Sunday, June 03, 2012

Oops

OK - This place was ignored for quite some time, lets see if we can do something regular from now on.

What has happened the last 4 and a bit years?  Well, verifiedexec per page signatures is still not in the tree.  I merged the bottom end of the uvm routines but there was push-back on how I had done this from others, citing the long function argument list as being not a good thing.  I have the actual code working, not only uvm but also the per-page verifiedexec stuff.  I wrote a simple test that consisted of a binary that was stored on a NFS share - the binary just calls a couple of functions located in different memory pages (I inserted a bunch of unused code to get the functions on different pages).  There are two versions of the binary the "good" version which has a matching veriexec signature and is the one initially run and the "evil" version that has a modified second page.  The test consisted of starting the "good" binary and checking both function calls are the good ones, then on the NFS server overwrite the "good" binary with the "evil" one, once this is done the resident executable pages were flushed using msync (this is just a short cut you could force resource starvation).  With an unmodified veriexec, the "evil" function would be executed, with the per-page modification the binary was terminated as soon as the pager attempted to bring in the modified page.  This is good but I really need to fix up the UVM modifications to make them less convoluted.

Part of the reason  veriexec hasn't progressed much in the intervening time is that I started working on automatically testing libcurses.  This is quite a complex thing to do because curses expects to talk to a terminal.  I developed a test framework that takes a simple list of commands and runs them against a test program and then verifies the output matches what is expected.  This framework works with the NetBSD ATF (Automated Test Framework) and has been committed to the tree along with a small set of tests.  More tests are on the way, there are an awful lot to write and it is a slow process but definitely worth it as a number of previously unreported bugs have been found and fixed.

I talked about both veriexec and the curses testing at BSDCan 2012, the actual talks are here for veriexec and here for curses testing there are papers and the slides from the presentations available at the aforementioned links.

No comments: