From d036104a02995efe416dd5ada503408ae37b56a5 Mon Sep 17 00:00:00 2001 From: Andrew Scull Date: Mon, 16 May 2022 10:41:40 +0000 Subject: [PATCH] test: dm: virtio_rng: Test virtio-rng with faked device Add a regression test for virtio-rng reading beyond the end of its buffer if the virtio device provides an invalid length. Signed-off-by: Andrew Scull Reviewed-by: Simon Glass --- test/dm/Makefile | 1 + test/dm/virtio_rng.c | 52 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 test/dm/virtio_rng.c diff --git a/test/dm/Makefile b/test/dm/Makefile index 809f0f239f..caea52f4e2 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -110,6 +110,7 @@ obj-$(CONFIG_DM_VIDEO) += video.o ifeq ($(CONFIG_VIRTIO_SANDBOX),y) obj-y += virtio.o obj-$(CONFIG_VIRTIO_RNG) += virtio_device.o +obj-$(CONFIG_VIRTIO_RNG) += virtio_rng.o endif ifeq ($(CONFIG_WDT_GPIO)$(CONFIG_WDT_SANDBOX),yy) obj-y += wdt.o diff --git a/test/dm/virtio_rng.c b/test/dm/virtio_rng.c new file mode 100644 index 0000000000..ff5646b4e1 --- /dev/null +++ b/test/dm/virtio_rng.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* This is a brittle means of getting access to the virtqueue */ +struct virtio_rng_priv { + struct virtqueue *rng_vq; +}; + +/* Test the virtio-rng driver validates the used size */ +static int dm_test_virtio_rng_check_len(struct unit_test_state *uts) +{ + struct udevice *bus, *dev; + struct virtio_rng_priv *priv; + u8 buffer[16]; + + /* check probe success */ + ut_assertok(uclass_first_device(UCLASS_VIRTIO, &bus)); + ut_assertnonnull(bus); + + /* check the child virtio-rng device is bound */ + ut_assertok(device_find_first_child(bus, &dev)); + ut_assertnonnull(dev); + + /* probe the virtio-rng driver */ + ut_assertok(device_probe(dev)); + + /* simulate the device returning the buffer with too much data */ + priv = dev_get_priv(dev); + priv->rng_vq->vring.used->idx = 1; + priv->rng_vq->vring.used->ring[0].id = 0; + priv->rng_vq->vring.used->ring[0].len = U32_MAX; + + /* check the driver gracefully handles the error */ + ut_asserteq(-EIO, dm_rng_read(dev, buffer, sizeof(buffer))); + + return 0; +} +DM_TEST(dm_test_virtio_rng_check_len, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT); -- 2.39.5