From 0d67131dd967de4db19ec69874ae4e855e176018 Mon Sep 17 00:00:00 2001
From: Stephen Crane <sjc@immunant.com>
Date: Wed, 13 Jan 2021 14:05:41 -0800
Subject: trusty: Switch to dmabuf for coverage shared memory

Trusty shared memory now uses dmabuf instead of memfd. Switch the
coverage buffer allocation to use libdmabufheap.

Test: atest libtrusty_coverage_test
Bug: None
Change-Id: I067dd0774d19b42380ce5cb8ceb3541fa77ef9f0
---
 trusty/coverage/coverage.cpp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'trusty/coverage/coverage.cpp')

diff --git a/trusty/coverage/coverage.cpp b/trusty/coverage/coverage.cpp
index f383dd14a..ff2bcaa11 100644
--- a/trusty/coverage/coverage.cpp
+++ b/trusty/coverage/coverage.cpp
@@ -16,6 +16,7 @@
 
 #define LOG_TAG "coverage"
 
+#include <BufferAllocator/BufferAllocator.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/unique_fd.h>
@@ -114,24 +115,23 @@ Result<void> CoverageRecord::Open() {
     record_len_ = resp.open_args.record_len;
     shm_len_ = RoundPageUp(record_len_);
 
-    fd = memfd_create("trusty-coverage", 0);
-    if (fd < 0) {
-        return ErrnoError() << "failed to create memfd: ";
-    }
-    unique_fd memfd(fd);
+    BufferAllocator allocator;
 
-    if (ftruncate(memfd, shm_len_) < 0) {
-        return ErrnoError() << "failed to resize memfd: ";
+    fd = allocator.Alloc("system", shm_len_);
+    if (fd < 0) {
+        return ErrnoError() << "failed to create dmabuf of size " << shm_len_
+                            << " err code: " << fd;
     }
+    unique_fd dma_buf(fd);
 
-    void* shm = mmap(0, shm_len_, PROT_READ | PROT_WRITE, MAP_SHARED, memfd, 0);
+    void* shm = mmap(0, shm_len_, PROT_READ | PROT_WRITE, MAP_SHARED, dma_buf, 0);
     if (shm == MAP_FAILED) {
         return ErrnoError() << "failed to map memfd: ";
     }
 
     req.hdr.cmd = COVERAGE_CLIENT_CMD_SHARE_RECORD;
     req.share_record_args.shm_len = shm_len_;
-    ret = Rpc(&req, memfd, &resp);
+    ret = Rpc(&req, dma_buf, &resp);
     if (!ret.ok()) {
         return Error() << "failed to send shared memory: ";
     }
-- 
cgit v1.2.3


From 6bd77df8fc37c0633388aede21a0c6beffcc835c Mon Sep 17 00:00:00 2001
From: Stephen Crane <sjc@immunant.com>
Date: Wed, 13 Jan 2021 14:05:41 -0800
Subject: trusty: Write out sancov file when fuzzer exits

Add emission of sancov file when CoverageRecord is destroyed. This
will occur when a fuzzer driver exits cleanly, i.e. -runs=0 with an
existing corpus.

Test: make trusty_gatekeeper_fuzzer
Test: adb shell ./trusty_gatekeeper_fuzzer -runs=0 corpus
Bug: 175221942
Change-Id: I6bd1c8b2f2091e894c35f7a4874b54577a91c8fc
---
 trusty/coverage/coverage.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'trusty/coverage/coverage.cpp')

diff --git a/trusty/coverage/coverage.cpp b/trusty/coverage/coverage.cpp
index ff2bcaa11..185abe549 100644
--- a/trusty/coverage/coverage.cpp
+++ b/trusty/coverage/coverage.cpp
@@ -21,6 +21,7 @@
 #include <android-base/logging.h>
 #include <android-base/unique_fd.h>
 #include <assert.h>
+#include <log/log.h>
 #include <stdio.h>
 #include <sys/mman.h>
 #include <sys/uio.h>
@@ -38,6 +39,7 @@ namespace coverage {
 using android::base::ErrnoError;
 using android::base::Error;
 using std::string;
+using std::unique_ptr;
 
 static inline uintptr_t RoundPageUp(uintptr_t val) {
     return (val + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1);
@@ -47,12 +49,29 @@ CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid)
     : tipc_dev_(std::move(tipc_dev)),
       coverage_srv_fd_(-1),
       uuid_(*uuid),
+      sancov_filename_(),
+      record_len_(0),
+      shm_(NULL),
+      shm_len_(0) {}
+
+CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid, string sancov_filename)
+    : tipc_dev_(std::move(tipc_dev)),
+      coverage_srv_fd_(-1),
+      uuid_(*uuid),
+      sancov_filename_(sancov_filename),
       record_len_(0),
       shm_(NULL),
       shm_len_(0) {}
 
 CoverageRecord::~CoverageRecord() {
     if (shm_) {
+        if (sancov_filename_) {
+            auto res = SaveSancovFile(*sancov_filename_);
+            if (!res.ok()) {
+                ALOGE("Could not write sancov file for module: %s\n", sancov_filename_->c_str());
+            }
+        }
+
         munmap((void*)shm_, shm_len_);
     }
 }
-- 
cgit v1.2.3