search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.16-rc1
[cris-mirror.git] / tools / testing / selftests / x86 / entry_from_vm86.c
blob361466a2eaef34492e24588d4ef52d8aa68a53ac
1 /*
2 * entry_from_vm86.c - tests kernel entries from vm86 mode
3 * Copyright (c) 2014-2015 Andrew Lutomirski
4 *
5 * This exercises a few paths that need to special-case vm86 mode.
6 *
7 * GPL v2.
8 */
9
10 #define _GNU_SOURCE
11
12 #include <assert.h>
13 #include <stdlib.h>
14 #include <sys/syscall.h>
15 #include <sys/signal.h>
16 #include <sys/ucontext.h>
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <string.h>
20 #include <inttypes.h>
21 #include <sys/mman.h>
22 #include <err.h>
23 #include <stddef.h>
24 #include <stdbool.h>
25 #include <errno.h>
26 #include <sys/vm86.h>
27
28 static unsigned long load_addr = 0x10000;
29 static int nerrs = 0;
30
31 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
32 int flags)
33 {
34 struct sigaction sa;
35 memset(&sa, 0, sizeof(sa));
36 sa.sa_sigaction = handler;
37 sa.sa_flags = SA_SIGINFO | flags;
38 sigemptyset(&sa.sa_mask);
39 if (sigaction(sig, &sa, 0))
40 err(1, "sigaction");
41 }
42
43 static void clearhandler(int sig)
44 {
45 struct sigaction sa;
46 memset(&sa, 0, sizeof(sa));
47 sa.sa_handler = SIG_DFL;
48 sigemptyset(&sa.sa_mask);
49 if (sigaction(sig, &sa, 0))
50 err(1, "sigaction");
51 }
52
53 static sig_atomic_t got_signal;
54
55 static void sighandler(int sig, siginfo_t *info, void *ctx_void)
56 {
57 ucontext_t *ctx = (ucontext_t*)ctx_void;
58
59 if (ctx->uc_mcontext.gregs[REG_EFL] & X86_EFLAGS_VM ||
60 (ctx->uc_mcontext.gregs[REG_CS] & 3) != 3) {
61 printf("[FAIL]\tSignal frame should not reflect vm86 mode\n");
62 nerrs++;
63 }
64
65 const char *signame;
66 if (sig == SIGSEGV)
67 signame = "SIGSEGV";
68 else if (sig == SIGILL)
69 signame = "SIGILL";
70 else
71 signame = "unexpected signal";
72
73 printf("[INFO]\t%s: FLAGS = 0x%lx, CS = 0x%hx\n", signame,
74 (unsigned long)ctx->uc_mcontext.gregs[REG_EFL],
75 (unsigned short)ctx->uc_mcontext.gregs[REG_CS]);
76
77 got_signal = 1;
78 }
79
80 asm (
81 ".pushsection .rodata\n\t"
82 ".type vmcode_bound, @object\n\t"
83 "vmcode:\n\t"
84 "vmcode_bound:\n\t"
85 ".code16\n\t"
86 "bound %ax, (2048)\n\t"
87 "int3\n\t"
88 "vmcode_sysenter:\n\t"
89 "sysenter\n\t"
90 "vmcode_syscall:\n\t"
91 "syscall\n\t"
92 "vmcode_sti:\n\t"
93 "sti\n\t"
94 "vmcode_int3:\n\t"
95 "int3\n\t"
96 "vmcode_int80:\n\t"
97 "int $0x80\n\t"
98 "vmcode_umip:\n\t"
99 /* addressing via displacements */
100 "smsw (2052)\n\t"
101 "sidt (2054)\n\t"
102 "sgdt (2060)\n\t"
103 /* addressing via registers */
104 "mov $2066, %bx\n\t"
105 "smsw (%bx)\n\t"
106 "mov $2068, %bx\n\t"
107 "sidt (%bx)\n\t"
108 "mov $2074, %bx\n\t"
109 "sgdt (%bx)\n\t"
110 /* register operands, only for smsw */
111 "smsw %ax\n\t"
112 "mov %ax, (2080)\n\t"
113 "int3\n\t"
114 "vmcode_umip_str:\n\t"
115 "str %eax\n\t"
116 "vmcode_umip_sldt:\n\t"
117 "sldt %eax\n\t"
118 "int3\n\t"
119 ".size vmcode, . - vmcode\n\t"
120 "end_vmcode:\n\t"
121 ".code32\n\t"
122 ".popsection"
123 );
124
125 extern unsigned char vmcode[], end_vmcode[];
126 extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[],
127 vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_umip[],
128 vmcode_umip_str[], vmcode_umip_sldt[];
129
130 /* Returns false if the test was skipped. */
131 static bool do_test(struct vm86plus_struct *v86, unsigned long eip,
132 unsigned int rettype, unsigned int retarg,
133 const char *text)
134 {
135 long ret;
136
137 printf("[RUN]\t%s from vm86 mode\n", text);
138 v86->regs.eip = eip;
139 ret = vm86(VM86_ENTER, v86);
140
141 if (ret == -1 && (errno == ENOSYS || errno == EPERM)) {
142 printf("[SKIP]\tvm86 %s\n",
143 errno == ENOSYS ? "not supported" : "not allowed");
144 return false;
145 }
146
147 if (VM86_TYPE(ret) == VM86_INTx) {
148 char trapname[32];
149 int trapno = VM86_ARG(ret);
150 if (trapno == 13)
151 strcpy(trapname, "GP");
152 else if (trapno == 5)
153 strcpy(trapname, "BR");
154 else if (trapno == 14)
155 strcpy(trapname, "PF");
156 else
157 sprintf(trapname, "%d", trapno);
158
159 printf("[INFO]\tExited vm86 mode due to #%s\n", trapname);
160 } else if (VM86_TYPE(ret) == VM86_UNKNOWN) {
161 printf("[INFO]\tExited vm86 mode due to unhandled GP fault\n");
162 } else if (VM86_TYPE(ret) == VM86_TRAP) {
163 printf("[INFO]\tExited vm86 mode due to a trap (arg=%ld)\n",
164 VM86_ARG(ret));
165 } else if (VM86_TYPE(ret) == VM86_SIGNAL) {
166 printf("[INFO]\tExited vm86 mode due to a signal\n");
167 } else if (VM86_TYPE(ret) == VM86_STI) {
168 printf("[INFO]\tExited vm86 mode due to STI\n");
169 } else {
170 printf("[INFO]\tExited vm86 mode due to type %ld, arg %ld\n",
171 VM86_TYPE(ret), VM86_ARG(ret));
172 }
173
174 if (rettype == -1 ||
175 (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) {
176 printf("[OK]\tReturned correctly\n");
177 } else {
178 printf("[FAIL]\tIncorrect return reason\n");
179 nerrs++;
180 }
181
182 return true;
183 }
184
185 void do_umip_tests(struct vm86plus_struct *vm86, unsigned char *test_mem)
186 {
187 struct table_desc {
188 unsigned short limit;
189 unsigned long base;
190 } __attribute__((packed));
191
192 /* Initialize variables with arbitrary values */
193 struct table_desc gdt1 = { .base = 0x3c3c3c3c, .limit = 0x9999 };
194 struct table_desc gdt2 = { .base = 0x1a1a1a1a, .limit = 0xaeae };
195 struct table_desc idt1 = { .base = 0x7b7b7b7b, .limit = 0xf1f1 };
196 struct table_desc idt2 = { .base = 0x89898989, .limit = 0x1313 };
197 unsigned short msw1 = 0x1414, msw2 = 0x2525, msw3 = 3737;
198
199 /* UMIP -- exit with INT3 unless kernel emulation did not trap #GP */
200 do_test(vm86, vmcode_umip - vmcode, VM86_TRAP, 3, "UMIP tests");
201
202 /* Results from displacement-only addressing */
203 msw1 = *(unsigned short *)(test_mem + 2052);
204 memcpy(&idt1, test_mem + 2054, sizeof(idt1));
205 memcpy(&gdt1, test_mem + 2060, sizeof(gdt1));
206
207 /* Results from register-indirect addressing */
208 msw2 = *(unsigned short *)(test_mem + 2066);
209 memcpy(&idt2, test_mem + 2068, sizeof(idt2));
210 memcpy(&gdt2, test_mem + 2074, sizeof(gdt2));
211
212 /* Results when using register operands */
213 msw3 = *(unsigned short *)(test_mem + 2080);
214
215 printf("[INFO]\tResult from SMSW:[0x%04x]\n", msw1);
216 printf("[INFO]\tResult from SIDT: limit[0x%04x]base[0x%08lx]\n",
217 idt1.limit, idt1.base);
218 printf("[INFO]\tResult from SGDT: limit[0x%04x]base[0x%08lx]\n",
219 gdt1.limit, gdt1.base);
220
221 if (msw1 != msw2 || msw1 != msw3)
222 printf("[FAIL]\tAll the results of SMSW should be the same.\n");
223 else
224 printf("[PASS]\tAll the results from SMSW are identical.\n");
225
226 if (memcmp(&gdt1, &gdt2, sizeof(gdt1)))
227 printf("[FAIL]\tAll the results of SGDT should be the same.\n");
228 else
229 printf("[PASS]\tAll the results from SGDT are identical.\n");
230
231 if (memcmp(&idt1, &idt2, sizeof(idt1)))
232 printf("[FAIL]\tAll the results of SIDT should be the same.\n");
233 else
234 printf("[PASS]\tAll the results from SIDT are identical.\n");
235
236 sethandler(SIGILL, sighandler, 0);
237 do_test(vm86, vmcode_umip_str - vmcode, VM86_SIGNAL, 0,
238 "STR instruction");
239 clearhandler(SIGILL);
240
241 sethandler(SIGILL, sighandler, 0);
242 do_test(vm86, vmcode_umip_sldt - vmcode, VM86_SIGNAL, 0,
243 "SLDT instruction");
244 clearhandler(SIGILL);
245 }
246
247 int main(void)
248 {
249 struct vm86plus_struct v86;
250 unsigned char *addr = mmap((void *)load_addr, 4096,
251 PROT_READ | PROT_WRITE | PROT_EXEC,
252 MAP_ANONYMOUS | MAP_PRIVATE, -1,0);
253 if (addr != (unsigned char *)load_addr)
254 err(1, "mmap");
255
256 memcpy(addr, vmcode, end_vmcode - vmcode);
257 addr[2048] = 2;
258 addr[2050] = 3;
259
260 memset(&v86, 0, sizeof(v86));
261
262 v86.regs.cs = load_addr / 16;
263 v86.regs.ss = load_addr / 16;
264 v86.regs.ds = load_addr / 16;
265 v86.regs.es = load_addr / 16;
266
267 assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */
268
269 /* #BR -- should deliver SIG??? */
270 do_test(&v86, vmcode_bound - vmcode, VM86_INTx, 5, "#BR");
271
272 /*
273 * SYSENTER -- should cause #GP or #UD depending on CPU.
274 * Expected return type -1 means that we shouldn't validate
275 * the vm86 return value. This will avoid problems on non-SEP
276 * CPUs.
277 */
278 sethandler(SIGILL, sighandler, 0);
279 do_test(&v86, vmcode_sysenter - vmcode, -1, 0, "SYSENTER");
280 clearhandler(SIGILL);
281
282 /*
283 * SYSCALL would be a disaster in VM86 mode. Fortunately,
284 * there is no kernel that both enables SYSCALL and sets
285 * EFER.SCE, so it's #UD on all systems. But vm86 is
286 * buggy (or has a "feature"), so the SIGILL will actually
287 * be delivered.
288 */
289 sethandler(SIGILL, sighandler, 0);
290 do_test(&v86, vmcode_syscall - vmcode, VM86_SIGNAL, 0, "SYSCALL");
291 clearhandler(SIGILL);
292
293 /* STI with VIP set */
294 v86.regs.eflags |= X86_EFLAGS_VIP;
295 v86.regs.eflags &= ~X86_EFLAGS_IF;
296 do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set");
297
298 /* INT3 -- should cause #BP */
299 do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3");
300
301 /* INT80 -- should exit with "INTx 0x80" */
302 v86.regs.eax = (unsigned int)-1;
303 do_test(&v86, vmcode_int80 - vmcode, VM86_INTx, 0x80, "int80");
304
305 /* UMIP -- should exit with INTx 0x80 unless UMIP was not disabled */
306 do_umip_tests(&v86, addr);
307
308 /* Execute a null pointer */
309 v86.regs.cs = 0;
310 v86.regs.ss = 0;
311 sethandler(SIGSEGV, sighandler, 0);
312 got_signal = 0;
313 if (do_test(&v86, 0, VM86_SIGNAL, 0, "Execute null pointer") &&
314 !got_signal) {
315 printf("[FAIL]\tDid not receive SIGSEGV\n");
316 nerrs++;
317 }
318 clearhandler(SIGSEGV);
319
320 /* Make sure nothing explodes if we fork. */
321 if (fork() > 0)
322 return 0;
323
324 return (nerrs == 0 ? 0 : 1);
325 }
CRIS linux kernel tree