archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/win32/verifier/faults.c

692 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. faults.c
  9. Abstract:
  11. This module implements fault injection support.
  13. Author:
  15. Silviu Calinoiu (SilviuC) 3-Dec-2001
  17. Revision History:
  19. 3-Dec-2001 (SilviuC): initial version.
  21. --*/
  23. #include "pch.h"
  25. #include "verifier.h"
  26. #include "support.h"
  27. #include "faults.h"
  29. ULONG AVrfpFaultSeed;
  30. ULONG AVrfpFaultProbability [CLS_MAXIMUM_INDEX];
  32. ULONG AVrfpFaultBreak [CLS_MAXIMUM_INDEX];
  33. ULONG AVrfpFaultTrue [CLS_MAXIMUM_INDEX];
  34. ULONG AVrfpFaultFalse [CLS_MAXIMUM_INDEX];
  36. //
  37. // Target ranges for fault injection.
  38. //
  40. #define MAXIMUM_TARGET_INDEX 128
  42. ULONG_PTR AVrfpFaultTargetStart [MAXIMUM_TARGET_INDEX];
  43. ULONG_PTR AVrfpFaultTargetEnd [MAXIMUM_TARGET_INDEX];
  44. ULONG AVrfpFaultTargetHits [MAXIMUM_TARGET_INDEX];
  46. ULONG AVrfpFaultTargetMaximumIndex;
  48. //
  49. // Exclusion ranges for fault injection.
  50. //
  52. #define MAXIMUM_EXCLUSION_INDEX 128
  54. ULONG_PTR AVrfpFaultExclusionStart [MAXIMUM_TARGET_INDEX];
  55. ULONG_PTR AVrfpFaultExclusionEnd [MAXIMUM_TARGET_INDEX];
  56. ULONG AVrfpFaultExclusionHits [MAXIMUM_TARGET_INDEX];
  58. ULONG AVrfpFaultExclusionMaximumIndex;
  60. //
  61. // Fault injection trace history.
  62. //
  64. #define NUMBER_OF_TRACES 128
  66. PVOID AVrfpFaultTrace[NUMBER_OF_TRACES][MAX_TRACE_DEPTH];
  68. ULONG AVrfpFaultNumberOfTraces = NUMBER_OF_TRACES;
  69. ULONG AVrfpFaultTraceSize = MAX_TRACE_DEPTH;
  71. ULONG AVrfpFaultTraceIndex;
  73. //
  74. // Period amnesty. The period of time when fault injection should
  75. // be avoided is written from debugger.
  76. //
  78. LARGE_INTEGER AVrfpFaultStartTime;
  79. ULONG AVrfpFaultPeriodTimeInMsecs;
  81. //
  82. // Lock used to synchronize some low frequency operations (e.g. exports
  83. // for target/exclusion range manipulation).
  84. //
  86. RTL_CRITICAL_SECTION AVrfpFaultInjectionLock;
  88. LOGICAL
  89. AVrfpIsAddressInTargetRange (
  90. ULONG_PTR Address
  91. );
  93. LOGICAL
  94. AVrfpIsAddressInExclusionRange (
  95. ULONG_PTR Address
  96. );
  98. VOID
  99. AVrfpLogFaultTrace (
  100. VOID
  101. );
  103. NTSTATUS
  104. AVrfpInitializeFaultInjectionSupport (
  105. VOID
  106. )
  107. {
  108. NTSTATUS Status;
  109. LARGE_INTEGER PerformanceCounter;
  111. Status = STATUS_SUCCESS;
  113. //
  114. // Initialize lock used for some fault injection operations.
  115. //
  117. Status = RtlInitializeCriticalSection (&AVrfpFaultInjectionLock);
  119. if (! NT_SUCCESS(Status)) {
  120. return Status;
  121. }
  123. //
  124. // Initialize the seed for the random generator.
  125. //
  127. NtQueryPerformanceCounter (&PerformanceCounter, NULL);
  128. AVrfpFaultSeed = PerformanceCounter.LowPart;
  130. NtQuerySystemTime (&AVrfpFaultStartTime);
  132. //
  133. // Touch the break triggers vector so that the compiler
  134. // does not optimize away the entire structure. Since it
  135. // is supposed to be modified only from debugger the compiler
  136. // considers that the array is not needed.
  137. //
  139. RtlZeroMemory (AVrfpBreak, sizeof AVrfpBreak);
  141. //
  142. // Same reason as above.
  143. //
  145. AVrfpFaultTargetMaximumIndex = MAXIMUM_TARGET_INDEX;
  146. RtlZeroMemory (AVrfpFaultTargetStart, sizeof AVrfpFaultTargetStart);
  147. RtlZeroMemory (AVrfpFaultTargetEnd, sizeof AVrfpFaultTargetEnd);
  148. RtlZeroMemory (AVrfpFaultTargetHits, sizeof AVrfpFaultTargetHits);
  150. AVrfpFaultTargetStart[0] = 0;
  151. AVrfpFaultTargetEnd[0] = ~((ULONG_PTR)0);
  153. AVrfpFaultExclusionMaximumIndex = MAXIMUM_EXCLUSION_INDEX;
  154. RtlZeroMemory (AVrfpFaultExclusionStart, sizeof AVrfpFaultExclusionStart);
  155. RtlZeroMemory (AVrfpFaultExclusionEnd, sizeof AVrfpFaultExclusionEnd);
  156. RtlZeroMemory (AVrfpFaultExclusionHits, sizeof AVrfpFaultExclusionHits);
  158. return Status;
  159. }
  162. LOGICAL
  163. AVrfpShouldFaultInject (
  164. ULONG Class,
  165. PVOID Caller
  166. )
  167. {
  168. ULONG Random;
  169. LARGE_INTEGER Time;
  170. LARGE_INTEGER Delta;
  172. //
  173. // No fault injection => return FALSE
  174. //
  176. if (AVrfpFaultProbability[Class] == 0) {
  177. return FALSE;
  178. }
  180. //
  181. // Check if some period amnesty was set. `AVrfpFaultPeriodTimeInMsecs' variable
  182. // is only read and reset to zero from verifier code. It is set to non null values
  183. // only from debugger extensions. Therefore to way it is used before without
  184. // serialization is ok even if after the `if' condition another thread resets it.
  185. //
  187. if (AVrfpFaultPeriodTimeInMsecs) {
  189. NtQuerySystemTime (&Time);
  191. Delta.QuadPart = (DWORDLONG)AVrfpFaultPeriodTimeInMsecs * 1000 * 10;
  193. if (Time.QuadPart - AVrfpFaultStartTime.QuadPart > Delta.QuadPart) {
  195. AVrfpFaultPeriodTimeInMsecs = 0;
  196. }
  197. else {
  198. return FALSE;
  199. }
  200. }
  202. //
  203. // If in exclusion range => return FALSE
  204. //
  206. if (AVrfpIsAddressInExclusionRange ((ULONG_PTR)Caller) == TRUE) {
  207. return FALSE;
  208. }
  210. //
  211. // Not in target range => return FALSE
  212. //
  214. if (AVrfpIsAddressInTargetRange ((ULONG_PTR)Caller) == FALSE) {
  215. return FALSE;
  216. }
  218. //
  219. // Operations above access only READ-ONLY data (it gets modified
  220. // only from debugger). From now on though we need synchronized
  221. // access.
  222. //
  224. Random = RtlRandom (&AVrfpFaultSeed);
  226. if (Random % 100 < AVrfpFaultProbability[Class]) {
  228. InterlockedIncrement((PLONG)(&(AVrfpFaultTrue[Class])));
  230. if (AVrfpFaultBreak[Class]) {
  231. DbgPrint ("AVRF: fault injecting call made from %p \n", Caller);
  232. DbgBreakPoint ();
  233. }
  235. AVrfpLogFaultTrace ();
  236. return TRUE;
  237. }
  238. else {
  240. InterlockedIncrement((PLONG)(&(AVrfpFaultFalse[Class])));
  241. return FALSE;
  242. }
  243. }
  246. LOGICAL
  247. AVrfpIsAddressInTargetRange (
  248. ULONG_PTR Address
  249. )
  250. {
  251. ULONG I;
  253. if (Address == 0) {
  254. return FALSE;
  255. }
  257. for (I = 0; I < AVrfpFaultTargetMaximumIndex; I += 1) {
  259. if (AVrfpFaultTargetEnd[I] != 0) {
  261. if (AVrfpFaultTargetStart[I] <= Address &&
  262. AVrfpFaultTargetEnd[I] > Address) {
  264. AVrfpFaultTargetHits[I] += 1;
  265. return TRUE;
  266. }
  267. }
  268. }
  270. return FALSE;
  271. }
  274. LOGICAL
  275. AVrfpIsAddressInExclusionRange (
  276. ULONG_PTR Address
  277. )
  278. {
  279. ULONG I;
  281. if (Address == 0) {
  282. return FALSE;
  283. }
  285. for (I = 0; I < AVrfpFaultExclusionMaximumIndex; I += 1) {
  287. if (AVrfpFaultExclusionEnd[I] != 0) {
  289. if (AVrfpFaultExclusionStart[I] <= Address &&
  290. AVrfpFaultExclusionEnd[I] > Address) {
  292. AVrfpFaultExclusionHits[I] += 1;
  293. return TRUE;
  294. }
  295. }
  296. }
  298. return FALSE;
  299. }
  302. VOID
  303. AVrfpLogFaultTrace (
  304. VOID
  305. )
  306. {
  307. ULONG Index;
  309. Index = (ULONG)InterlockedIncrement ((PLONG)(&AVrfpFaultTraceIndex));
  311. Index %= AVrfpFaultNumberOfTraces;
  313. RtlCaptureStackBackTrace (2,
  314. AVrfpFaultTraceSize,
  315. &(AVrfpFaultTrace[Index][0]),
  316. NULL);
  317. }
  320. /////////////////////////////////////////////////////////////////////
  321. ///////////////////////////////////////// Fault injection general SDK
  322. /////////////////////////////////////////////////////////////////////
  325. VOID
  326. VerifierSetFaultInjectionProbability (
  327. ULONG Class,
  328. ULONG Probability
  329. )
  330. /*++
  332. Routine Description:
  334. This routine set fault injection probability for a certain class of events
  335. (heap operations, registry operations, etc.).
  337. Arguments:
  339. Class - class of events for which fault injection probability is set. Constants
  340. are of type FAULT_INJECTION_CLASS_XXX.
  342. Probability - probability for fault injection.
  344. Return Value:
  346. None.
  348. --*/
  349. {
  350. //
  351. // Application verifier must be enabled.
  352. //
  354. if ((NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) == 0) {
  355. return;
  356. }
  358. if (Class >= FAULT_INJECTION_INVALID_CLASS) {
  360. DbgPrint ("AVRF:FINJ: invalid fault injection class %X \n", Class);
  361. DbgBreakPoint ();
  362. return;
  363. }
  365. RtlEnterCriticalSection (&AVrfpFaultInjectionLock);
  367. AVrfpFaultProbability [Class] = Probability;
  369. RtlLeaveCriticalSection (&AVrfpFaultInjectionLock);
  370. }
  373. /////////////////////////////////////////////////////////////////////
  374. ///////////////////////// Target/exclusion fault injection ranges SDK
  375. /////////////////////////////////////////////////////////////////////
  378. ULONG
  379. VerifierEnableFaultInjectionTargetRange (
  380. PVOID StartAddress,
  381. PVOID EndAddress
  382. )
  383. /*++
  385. Routine Description:
  387. This routine establishes at runtime a fault injection target range. If successful
  388. it will return a range index that can be used later to disable the range.
  390. Arguments:
  392. StartAddress - start address of the target range.
  394. EndAddress - end address of the target range.
  396. Return Value:
  398. A range index >0 if succesful. Zero otherwise.
  400. --*/
  401. {
  402. ULONG Ri;
  403. ULONG FinalIndex;
  405. //
  406. // Application verifier must be enabled.
  407. //
  409. if ((NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) == 0) {
  410. return 0;
  411. }
  413. FinalIndex = 0;
  415. RtlEnterCriticalSection (&AVrfpFaultInjectionLock);
  417. if (AVrfpFaultTargetStart[0] == 0 &&
  418. AVrfpFaultTargetEnd[0] == ~((ULONG_PTR)0)) {
  420. AVrfpFaultTargetStart[0] = (ULONG_PTR)StartAddress;
  421. AVrfpFaultTargetEnd[0] = (ULONG_PTR)EndAddress;
  422. AVrfpFaultTargetHits[0] = 0;
  423. FinalIndex = 1;
  424. }
  425. else {
  427. for (Ri = 0; Ri < AVrfpFaultTargetMaximumIndex; Ri += 1) {
  429. if (AVrfpFaultTargetEnd[Ri] == 0) {
  431. AVrfpFaultTargetStart[Ri] = (ULONG_PTR)StartAddress;
  432. AVrfpFaultTargetEnd[Ri] = (ULONG_PTR)EndAddress;
  433. AVrfpFaultTargetHits[Ri] = 0;
  434. FinalIndex = Ri + 1;
  435. break;
  436. }
  437. }
  438. }
  440. RtlLeaveCriticalSection (&AVrfpFaultInjectionLock);
  442. return FinalIndex;
  443. }
  446. VOID
  447. VerifierDisableFaultInjectionTargetRange (
  448. ULONG RangeIndex
  449. )
  450. /*++
  452. Routine Description:
  454. This routine disables the target range specified by the RangeIndex.
  455. If the RangeIndex is zero then all target ranges will be disabled.
  456. The function breaks in the debugger (even in free builds) if the
  457. range index is invalid.
  459. Arguments:
  461. RangeIndex - index of range to disable or zero if all need to be disabled.
  463. Return Value:
  465. None.
  467. --*/
  468. {
  469. ULONG Ri;
  470. LOGICAL FoundOne;
  472. //
  473. // Application verifier must be enabled.
  474. //
  476. if ((NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) == 0) {
  477. return;
  478. }
  480. RtlEnterCriticalSection (&AVrfpFaultInjectionLock);
  482. if (RangeIndex == 0) {
  484. //
  485. // Disable all target ranges.
  486. //
  488. for (Ri = 0; Ri < AVrfpFaultTargetMaximumIndex; Ri += 1) {
  490. AVrfpFaultTargetStart[Ri] = 0;
  491. AVrfpFaultTargetEnd[Ri] = 0;
  492. AVrfpFaultTargetHits[Ri] = 0;
  493. }
  495. AVrfpFaultTargetStart[0] = 0;
  496. AVrfpFaultTargetEnd[0] = ~((ULONG_PTR)0);
  497. AVrfpFaultTargetHits[0] = 0;
  498. }
  499. else {
  501. //
  502. // disable target range `RangeIndex - 1'.
  503. //
  505. RangeIndex -= 1;
  507. if (RangeIndex >= AVrfpFaultTargetMaximumIndex) {
  509. DbgPrint ("AVRF:FINJ: invalid target range index %X \n", RangeIndex);
  510. DbgBreakPoint ();
  511. goto Exit;
  512. }
  514. if (AVrfpFaultTargetEnd[RangeIndex] == 0) {
  516. DbgPrint ("AVRF:FINJ: disabling empty target range at index %X \n", RangeIndex);
  517. DbgBreakPoint ();
  518. goto Exit;
  519. }
  521. AVrfpFaultTargetStart[RangeIndex] = 0;
  522. AVrfpFaultTargetEnd[RangeIndex] = 0;
  523. AVrfpFaultTargetHits[RangeIndex] = 0;
  525. //
  526. // If we do not have any target ranges active then establish the default
  527. // target range that spans the entire virtual space.
  528. //
  530. FoundOne = FALSE;
  532. for (Ri = 0; Ri < AVrfpFaultTargetMaximumIndex; Ri += 1) {
  534. if (AVrfpFaultTargetEnd[Ri] != 0) {
  536. FoundOne = TRUE;
  537. break;
  538. }
  539. }
  541. if (! FoundOne) {
  543. AVrfpFaultTargetStart[0] = 0;
  544. AVrfpFaultTargetEnd[0] = ~((ULONG_PTR)0);
  545. AVrfpFaultTargetHits[0] = 0;
  546. }
  547. }
  549. Exit:
  551. RtlLeaveCriticalSection (&AVrfpFaultInjectionLock);
  552. }
  555. ULONG
  556. VerifierEnableFaultInjectionExclusionRange (
  557. PVOID StartAddress,
  558. PVOID EndAddress
  559. )
  560. /*++
  562. Routine Description:
  564. This routine establishes at runtime a fault injection exclusion range. If successful
  565. it will return a range index that can be used later to disable the range.
  567. Arguments:
  569. StartAddress - start address of the exclusion range.
  571. EndAddress - end address of the exclusion range.
  573. Return Value:
  575. A range index >0 if succesful. Zero otherwise.
  577. --*/
  578. {
  579. ULONG Ri;
  580. ULONG FinalIndex;
  582. //
  583. // Application verifier must be enabled.
  584. //
  586. if ((NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) == 0) {
  587. return 0;
  588. }
  590. FinalIndex = 0;
  592. RtlEnterCriticalSection (&AVrfpFaultInjectionLock);
  594. for (Ri = 0; Ri < AVrfpFaultExclusionMaximumIndex; Ri += 1) {
  596. if (AVrfpFaultExclusionEnd[Ri] == 0) {
  598. AVrfpFaultExclusionStart[Ri] = (ULONG_PTR)StartAddress;
  599. AVrfpFaultExclusionEnd[Ri] = (ULONG_PTR)EndAddress;
  600. AVrfpFaultExclusionHits[Ri] = 0;
  601. FinalIndex = Ri + 1;
  602. break;
  603. }
  604. }
  606. RtlLeaveCriticalSection (&AVrfpFaultInjectionLock);
  608. return FinalIndex;
  609. }
  612. VOID
  613. VerifierDisableFaultInjectionExclusionRange (
  614. ULONG RangeIndex
  615. )
  616. /*++
  618. Routine Description:
  620. This routine disables the exclusion range specified by the RangeIndex.
  621. If the RangeIndex is zero then all exclusion ranges will be disabled.
  622. The function breaks in the debugger (even in free builds) if the
  623. range index is invalid.
  625. Arguments:
  627. RangeIndex - index of range to disable or zero if all need to be disabled.
  629. Return Value:
  631. None.
  633. --*/
  634. {
  635. ULONG Ri;
  637. //
  638. // Application verifier must be enabled.
  639. //
  641. if ((NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) == 0) {
  642. return;
  643. }
  645. RtlEnterCriticalSection (&AVrfpFaultInjectionLock);
  647. if (RangeIndex == 0) {
  649. //
  650. // Disable all exclusion ranges.
  651. //
  653. for (Ri = 0; Ri < AVrfpFaultExclusionMaximumIndex; Ri += 1) {
  655. AVrfpFaultExclusionStart[Ri] = 0;
  656. AVrfpFaultExclusionEnd[Ri] = 0;
  657. AVrfpFaultExclusionHits[Ri] = 0;
  658. }
  659. }
  660. else {
  662. //
  663. // disable exclusion range `RangeIndex - 1'.
  664. //
  666. RangeIndex -= 1;
  668. if (RangeIndex >= AVrfpFaultExclusionMaximumIndex) {
  670. DbgPrint ("AVRF:FINJ: invalid exclusion range index %X \n", RangeIndex);
  671. DbgBreakPoint ();
  672. goto Exit;
  673. }
  675. if (AVrfpFaultExclusionEnd[RangeIndex] == 0) {
  677. DbgPrint ("AVRF:FINJ: disabling empty exclusion range at index %X \n", RangeIndex);
  678. DbgBreakPoint ();
  679. goto Exit;
  680. }
  682. AVrfpFaultExclusionStart[RangeIndex] = 0;
  683. AVrfpFaultExclusionEnd[RangeIndex] = 0;
  684. AVrfpFaultExclusionHits[RangeIndex] = 0;
  685. }
  687. Exit:
  689. RtlLeaveCriticalSection (&AVrfpFaultInjectionLock);
  690. }