github/ocf
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #466 from mmichal10/security_tests

Browse Source 
Secure OCF
This commit is contained in:
Robert Baldyga 2021-03-04 09:19:21 +01:00 committed by GitHub
commit f37d7b6a45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 346 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/ocf_def.h
View File

@ -176,6 +176,8 @@ typedef enum {
} ocf_cache_mode_t;
#define OCF_SEQ_CUTOFF_MAX_STREAMS 256
#define OCF_SEQ_CUTOFF_MIN_THRESHOLD 1
#define OCF_SEQ_CUTOFF_MAX_THRESHOLD 4194181
typedef enum {
ocf_seq_cutoff_policy_always = 0,

5
inc/ocf_mngt.h
View File

@ -862,11 +862,6 @@ struct ocf_mngt_io_class_config {
*/
ocf_cache_mode_t cache_mode;
/**
* @brief IO class minimum size
*/
uint32_t min_size;
/**
* @brief IO class maximum size
*/

1
src/metadata/metadata_partition.h
View File

@ -11,6 +11,7 @@
#define PARTITION_DEFAULT 0
#define PARTITION_INVALID ((ocf_part_id_t)-1)
#define PARTITION_SIZE_MIN 0
#define PARTITION_SIZE_MAX 100
void ocf_metadata_get_partition_info(

7
src/mngt/ocf_mngt_core.c
View File

@ -898,6 +898,13 @@ static int _cache_mngt_set_core_seq_cutoff_threshold(ocf_core_t core, void *cntx
uint32_t threshold = *(uint32_t*) cntx;
uint32_t threshold_old = ocf_core_get_seq_cutoff_threshold(core);
if (threshold < OCF_SEQ_CUTOFF_MIN_THRESHOLD ||
threshold > OCF_SEQ_CUTOFF_MAX_THRESHOLD) {
ocf_core_log(core, log_info,
"Invalid sequential cutoff threshold!\n");
return -OCF_ERR_INVAL;
}
if (threshold_old == threshold) {
ocf_core_log(core, log_info,
"Sequential cutoff threshold %u bytes is "

9
src/mngt/ocf_mngt_io_class.c
View File

@ -116,7 +116,7 @@ static int _ocf_mngt_io_class_configure(ocf_cache_t cache,
const char *name = cfg->name;
int16_t prio = cfg->prio;
ocf_cache_mode_t cache_mode = cfg->cache_mode;
uint32_t min = cfg->min_size;
uint32_t min = 0;
uint32_t max = cfg->max_size;
OCF_CHECK_NULL(cache->device);
@ -256,6 +256,13 @@ static int _ocf_mngt_io_class_validate_cfg(ocf_cache_t cache,
return -OCF_ERR_INVAL;
}
if (cfg->max_size < PARTITION_SIZE_MIN ||
cfg->max_size > PARTITION_SIZE_MAX) {
ocf_cache_log(cache, log_info,
"Invalid value of the partition max size\n");
return -OCF_ERR_INVAL;
}
return 0;
}

22
tests/functional/pyocf/types/cache.py
View File

@ -76,6 +76,21 @@ class ConfValidValues:
promotion_nhit_insertion_threshold_range = range(2, 1000)
promotion_nhit_trigger_threshold_range = range(0, 100)
cleaning_alru_wake_up_time_range = range(0, 3600)
cleaning_alru_staleness_time_range = range(1, 3600)
cleaning_alru_flush_max_buffers_range = range(1, 10000)
cleaning_alru_activity_threshold_range = range(0, 1000000)
cleaning_acp_wake_up_time_range = range(0, 10000)
cleaning_acp_flush_max_buffers_range = range(1, 10000)
seq_cutoff_threshold_rage = range(1, 4194181)
ioclass_id_range = range(0, 32)
ioclass_priority_range = range(-1, 255)
ioclass_min_size_range = range(0, 100)
ioclass_max_size_range = range(0, 100)
CACHE_MODE_NONE = -1
@ -302,7 +317,7 @@ class Cache:
self.write_unlock()
if status:
raise OcfError("Error setting cache seq cut off policy", status)
raise OcfError("Error setting cache seq cut off policy threshold", status)
def get_partition_info(self, part_id: int):
ioclass_info = IoClassInfo()
@ -347,7 +362,6 @@ class Cache:
self,
part_id: int,
name: str,
min_size: int,
max_size: int,
priority: int,
cache_mode=CACHE_MODE_NONE,
@ -369,15 +383,13 @@ class Cache:
)
ioclasses_info._config[i]._prio = ioclass_info._priority
ioclasses_info._config[i]._cache_mode = ioclass_info._cache_mode
ioclasses_info._config[i]._min_size = ioclass_info._min_size
ioclasses_info._config[i]._max_size = ioclass_info._max_size
self.read_unlock()
ioclasses_info._config[part_id]._name = name.encode("ascii")
ioclasses_info._config[part_id]._name = name.encode("utf-8")
ioclasses_info._config[part_id]._cache_mode = int(cache_mode)
ioclasses_info._config[part_id]._prio = priority
ioclasses_info._config[part_id]._min_size = min_size
ioclasses_info._config[part_id]._max_size = max_size
self.write_lock()

14
tests/functional/pyocf/types/core.py
View File

@ -162,6 +162,18 @@ class Core:
self.cache.write_unlock()
def set_seq_cut_off_threshold(self, threshold):
self.cache.write_lock()
status = self.cache.owner.lib.ocf_mngt_core_set_seq_cutoff_threshold(
self.handle, threshold
)
if status:
self.cache.write_unlock()
raise OcfError("Error setting core seq cut off policy threshold", status)
self.cache.write_unlock()
def reset_stats(self):
self.cache.owner.lib.ocf_core_stats_initialize(self.handle)
@ -211,6 +223,8 @@ lib.ocf_core_get_volume.argtypes = [c_void_p]
lib.ocf_core_get_volume.restype = c_void_p
lib.ocf_mngt_core_set_seq_cutoff_policy.argtypes = [c_void_p, c_uint32]
lib.ocf_mngt_core_set_seq_cutoff_policy.restype = c_int
lib.ocf_mngt_core_set_seq_cutoff_threshold.argtypes = [c_void_p, c_uint32]
lib.ocf_mngt_core_set_seq_cutoff_threshold.restype = c_int
lib.ocf_stats_collect_core.argtypes = [c_void_p, c_void_p, c_void_p, c_void_p, c_void_p]
lib.ocf_stats_collect_core.restype = c_int
lib.ocf_core_get_info.argtypes = [c_void_p, c_void_p]

1
tests/functional/pyocf/types/ioclass.py
View File

@ -26,7 +26,6 @@ class IoClassConfig(Structure):
("_name", c_char_p),
("_prio", c_uint16),
("_cache_mode", c_int),
("_min_size", c_uint32),
("_max_size", c_uint32),
]

2
tests/functional/tests/eviction/test_eviction.py
View File

@ -93,14 +93,12 @@ def test_evict_overflown_pinned(pyocf_ctx, cls: CacheLineSize):
cache.configure_partition(
part_id=test_ioclass_id,
name="default_ioclass",
min_size=0,
max_size=100,
priority=1,
)
cache.configure_partition(
part_id=pinned_ioclass_id,
name="pinned_ioclass",
min_size=0,
max_size=pinned_ioclass_max_occupancy,
priority=-1,
)

2
tests/functional/tests/management/test_attach_cache.py
View File

@ -51,7 +51,7 @@ def test_attach_different_size(
cache.add_core(core)
cache.configure_partition(
part_id=1, name="test_part", min_size=0, max_size=50, priority=1
part_id=1, name="test_part", max_size=50, priority=1
)
cache.set_seq_cut_off_policy(SeqCutOffPolicy.NEVER)

292
tests/functional/tests/security/test_management_fuzzy.py
View File

@ -4,10 +4,12 @@
#
import pytest
import string
from pyocf.types.cache import (
Cache,
CacheMode,
CACHE_MODE_NONE,
CleaningPolicy,
AlruParams,
AcpParams,
@ -18,7 +20,7 @@ from pyocf.types.cache import (
from pyocf.types.core import Core
from pyocf.types.volume import Volume
from pyocf.utils import Size as S
from tests.utils.random import RandomGenerator, DefaultRanges
from tests.utils.random import Range, RandomGenerator, DefaultRanges, RandomStringGenerator
from pyocf.types.shared import OcfError, CacheLineSize, SeqCutOffPolicy
from ctypes import c_uint64, c_uint32, c_uint8
@ -43,6 +45,7 @@ def test_neg_change_cache_mode(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error changing cache mode"):
cache.change_cache_mode(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -66,6 +69,7 @@ def test_neg_set_cleaning_policy(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error changing cleaning policy"):
cache.set_cleaning_policy(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -91,6 +95,7 @@ def test_neg_attach_cls(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Attaching cache device failed"):
cache.attach_device(cache_device, cache_line_size=i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -124,6 +129,72 @@ def test_neg_cache_set_seq_cut_off_policy(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error setting cache seq cut off policy"):
cache.set_seq_cut_off_policy(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.security
def test_neg_cache_set_seq_cut_off_threshold(pyocf_ctx, cm, cls):
"""
Test whether it is possible to change cache seq cut-off threshold to invalid value
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
# Create 2 core devices
core_device1 = Volume(S.from_MiB(10))
core1 = Core.using_device(core_device1, name="core1")
core_device2 = Volume(S.from_MiB(10))
core2 = Core.using_device(core_device2, name="core2")
# Add cores
cache.add_core(core1)
cache.add_core(core2)
# Change cache seq cut off policy to invalid one and check if failed
for i in RandomGenerator(DefaultRanges.UINT32):
if i in ConfValidValues.seq_cutoff_threshold_rage:
continue
with pytest.raises(OcfError, match="Error setting cache seq cut off policy threshold"):
cache.set_seq_cut_off_threshold(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.security
def test_neg_core_set_seq_cut_off_threshold(pyocf_ctx, cm, cls):
"""
Test whether it is possible to change core seq cut-off threshold to invalid value
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
# Create core device
core_device = Volume(S.from_MiB(10))
core = Core.using_device(core_device, name="core")
# Add core
cache.add_core(core)
# Change core seq cut off policy to invalid one and check if failed
for i in RandomGenerator(DefaultRanges.UINT32):
if i in ConfValidValues.seq_cutoff_threshold_rage:
continue
with pytest.raises(OcfError, match="Error setting core seq cut off policy threshold"):
core.set_seq_cut_off_threshold(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -154,6 +225,7 @@ def test_neg_core_set_seq_cut_off_policy(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error setting core seq cut off policy"):
core.set_seq_cut_off_policy(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -177,6 +249,47 @@ def test_neg_set_alru_param(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error setting cleaning policy param"):
cache.set_cleaning_policy_param(CleaningPolicy.ALRU, i, 1)
print(f"\n{i}")
def get_alru_param_valid_rage(param_id):
if param_id == AlruParams.WAKE_UP_TIME:
return ConfValidValues.cleaning_alru_wake_up_time_range
elif param_id == AlruParams.STALE_BUFFER_TIME:
return ConfValidValues.cleaning_alru_staleness_time_range
elif param_id == AlruParams.FLUSH_MAX_BUFFERS:
return ConfValidValues.cleaning_alru_flush_max_buffers_range
elif param_id == AlruParams.ACTIVITY_THRESHOLD:
return ConfValidValues.cleaning_alru_activity_threshold_range
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.parametrize("param", AlruParams)
@pytest.mark.security
def test_neg_set_alru_param_value(pyocf_ctx, cm, cls, param):
"""
Test whether it is possible to set invalid value to any of alru cleaning policy params
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:param param: alru parameter to fuzz
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
cache.set_cleaning_policy(CleaningPolicy.ALRU)
# Set to invalid alru param value and check if failed
valid_range = get_alru_param_valid_rage(param)
for i in RandomGenerator(DefaultRanges.UINT32):
if i in valid_range:
continue
with pytest.raises(OcfError, match="Error setting cleaning policy param"):
cache.set_cleaning_policy_param(CleaningPolicy.ALRU, param, i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -199,7 +312,44 @@ def test_neg_set_acp_param(pyocf_ctx, cm, cls):
if i in [item.value for item in AcpParams]:
continue
with pytest.raises(OcfError, match="Error setting cleaning policy param"):
cache.set_cleaning_policy_param(CleaningPolicy.ALRU, i, 1)
cache.set_cleaning_policy_param(CleaningPolicy.ACP, i, 1)
print(f"\n{i}")
def get_acp_param_valid_rage(param_id):
if param_id == AcpParams.WAKE_UP_TIME:
return ConfValidValues.cleaning_acp_wake_up_time_range
elif param_id == AcpParams.FLUSH_MAX_BUFFERS:
return ConfValidValues.cleaning_acp_flush_max_buffers_range
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.parametrize("param", AcpParams)
@pytest.mark.security
def test_neg_set_acp_param_value(pyocf_ctx, cm, cls, param):
"""
Test whether it is possible to set invalid value to any of acp cleaning policy params
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:param param: acp parameter to fuzz
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
cache.set_cleaning_policy(CleaningPolicy.ACP)
# Set to invalid acp param value and check if failed
valid_range = get_acp_param_valid_rage(param)
for i in RandomGenerator(DefaultRanges.UINT32):
if i in valid_range:
continue
with pytest.raises(OcfError, match="Error setting cleaning policy param"):
cache.set_cleaning_policy_param(CleaningPolicy.ACP, param, i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -223,6 +373,7 @@ def test_neg_set_promotion_policy(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error setting promotion policy"):
cache.set_promotion_policy(i)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -251,6 +402,7 @@ def test_neg_set_nhit_promotion_policy_param(pyocf_ctx, cm, cls):
continue
with pytest.raises(OcfError, match="Error setting promotion policy parameter"):
cache.set_promotion_policy_param(PromotionPolicy.NHIT, i, 1)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -282,6 +434,7 @@ def test_neg_set_nhit_promotion_policy_param_trigger(pyocf_ctx, cm, cls):
cache.set_promotion_policy_param(
PromotionPolicy.NHIT, NhitParams.TRIGGER_THRESHOLD, i
)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@ -313,3 +466,138 @@ def test_neg_set_nhit_promotion_policy_param_threshold(pyocf_ctx, cm, cls):
cache.set_promotion_policy_param(
PromotionPolicy.NHIT, NhitParams.INSERTION_THRESHOLD, i
)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.security
def test_neg_set_ioclass_max_size(pyocf_ctx, cm, cls):
"""
Test whether it is possible to add ioclass with invaild max size
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
# Set invalid max size and check if failed
for i in RandomGenerator(DefaultRanges.UINT32):
if i in ConfValidValues.ioclass_max_size_range:
continue
with pytest.raises(OcfError, match="Error adding partition to cache"):
cache.configure_partition(
part_id=1,
name="unclassified",
max_size=i,
priority=0,
cache_mode=CACHE_MODE_NONE,
)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.security
def test_neg_set_ioclass_priority(pyocf_ctx, cm, cls):
"""
Test whether it is possible to add ioclass with invaild priority
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
# Set invalid priority and check if failed
for i in RandomGenerator(DefaultRanges.INT16):
if i in ConfValidValues.ioclass_priority_range:
continue
with pytest.raises(OcfError, match="Error adding partition to cache"):
cache.configure_partition(
part_id=1,
name="unclassified",
max_size=100,
priority=i,
cache_mode=CACHE_MODE_NONE,
)
print(f"\n{i}")
@pytest.mark.parametrize("cm", CacheMode)
@pytest.mark.parametrize("cls", CacheLineSize)
@pytest.mark.security
def test_neg_set_ioclass_cache_mode(pyocf_ctx, cm, cls):
"""
Test whether it is possible to add ioclass with invaild cache mode
:param pyocf_ctx: basic pyocf context fixture
:param cm: cache mode we start with
:param cls: cache line size we start with
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(cache_device, cache_mode=cm, cache_line_size=cls)
# Set invalid cache mode and check if failed
for i in RandomGenerator(DefaultRanges.INT):
if i in list(CacheMode) + [CACHE_MODE_NONE]:
continue
with pytest.raises(OcfError, match="Error adding partition to cache"):
cache.configure_partition(
part_id=1, name="unclassified", max_size=100, priority=1, cache_mode=i
)
print(f"\n{i}")
@pytest.mark.security
def test_neg_set_ioclass_name(pyocf_ctx):
"""
Test whether it is possible to add ioclass with invaild name
:param pyocf_ctx: basic pyocf context fixture
:return:
"""
invalid_chars = [chr(c) for c in range(256) if chr(c) not in string.printable]
invalid_chars += [",", '"']
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(
cache_device, cache_mode=CacheMode.WT, cache_line_size=CacheLineSize.LINE_4KiB
)
# Set invalid name and check if failed
for name in RandomStringGenerator(
len_range=Range(0, 1024), count=10000, extra_chars=invalid_chars
):
if not any(c for c in invalid_chars if c in name):
continue
with pytest.raises(OcfError, match="Error adding partition to cache"):
cache.configure_partition(part_id=1, name=name, max_size=100, priority=1)
print(f"\n{name}")
@pytest.mark.security
def test_neg_set_ioclass_name_len(pyocf_ctx):
"""
Test whether it is possible to add ioclass with too long name
:param pyocf_ctx: basic pyocf context fixture
:return:
"""
# Start cache device
cache_device = Volume(S.from_MiB(30))
cache = Cache.start_on_device(
cache_device, cache_mode=CacheMode.WT, cache_line_size=CacheLineSize.LINE_4KiB
)
# Set invalid name and check if failed
for name in RandomStringGenerator(len_range=Range(1025, 4096), count=10000):
with pytest.raises(OcfError, match="Error adding partition to cache"):
cache.configure_partition(part_id=1, name=name, max_size=100, priority=1)
print(f"\n{name}")

10
tests/functional/tests/utils/random.py
View File

@ -28,6 +28,7 @@ class Range:
class DefaultRanges(Range, enum.Enum):
UINT8 = 0, c_uint8(-1).value
INT16 = int(-c_uint16(-1).value / 2) - 1, int(c_uint16(-1).value / 2)
UINT16 = 0, c_uint16(-1).value
UINT32 = 0, c_uint32(-1).value
UINT64 = 0, c_uint64(-1).value
@ -65,14 +66,14 @@ class RandomGenerator:
class RandomStringGenerator:
def __init__(self, len_range=Range(0, 20), count=700):
def __init__(self, len_range=Range(0, 20), count=700, extra_chars=[]):
with open("config/random.cfg") as f:
self.random = random.Random(int(f.read()))
self.generator = self.__string_generator(len_range)
self.generator = self.__string_generator(len_range, extra_chars)
self.count = count
self.n = 0
def __string_generator(self, len_range):
def __string_generator(self, len_range, extra_chars):
while True:
for t in [string.digits,
string.ascii_letters + string.digits,
@ -80,7 +81,8 @@ class RandomStringGenerator:
string.ascii_uppercase,
string.printable,
string.punctuation,
string.hexdigits]:
string.hexdigits,
*extra_chars]:
yield ''.join(random.choice(t) for _ in range(
self.random.randint(len_range.min, len_range.max)
))

1
tests/unit/tests/mngt/ocf_mngt_io_class.c/ocf_mngt_io_class.c
View File

@ -98,7 +98,6 @@ static inline void setup_valid_config(struct ocf_mngt_io_class_config *cfg,
cfg[i].name = remove ? NULL : "test_io_class_name" ;
cfg[i].prio = i;
cfg[i].cache_mode = ocf_cache_mode_pt;
cfg[i].min_size = 2*i;
cfg[i].max_size = 20*i;
}
}