)-1); } + } else if(text_read_ub(c)==0x66 || text_read_ub(c)==0x67) { + /* override prefix */ c++; - len = len-((long) c - (long) addr); - flip_bit = random() % (len*8-4); - PDEBUG(("flip bit %d (len=%d) => ", flip_bit, len)); - - /* mod/rm byte is special */ - - if (flip_bit < 4) { - flip_bit = 1 << flip_bit; - - rc = c - (unsigned char *) addr; - if (rc < sizeof(unsigned long)) { - ((unsigned char *) &res[count].new)[rc] = text_read_ub(c) ^ flip_bit; - - } - if (injectFault) { - text_write_ub(c, text_read_ub(c)^flip_bit); - } - - } - c++; - flip_bit=flip_bit-4; - - for(j=1; j -#include -#include "swifi.h" - - -EXPORT_SYMBOL(sys_inject_fault); - -EXPORT_SYMBOL(swifi_memmove_fn); -EXPORT_SYMBOL(swifi_memcpy_fn); -EXPORT_SYMBOL(memmove_fn); -EXPORT_SYMBOL(memcpy_fn); -EXPORT_SYMBOL(swifi_kfree); -EXPORT_SYMBOL(swifi_vfree); -EXPORT_SYMBOL(swifi_kmalloc); -EXPORT_SYMBOL(swifi___vmalloc); -EXPORT_SYMBOL(swifi___generic_copy_from_user); -EXPORT_SYMBOL(swifi___generic_copy_to_user); - - diff --git a/minix/commands/swifi/swifi-user.h b/minix/commands/swifi/swifi-user.h deleted file mode 100644 index 995112df6..000000000 --- a/minix/commands/swifi/swifi-user.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef _SWIFI_USER_H -#define _SWIFI_USER_H - - -#define TEXT_FAULT 0 -#define STACK_FAULT 1 -#define HEAP_FAULT 2 -#define INIT_FAULT 3 -#define NOP_FAULT 4 -#define DST_FAULT 5 -#define SRC_FAULT 6 -#define BRANCH_FAULT 7 -#define PTR_FAULT 8 -#define FREE_FAULT 9 -#define BCOPY_FAULT 10 -#define SYNC_FAULT 11 -#define LOOP_FAULT 12 -#define MEM_LEAK_FAULT 13 -#define INTERFACE_FAULT 14 -#define DIRECT_FAULT 15 -#define DIRECT_FAULT1 16 -#define STATS 17 -#define WP_FAULT 19 -#define PANIC_FAULT 20 -#define WHILE1_FAULT 21 -#define DEBUGGER_FAULT 22 -#define CPU_RESET_FAULT 23 -#define PAGE_REG_DUMP 24 -#define COW_FAULT 25 -#define IRQ_FAULT 26 -#define ALLOC_FAULT 27 -#define DISK_TEST 100 - - -#define SWIFI_MAX_FAULTS 1000 - -typedef struct swifi_result { - unsigned long address; - unsigned long old; - unsigned long new; -} swifi_result_t, *pswifi_result_t; - -long -sys_inject_fault(char * module, - unsigned long argFaultType, - unsigned long argRandomSeed, - unsigned long argNumFaults, - pswifi_result_t result_record, - unsigned long argInjectFault); - - -#endif /* _SWIFI_USER_H */ - diff --git a/minix/commands/swifi/swifi.h b/minix/commands/swifi/swifi.h index 82103bf4f..4958fd70f 100644 --- a/minix/commands/swifi/swifi.h +++ b/minix/commands/swifi/swifi.h @@ -1,64 +1,25 @@ -#ifndef _LINUX_SWIFI_H -#define _LINUX_SWIFI_H +#ifndef _SWIFI_H +#define _SWIFI_H #include -#include "swifi-user.h" - -long -swifi_inject_fault(char * nook_name, - unsigned long faultType, - unsigned long randSeed, - unsigned long numFaults, - void * results, - unsigned long do_inject); - - -long -sys_inject_fault(char * module, - unsigned long argFaultType, - unsigned long argRandomSeed, - unsigned long argNumFaults, - pswifi_result_t result_record, - unsigned long argInjectFault); - -void -swifi_kfree(const void *addr); - +#define TEXT_FAULT 0 +#define INIT_FAULT 3 +#define NOP_FAULT 4 +#define DST_FAULT 5 +#define SRC_FAULT 6 +#define BRANCH_FAULT 7 +#define PTR_FAULT 8 +#define LOOP_FAULT 12 +#define INTERFACE_FAULT 14 +#define IRQ_FAULT 26 +#define STOP_FAULT 50 +#define RANDOM_FAULT 99 void -swifi_vfree(void *addr); - - -void * -swifi_memmove_fn(void *to, void *from, size_t len); - - -void * -swifi_memcpy_fn(void *to, void *from, size_t len); - - -void * -memmove_fn(void *to, void *from, size_t len); - -void * -memcpy_fn(void *to, void *from, size_t len); - -unsigned long -swifi___generic_copy_from_user (void *kaddr, void *udaddr, unsigned long len); - -unsigned long -swifi___generic_copy_to_user(void *udaddr, void *kaddr, unsigned long len); - - -void * -swifi_kmalloc(size_t size, int flags); - - -#if 0 -void * -swifi___vmalloc(unsigned long size, int gfp_mask, pgprot_t prot); -#endif - -#endif /* _LINUX_SWIFI_H */ +swifi_inject_fault(char * module, + unsigned long faultType, + unsigned long randomSeed, + unsigned long numFaults); +#endif /* _SWIFI_H */ diff --git a/minix/commands/swifi/systest.c b/minix/commands/swifi/systest.c index e0a7234dd..6c41262ab 100644 --- a/minix/commands/swifi/systest.c +++ b/minix/commands/swifi/systest.c @@ -5,7 +5,7 @@ * * The source code in this file can be freely used, adapted, * and redistributed in source or binary form, so long as an - * acknowledgment appears in derived source files. + * acknowledgment appears in derived source files. * No warranty is attached; * we cannot take responsibility for errors or fitness for use. * @@ -14,47 +14,37 @@ #include #include #include -#if 0 -#include -#endif #include #include -#define swifi_inject_fault sys_inject_fault - -#include "swifi-user.h" +#include "swifi.h" #include "extra.h" +void +usage(char *name) +{ + printf("Usage: %s -f module_name pid fault-type fault-count seed\n", name); -#if 0 -_syscall6(long, swifi_inject_fault, - char *, module_name, - unsigned long, faultType, - unsigned long, randSeed, - unsigned long, numFaults, - void *, result, - unsigned long, do_inject); -#endif + exit(EXIT_FAILURE); +} int main(int argc, char * argv[]) { char * module_name = NULL; int i; - long result = 0; unsigned int cmd = 0; unsigned long arg = 0; unsigned long seed = 157; - swifi_result_t * res = NULL; if (argc < 2) { - goto Usage; + usage(argv[0]); } for (i = 1; i < argc; i++ ) { if (strcmp(argv[i], "-f") == 0) { if (argc <= i+5) { - goto Usage; + usage(argv[0]); } module_name = victim_exe = argv[++i]; sscanf(argv[++i],"%u", &victim_pid); @@ -63,61 +53,15 @@ main(int argc, char * argv[]) sscanf(argv[++i],"%lu", &seed); } else { printf("Unknown command %s\n", argv[i]); - goto Usage; + usage(argv[0]); } } - size_t ressize = arg * sizeof(swifi_result_t); - res = malloc(ressize); - if (res == NULL) { - printf("Out of memory\n"); - goto Cleanup; - } - - memset(res, 0, ressize); - - /* - // Find out where the faults will be injected - */ - - result = swifi_inject_fault(module_name, - cmd, /* fault type */ - seed, /* random seed */ - arg, /* numFaults */ - res, - 0); /* don't inject now */ - - for (i = 0; (i < arg) && (res[i].address != 0) ; i++) { - printf("Changed 0x%lx from 0x%lx to 0x%lx\n", - res[i].address, - res[i].old, - res[i].new); - } - - /* - // do the injection - */ - - result = swifi_inject_fault(module_name, - cmd, /* fault type */ - seed, /* random seed */ - arg, /* numFaults */ - res, - 1); /* do inject now */ + /* Do the injection. */ + swifi_inject_fault(module_name, + cmd, /* fault type */ + seed, /* random seed */ + arg); /* numFaults */ - printf("swifi_inject_fault returned %ld (%d)\n", result,errno); - - - - Cleanup: - if (res != NULL) { - free(res); - } - return(0); - - Usage: - printf("Usage: %s -f module_name pid fault-type fault-count seed\n", argv[0]); - goto Cleanup; + return EXIT_SUCCESS; } - - diff --git a/minix/commands/swifi/do_swifi b/minix/commands/swifi/tests/do_swifi similarity index 64% rename from minix/commands/swifi/do_swifi rename to minix/commands/swifi/tests/do_swifi index 3616c9087..680559066 100644 --- a/minix/commands/swifi/do_swifi +++ b/minix/commands/swifi/tests/do_swifi @@ -1,4 +1,4 @@ #!/bin/sh pid=`ps ax | grep fxp | grep usr.sbin | sed 's,^[ ]*,,;s,[ ].*,,` echo "pid = $pid" -./swifi -f /usr/build/drivers/fxp/fxp $pid 26 100 4 +swifi -f /usr/build/drivers/fxp/fxp $pid 26 100 4 diff --git a/minix/commands/swifi/do_swifi_bug1 b/minix/commands/swifi/tests/do_swifi_bug1 similarity index 65% rename from minix/commands/swifi/do_swifi_bug1 rename to minix/commands/swifi/tests/do_swifi_bug1 index bd5c825f4..750a884da 100644 --- a/minix/commands/swifi/do_swifi_bug1 +++ b/minix/commands/swifi/tests/do_swifi_bug1 @@ -1,4 +1,4 @@ #!/bin/sh pid=`ps ax | grep fxp | grep usr.sbin | sed 's,^[ ]*,,;s,[ ].*,,` echo "pid = $pid" -./swifi -f /usr/build/drivers/fxp/fxp $pid 8 100 4 +swifi -f /usr/build/drivers/fxp/fxp $pid 8 100 4 diff --git a/minix/commands/swifi/rnd.c b/minix/commands/swifi/tests/rnd.c similarity index 98% rename from minix/commands/swifi/rnd.c rename to minix/commands/swifi/tests/rnd.c index 4412e2ff2..41a7fac8c 100644 --- a/minix/commands/swifi/rnd.c +++ b/minix/commands/swifi/tests/rnd.c @@ -4,8 +4,6 @@ rnd.c Generate random numbers */ -#define _POSIX_SOURCE - #include #include #include diff --git a/minix/commands/swifi/rs.restart_imm b/minix/commands/swifi/tests/rs.restart_imm similarity index 100% rename from minix/commands/swifi/rs.restart_imm rename to minix/commands/swifi/tests/rs.restart_imm diff --git a/minix/commands/swifi/run_swifi b/minix/commands/swifi/tests/run_swifi similarity index 96% rename from minix/commands/swifi/run_swifi rename to minix/commands/swifi/tests/run_swifi index 8d7fbcb70..08e1bc95f 100644 --- a/minix/commands/swifi/run_swifi +++ b/minix/commands/swifi/tests/run_swifi @@ -27,7 +27,7 @@ do_one() sleep 10 done echo pid = $pid - ./swifi -f $EXE $pid $1 $2 $3 >/tmp/out + swifi -f $EXE $pid $1 $2 $3 >/tmp/out sleep 1 kill -0 $pid && echo "driver survived, params: test $1, count $2, seed $3" || diff --git a/minix/commands/swifi/run_swifi-x b/minix/commands/swifi/tests/run_swifi-x similarity index 91% rename from minix/commands/swifi/run_swifi-x rename to minix/commands/swifi/tests/run_swifi-x index 14b093444..211d186f9 100644 --- a/minix/commands/swifi/run_swifi-x +++ b/minix/commands/swifi/tests/run_swifi-x @@ -10,7 +10,7 @@ do_one() sleep 1 done echo pid = $pid - ./swifi -f /usr/build/drivers/dp8390/dp8390 $pid $1 $2 $3 >/tmp/out + swifi -f /usr/build/drivers/dp8390/dp8390 $pid $1 $2 $3 >/tmp/out sleep 5 kill -0 $pid && echo "driver failed to die, params: test $1, count $2, seed $3" diff --git a/minix/commands/swifi/run_t1 b/minix/commands/swifi/tests/run_t1 similarity index 97% rename from minix/commands/swifi/run_t1 rename to minix/commands/swifi/tests/run_t1 index ebffbdc05..c4b22424f 100755 --- a/minix/commands/swifi/run_t1 +++ b/minix/commands/swifi/tests/run_t1 @@ -26,7 +26,7 @@ do_one() sleep 10 done echo pid = $pid - ./swifi -f $EXE $pid $1 $2 $3 >/tmp/out + swifi -f $EXE $pid $1 $2 $3 >/tmp/out sleep 1 kill -0 $pid && echo "driver failed to die, params: test $1, count $2, seed $3" @@ -94,7 +94,7 @@ text) type_arg=0 ;; nop) type_arg=4 ;; -random) +random) ;; *) usage diff --git a/minix/commands/swifi/run_t1a b/minix/commands/swifi/tests/run_t1a similarity index 86% rename from minix/commands/swifi/run_t1a rename to minix/commands/swifi/tests/run_t1a index efa06655e..06984c0f4 100755 --- a/minix/commands/swifi/run_t1a +++ b/minix/commands/swifi/tests/run_t1a @@ -15,7 +15,7 @@ mv $LOGFILE $LOGFILE.prev kill -1 `ps ax | grep syslogd | grep -v grep | sed 's,^[ ]*,,;s,[ ].*,,'` -./run_t1 $count $type `expr $run \* 1000` 2>&1 | +./run_t1 $count $type `expr $run \* 1000` 2>&1 | tee results/1.$type.$run.out cp $LOGFILE results/1.$type.$run.log diff --git a/minix/commands/swifi/run_t1b b/minix/commands/swifi/tests/run_t1b similarity index 100% rename from minix/commands/swifi/run_t1b rename to minix/commands/swifi/tests/run_t1b diff --git a/minix/commands/swifi/run_t2 b/minix/commands/swifi/tests/run_t2 similarity index 97% rename from minix/commands/swifi/run_t2 rename to minix/commands/swifi/tests/run_t2 index 9a2408642..757b2191c 100755 --- a/minix/commands/swifi/run_t2 +++ b/minix/commands/swifi/tests/run_t2 @@ -27,10 +27,10 @@ do_one() sleep 10 done echo pid = $pid - ./swifi -f $EXE $pid $1 $2 $3 >/tmp/out + swifi -f $EXE $pid $1 $2 $3 >/tmp/out sleep 1 fault_blocks=`expr $fault_blocks + 1` - if kill -0 $pid + if kill -0 $pid then if [ $dont_connect -eq 0 ] then @@ -114,7 +114,7 @@ text) type_arg=0 ;; nop) type_arg=4 ;; -random) +random) ;; *) usage diff --git a/minix/commands/swifi/run_t2a b/minix/commands/swifi/tests/run_t2a similarity index 86% rename from minix/commands/swifi/run_t2a rename to minix/commands/swifi/tests/run_t2a index 8af4b0691..81f2cfb34 100755 --- a/minix/commands/swifi/run_t2a +++ b/minix/commands/swifi/tests/run_t2a @@ -15,7 +15,7 @@ mv $LOGFILE $LOGFILE.prev kill -1 `ps ax | grep syslogd | grep -v grep | sed 's,^[ ]*,,;s,[ ].*,,'` -./run_t2 $count $type `expr $run \* 1000` 2>&1 | +./run_t2 $count $type `expr $run \* 1000` 2>&1 | tee results/2.$type.$run.out cp $LOGFILE results/2.$type.$run.log diff --git a/minix/commands/swifi/run_t2b b/minix/commands/swifi/tests/run_t2b similarity index 100% rename from minix/commands/swifi/run_t2b rename to minix/commands/swifi/tests/run_t2b diff --git a/minix/commands/swifi/socket.c b/minix/commands/swifi/tests/socket.c similarity index 96% rename from minix/commands/swifi/socket.c rename to minix/commands/swifi/tests/socket.c index bebcc0e82..87e5c1a8b 100644 --- a/minix/commands/swifi/socket.c +++ b/minix/commands/swifi/tests/socket.c @@ -6,8 +6,6 @@ Created: Feb 2001 by Philip Homburg Open a TCP connection */ -#define _POSIX_C_SOURCE 2 - #include #include #include @@ -28,6 +26,7 @@ Open a TCP connection #include #include #include +#include #define BUF_SIZE 10240 @@ -118,7 +117,7 @@ static void do_conn(char *hostname, char *portname) nwio_tcpcl_t tcpcl; nwio_tcpopt_t tcpopt; - if (!inet_aton(hostname, &addr)) + if (!inet_aton(hostname, (struct in_addr *)&addr)) { he= gethostbyname(hostname); if (he == NULL) @@ -159,7 +158,8 @@ static void do_conn(char *hostname, char *portname) tcpcl.nwtcl_flags= 0; if (ioctl(tcpfd, NWIOTCPCONN, &tcpcl) == -1) { - fatal("unable to connect to %s:%u: %s", inet_ntoa(addr), + fatal("unable to connect to %s:%u: %s", + inet_ntoa(*(struct in_addr *)&addr), ntohs(tcpconf.nwtc_remport), strerror(errno)); } @@ -207,7 +207,7 @@ static void fullduplex(void) fatal("error reading from TCP conn.: %s", strerror(errno)); } - s= r; + s= r; for (o= 0; o