1
# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
# SPDX-License-Identifier: Apache-2.0
3
"""Tests Speculative Store Bypass mitigations in jailer/Firecracker."""
4

5
from framework.utils import run_cmd
6

7

8
def test_ssbd_mitigation(test_microvm_with_initrd):
9
    """Test that SSBD mitigation is enabled."""
10
    vm = test_microvm_with_initrd
11
    vm.jailer.daemonize = False
12
    vm.spawn()
13
    vm.memory_monitor = None
14

15
    vm.basic_config(
16
        add_root_device=False,
17
        vcpu_count=1,
18
        boot_args='console=ttyS0 reboot=k panic=1 pci=off',
19
        use_initrd=True
20
    )
21

22
    vm.start()
23

24
    cmd = 'ps -T --no-headers -p {} | awk \'{{print $2}}\''.format(
25
        vm.jailer_clone_pid
26
    )
27
    process = run_cmd(cmd)
28
    threads_out_lines = process.stdout.splitlines()
29
    for tid in threads_out_lines:
30
        # Verify each thread's status
31
        cmd = 'cat /proc/{}/status | grep Speculation_Store_Bypass'.format(tid)
32
        _, output, _ = run_cmd(cmd)
33
        assert "thread force mitigated" in output or \
34
            "globally mitigated" in output
35

36