client/site_tests/hardware_UnsafeMemory/src/rowhammer-test-4d619293e1c7/rowhammer_test.cc - mirrors/cros/chromiumos/third_party/autotest - Git at Google


 // This is required on Mac OS X for getting PRI* macros #defined.
 #define __STDC_FORMAT_MACROS

 #include <assert.h>
 #include <fcntl.h>
 #include <inttypes.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mount.h>
 #include <sys/mman.h>
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <time.h>
 #include <unistd.h>

 const size_t mem_size = (1 << 30)/4;
 const int toggles = 540000;

 const uint64_t pte_pattern = 0xb7d02580000003C5;
 char *g_mem;

 // Pick a random page in the memory region.
 uint8_t* pick_addr(uint8_t* area_base, uint64_t mem_size) {
   size_t offset = (rand() << 12) % mem_size;
   return area_base + offset;
 }

 class Timer {
   struct timeval start_time_;

  public:
   Timer() {
     // Note that we use gettimeofday() (with microsecond resolution)
     // rather than clock_gettime() (with nanosecond resolution) so
     // that this works on Mac OS X, because OS X doesn't provide
     // clock_gettime() and we don't really need nanosecond resolution.
     int rc = gettimeofday(&start_time_, NULL);
     assert(rc == 0);
   }

   double get_diff() {
     struct timeval end_time;
     int rc = gettimeofday(&end_time, NULL);
     assert(rc == 0);
     return (end_time.tv_sec - start_time_.tv_sec
             + (double) (end_time.tv_usec - start_time_.tv_usec) / 1e6);
   }

   void print_iters(uint64_t iterations) {
     double total_time = get_diff();
     double iter_time = total_time / iterations;
     printf("%.3fns,%g,%" PRIu64,
            iter_time * 1e9, total_time, iterations);
   }
 };

 uint64_t get_physical_address(uint64_t virtual_address) {
   int fd = open("/proc/self/pagemap", O_RDONLY);
   assert(fd >=0);

   off_t pos = lseek(fd, (virtual_address / 0x1000) * 8, SEEK_SET);
   assert(pos >= 0);
   uint64_t value;
   int got = read(fd, &value, 8);

   close(fd);
   assert(got == 8);
   return ((value & ((1ULL << 54)-1)) * 0x1000) |
     (virtual_address & 0xFFF);
 }

 static int sigint = 0;
 static void sigint_handler(int signum) {
   sigint = 1;
 }
 static int sigquit = 0;
 static void sigquit_handler(int signum) {
   sigint = 1;
   sigquit = 1;
 }

 static void toggle(int iterations, int addr_count) {
   Timer t;
   for (int j = 0; j < iterations; j++) {
     volatile uint32_t *addrs[addr_count];
     for (int a = 0; a < addr_count; a++) {
       addrs[a] = (uint32_t *) pick_addr((uint8_t*)g_mem, mem_size);
       //printf(" Hammering virtual address %16lx, physical address %16lx\n",
       //(uint64_t)addrs[a], get_physical_address((uint64_t)addrs[a]));
     }

     // TODO(wad) try the approach from github.com/CMU-SAFARI/rowhammer
     //           as it may be faster.
     uint32_t sum = 0;
     for (int i = 0; i < toggles; i++) {
       for (int a = 0; a < addr_count; a++)
         sum += *addrs[a] + 1;
       for (int a = 0; a < addr_count; a++)
         asm volatile("clflush (%0)" : : "r" (addrs[a]) : "memory");
     }
     if (sigint) {
       sigint = 0;
       break;
     }
   }
   t.print_iters((uint64_t) iterations * addr_count * toggles);
 }

 void main_prog() {
   g_mem = (char *) mmap(NULL, mem_size, PROT_READ | PROT_WRITE,
                         MAP_ANON | MAP_PRIVATE, -1, 0);
   assert(g_mem != MAP_FAILED);

   // printf("clear\n");

   //memset(g_mem, 0xff, mem_size);

   // Fill memory with pattern that resembles page tables entries.
   // c5 03 00 00 80 25 d0 b7
  for (uint32_t i = 0; i < mem_size; i += 8) {
     uint64_t* ptr = (uint64_t*)(&g_mem[i]);
     *ptr = pte_pattern;
   }

   Timer t;
   int iter = 0;
   for (;;) {
     printf("%d,%.2fs,", iter++, t.get_diff());
     fflush(stdout);
     toggle(3000, 4);

     Timer check_timer;
     // printf("check\n");
     uint64_t *end = (uint64_t *) (g_mem + mem_size);
     uint64_t *ptr;
     int errors = 0;
     for (ptr = (uint64_t *) g_mem; ptr < end; ptr++) {
       uint64_t got = *ptr;
       if (got != pte_pattern) {
         fprintf(stderr, "error at %p (%16lx): got 0x%" PRIx64 "\n", ptr, get_physical_address((uint64_t)ptr), got);
         fprintf(stderr, "after %.2fs\n", t.get_diff());
         errors++;
       }
     }
     printf(",%fs", check_timer.get_diff());
     fflush(stdout);
     if (errors) {
       printf(",%d\n", errors);
       fflush(stdout);
       exit(1);
     }
     printf(",0\n");
     fflush(stdout);
     if (sigquit)
       break;
   }
 }


 int main(int argc, char **argv) {
   // In case we are running as PID 1, we fork() a subprocess to run
   // the test in.  Otherwise, if process 1 exits or crashes, this will
   // cause a kernel panic (which can cause a reboot or just obscure
   // log output and prevent console scrollback from working).
   // Output should look like:
   // [iteration #],[relative start offset in sec],[itertime in ns],[total time in s],[iteration count],[check time in s],[error count]
   signal(SIGINT, &sigint_handler);
   signal(SIGQUIT, &sigquit_handler);
   int pid = fork();
   if (pid == 0) {
     main_prog();
     _exit(1);
   }

   int status;
   int sec = argc == 2 ? atoi(argv[1]) : 60*60;
   while (sec--) {
     if (sigint) {
       sigint = 0;
       kill(pid, SIGINT);
       if (sigquit)
         break;
     }
     if (waitpid(pid, &status, WNOHANG) == pid) {
       printf("** exited with status %i (0x%x)\n", status, status);
       exit(status);
     }
     sleep(1);
   }
   kill(pid, SIGQUIT);
   sleep(1);
   kill(pid, SIGKILL);
   // Let init reap.
   return 0;
 }

	// This is required on Mac OS X for getting PRI* macros #defined.
	#define __STDC_FORMAT_MACROS

	#include <assert.h>
	#include <fcntl.h>
	#include <inttypes.h>
	#include <stdint.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/mount.h>
	#include <sys/mman.h>
	#include <sys/time.h>
	#include <sys/stat.h>
	#include <sys/wait.h>
	#include <time.h>
	#include <unistd.h>

	const size_t mem_size = (1 << 30)/4;
	const int toggles = 540000;

	const uint64_t pte_pattern = 0xb7d02580000003C5;
	char *g_mem;

	// Pick a random page in the memory region.
	uint8_t* pick_addr(uint8_t* area_base, uint64_t mem_size) {
	size_t offset = (rand() << 12) % mem_size;
	return area_base + offset;
	}

	class Timer {
	struct timeval start_time_;

	public:
	Timer() {
	// Note that we use gettimeofday() (with microsecond resolution)
	// rather than clock_gettime() (with nanosecond resolution) so
	// that this works on Mac OS X, because OS X doesn't provide
	// clock_gettime() and we don't really need nanosecond resolution.
	int rc = gettimeofday(&start_time_, NULL);
	assert(rc == 0);
	}

	double get_diff() {
	struct timeval end_time;
	int rc = gettimeofday(&end_time, NULL);
	assert(rc == 0);
	return (end_time.tv_sec - start_time_.tv_sec
	+ (double) (end_time.tv_usec - start_time_.tv_usec) / 1e6);
	}

	void print_iters(uint64_t iterations) {
	double total_time = get_diff();
	double iter_time = total_time / iterations;
	printf("%.3fns,%g,%" PRIu64,
	iter_time * 1e9, total_time, iterations);
	}
	};

	uint64_t get_physical_address(uint64_t virtual_address) {
	int fd = open("/proc/self/pagemap", O_RDONLY);
	assert(fd >=0);

	off_t pos = lseek(fd, (virtual_address / 0x1000) * 8, SEEK_SET);
	assert(pos >= 0);
	uint64_t value;
	int got = read(fd, &value, 8);

	close(fd);
	assert(got == 8);
	return ((value & ((1ULL << 54)-1)) * 0x1000) \|
	(virtual_address & 0xFFF);
	}

	static int sigint = 0;
	static void sigint_handler(int signum) {
	sigint = 1;
	}
	static int sigquit = 0;
	static void sigquit_handler(int signum) {
	sigint = 1;
	sigquit = 1;
	}

	static void toggle(int iterations, int addr_count) {
	Timer t;
	for (int j = 0; j < iterations; j++) {
	volatile uint32_t *addrs[addr_count];
	for (int a = 0; a < addr_count; a++) {
	addrs[a] = (uint32_t ) pick_addr((uint8_t)g_mem, mem_size);
	//printf(" Hammering virtual address %16lx, physical address %16lx\n",
	//(uint64_t)addrs[a], get_physical_address((uint64_t)addrs[a]));
	}

	// TODO(wad) try the approach from github.com/CMU-SAFARI/rowhammer
	// as it may be faster.
	uint32_t sum = 0;
	for (int i = 0; i < toggles; i++) {
	for (int a = 0; a < addr_count; a++)
	sum += *addrs[a] + 1;
	for (int a = 0; a < addr_count; a++)
	asm volatile("clflush (%0)" : : "r" (addrs[a]) : "memory");
	}
	if (sigint) {
	sigint = 0;
	break;
	}
	}
	t.print_iters((uint64_t) iterations * addr_count * toggles);
	}

	void main_prog() {
	g_mem = (char *) mmap(NULL, mem_size, PROT_READ \| PROT_WRITE,
	MAP_ANON \| MAP_PRIVATE, -1, 0);
	assert(g_mem != MAP_FAILED);

	// printf("clear\n");

	//memset(g_mem, 0xff, mem_size);

	// Fill memory with pattern that resembles page tables entries.
	// c5 03 00 00 80 25 d0 b7
	for (uint32_t i = 0; i < mem_size; i += 8) {
	uint64_t* ptr = (uint64_t*)(&g_mem[i]);
	*ptr = pte_pattern;
	}

	Timer t;
	int iter = 0;
	for (;;) {
	printf("%d,%.2fs,", iter++, t.get_diff());
	fflush(stdout);
	toggle(3000, 4);

	Timer check_timer;
	// printf("check\n");
	uint64_t end = (uint64_t ) (g_mem + mem_size);
	uint64_t *ptr;
	int errors = 0;
	for (ptr = (uint64_t *) g_mem; ptr < end; ptr++) {
	uint64_t got = *ptr;
	if (got != pte_pattern) {
	fprintf(stderr, "error at %p (%16lx): got 0x%" PRIx64 "\n", ptr, get_physical_address((uint64_t)ptr), got);
	fprintf(stderr, "after %.2fs\n", t.get_diff());
	errors++;
	}
	}
	printf(",%fs", check_timer.get_diff());
	fflush(stdout);
	if (errors) {
	printf(",%d\n", errors);
	fflush(stdout);
	exit(1);
	}
	printf(",0\n");
	fflush(stdout);
	if (sigquit)
	break;
	}
	}


	int main(int argc, char **argv) {
	// In case we are running as PID 1, we fork() a subprocess to run
	// the test in. Otherwise, if process 1 exits or crashes, this will
	// cause a kernel panic (which can cause a reboot or just obscure
	// log output and prevent console scrollback from working).
	// Output should look like:
	// [iteration #],[relative start offset in sec],[itertime in ns],[total time in s],[iteration count],[check time in s],[error count]
	signal(SIGINT, &sigint_handler);
	signal(SIGQUIT, &sigquit_handler);
	int pid = fork();
	if (pid == 0) {
	main_prog();
	_exit(1);
	}

	int status;
	int sec = argc == 2 ? atoi(argv[1]) : 60*60;
	while (sec--) {
	if (sigint) {
	sigint = 0;
	kill(pid, SIGINT);
	if (sigquit)
	break;
	}
	if (waitpid(pid, &status, WNOHANG) == pid) {
	printf("** exited with status %i (0x%x)\n", status, status);
	exit(status);
	}
	sleep(1);
	}
	kill(pid, SIGQUIT);
	sleep(1);
	kill(pid, SIGKILL);
	// Let init reap.
	return 0;
	}