[rtems commit] New fstest to cover RFS bitmaps - fsrfsbitmap01
krzysztof.miesowicz at gmail.com
Mon Oct 22 09:54:56 UTC 2012
> Chris will need to be final ruler on this but if the code is written to
> assume that it is always passed a valid pointer, then you have to
> honor this in the testing. You can add a debug-enabled consistency
> check that the control pointer is NULL. But you shouldn't pass it in
> if it is not checked in a production build.
I'm looking into RFS source and I think you are right. Most of this
functions I tested with null control pointer is used in functions where
bitmap control pointer is correct because it is initialized with
bitmap_open function and there is check if it is successful. I invoked this
functions with null control pointer to cause rtems_rfs_bitmap_load_map to
fail. It can fail when control.buffer is null or when buffer handle request
Do anyone know how could I cause rtems_rfs_buffer_handle_request to fail? :)
> The question is.. is this code comparable to the score core
> which is only invoked by trusted layers? If so, it doesn't need to
> check for NULL and you shouldn't pass in a "control = NULL"
> I think this code is comparable to score core. I check in RFS source where
these functions are used and if there is possibility to pass bad pointer to
these functions and below are results of my quick research:
1. used in write_group. First there is opened buffer handle which is next
passed to the rfs_bitmap_open and there are checks for both operations. So
bitmap control pointer can't be null and is correct.
1. used in group_bitmap_free. bitmap control pointer is taken from
So if fs pointer is correct bitmap control is also correct.
1. used in write group. Like map_set bitmap control pointer is always
1. used in group_bitmap_test. bitmap control pointer is taken from
filesystem. So I think it is correct.
1. used in bitmap_open. If bad buffer handle pointer would be passed to the
function it could go bad path.
1. used in group_bitmap_alloc. bitmap control pointer is taken from
filesystem. I think I would have to corrupt filesystem structure to pass
earlier checks and then it can break rfs_bitmap_map_Alloc.
>From what I understand users don't invoke these functions. They would
rather make use of posix functions like open(), write() etc. and these
bitmap functions are the lowest layer of whole RFS.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel