/* * Copyright (C) 2020 The Android Open Sourete Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #define LOG_TAG "coverage" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define COVERAGE_CLIENT_PORT "com.android.trusty.coverage.client" namespace android { namespace trusty { namespace coverage { using android::base::ErrnoError; using android::base::Error; using std::string; using std::to_string; using std::unique_ptr; static inline uintptr_t RoundPageUp(uintptr_t val) { return (val + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1); } CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid) : tipc_dev_(std::move(tipc_dev)), coverage_srv_fd_(-1), uuid_(*uuid), sancov_filename_(), record_len_(0), shm_(NULL), shm_len_(0) {} CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid, string module_name) : tipc_dev_(std::move(tipc_dev)), coverage_srv_fd_(-1), uuid_(*uuid), sancov_filename_(module_name + "." + to_string(getpid()) + ".sancov"), record_len_(0), shm_(NULL), shm_len_(0) {} CoverageRecord::~CoverageRecord() { if (shm_) { if (sancov_filename_) { auto res = SaveSancovFile(*sancov_filename_); if (!res.ok()) { ALOGE("Could not write sancov file for module: %s\n", sancov_filename_->c_str()); } } munmap((void*)shm_, shm_len_); } } Result CoverageRecord::Rpc(coverage_client_req* req, int req_fd, coverage_client_resp* resp) { int rc; if (req_fd < 0) { rc = write(coverage_srv_fd_, req, sizeof(*req)); } else { iovec iov = { .iov_base = req, .iov_len = sizeof(*req), }; trusty_shm shm = { .fd = req_fd, .transfer = TRUSTY_SHARE, }; rc = tipc_send(coverage_srv_fd_, &iov, 1, &shm, 1); } if (rc != (int)sizeof(*req)) { return ErrnoError() << "failed to send request to coverage server: "; } rc = read(coverage_srv_fd_, resp, sizeof(*resp)); if (rc != (int)sizeof(*resp)) { return ErrnoError() << "failed to read reply from coverage server: "; } if (resp->hdr.cmd != (req->hdr.cmd | COVERAGE_CLIENT_CMD_RESP_BIT)) { return ErrnoError() << "unknown response cmd: " << resp->hdr.cmd; } return {}; } Result CoverageRecord::Open() { coverage_client_req req; coverage_client_resp resp; if (shm_) { return {}; /* already initialized */ } int fd = tipc_connect(tipc_dev_.c_str(), COVERAGE_CLIENT_PORT); if (fd < 0) { // Don't error out to support fuzzing builds without coverage, e.g. for repros. std::cerr << "WARNING!!! Failed to connect to Trusty coverarge server." << std::endl; return {}; } coverage_srv_fd_.reset(fd); req.hdr.cmd = COVERAGE_CLIENT_CMD_OPEN; req.open_args.uuid = uuid_; auto ret = Rpc(&req, -1, &resp); if (!ret.ok()) { return Error() << "failed to open coverage client: " << ret.error(); } record_len_ = resp.open_args.record_len; shm_len_ = RoundPageUp(record_len_); BufferAllocator allocator; fd = allocator.Alloc("system", shm_len_); if (fd < 0) { return ErrnoError() << "failed to create dmabuf of size " << shm_len_ << " err code: " << fd; } unique_fd dma_buf(fd); void* shm = mmap(0, shm_len_, PROT_READ | PROT_WRITE, MAP_SHARED, dma_buf, 0); if (shm == MAP_FAILED) { return ErrnoError() << "failed to map memfd: "; } req.hdr.cmd = COVERAGE_CLIENT_CMD_SHARE_RECORD; req.share_record_args.shm_len = shm_len_; ret = Rpc(&req, dma_buf, &resp); if (!ret.ok()) { return Error() << "failed to send shared memory: " << ret.error(); } shm_ = shm; return {}; } bool CoverageRecord::IsOpen() { return shm_; } void CoverageRecord::ResetFullRecord() { auto header_region = GetRegionBounds(COV_START); if (!header_region.ok()) { // If the header cannot be parsed, we can't reset the proper region yet. return; } for (size_t i = header_region->second; i < shm_len_; i++) { *((volatile uint8_t*)shm_ + i) = 0; } } void CoverageRecord::ResetCounts() { volatile uint8_t* begin = nullptr; volatile uint8_t* end = nullptr; GetRawCounts(&begin, &end); for (volatile uint8_t* x = begin; x < end; x++) { *x = 0; } } void CoverageRecord::ResetPCs() { volatile uintptr_t* begin = nullptr; volatile uintptr_t* end = nullptr; GetRawPCs(&begin, &end); for (volatile uintptr_t* x = begin; x < end; x++) { *x = 0; } } Result> CoverageRecord::GetRegionBounds(uint32_t region_type) { assert(shm_); auto header = (volatile struct coverage_record_header*)shm_; if (header->type != COV_START) { return Error() << "Header not yet valid"; } for (++header; header->type != COV_TOTAL_LENGTH; ++header) { if (header->type == region_type) { // Coverage record must end with a COV_TOTAL_LENGTH header entry, so // it is always safe to read the next entry since we don't iterate // over the COV_TOTAL_LENGTH entry. return {{header->offset, (header + 1)->offset}}; } } return Error() << "Could not find coverage region type: " << region_type; } void CoverageRecord::GetRawData(volatile void** begin, volatile void** end) { assert(shm_); *begin = shm_; *end = (uint8_t*)(*begin) + record_len_; } void CoverageRecord::GetRawCounts(volatile uint8_t** begin, volatile uint8_t** end) { auto region = GetRegionBounds(COV_8BIT_COUNTERS); if (!region.ok()) { *begin = 0; *end = 0; return; } assert(region->second <= record_len_); *begin = (volatile uint8_t*)shm_ + region->first; *end = (volatile uint8_t*)shm_ + region->second; } void CoverageRecord::GetRawPCs(volatile uintptr_t** begin, volatile uintptr_t** end) { auto region = GetRegionBounds(COV_INSTR_PCS); if (!region.ok()) { *begin = 0; *end = 0; return; } assert(region->second <= record_len_); *begin = (volatile uintptr_t*)((volatile uint8_t*)shm_ + region->first); *end = (volatile uintptr_t*)((volatile uint8_t*)shm_ + region->second); } uint64_t CoverageRecord::TotalEdgeCounts() { assert(shm_); uint64_t counter = 0; volatile uint8_t* begin = NULL; volatile uint8_t* end = NULL; GetRawCounts(&begin, &end); for (volatile uint8_t* x = begin; x < end; x++) { counter += *x; } return counter; } Result CoverageRecord::SaveSancovFile(const std::string& filename) { android::base::unique_fd output_fd(TEMP_FAILURE_RETRY(creat(filename.c_str(), 00644))); if (!output_fd.ok()) { return ErrnoError() << "Could not open sancov file"; } uint64_t magic; if (sizeof(uintptr_t) == 8) { magic = 0xC0BFFFFFFFFFFF64; } else if (sizeof(uintptr_t) == 4) { magic = 0xC0BFFFFFFFFFFF32; } WriteFully(output_fd, &magic, sizeof(magic)); volatile uintptr_t* begin = nullptr; volatile uintptr_t* end = nullptr; GetRawPCs(&begin, &end); for (volatile uintptr_t* pc_ptr = begin; pc_ptr < end; pc_ptr++) { uintptr_t pc = *pc_ptr; if (pc) { WriteFully(output_fd, &pc, sizeof(pc)); } } return {}; } } // namespace coverage } // namespace trusty } // namespace android