search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.133
[linux/fpc-iii.git] / tools / testing / selftests / x86 / entry_from_vm86.c
blobade443a8842106e49aabc1f2d36dc9d4f8b75b65
1 /*
2 * entry_from_vm86.c - tests kernel entries from vm86 mode
3 * Copyright (c) 2014-2015 Andrew Lutomirski
4 *
5 * This exercises a few paths that need to special-case vm86 mode.
6 *
7 * GPL v2.
8 */
9
10 #define _GNU_SOURCE
11
12 #include <assert.h>
13 #include <stdlib.h>
14 #include <sys/syscall.h>
15 #include <sys/signal.h>
16 #include <sys/ucontext.h>
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <string.h>
20 #include <inttypes.h>
21 #include <sys/mman.h>
22 #include <err.h>
23 #include <stddef.h>
24 #include <stdbool.h>
25 #include <errno.h>
26 #include <sys/vm86.h>
27
28 static unsigned long load_addr = 0x10000;
29 static int nerrs = 0;
30
31 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
32 int flags)
33 {
34 struct sigaction sa;
35 memset(&sa, 0, sizeof(sa));
36 sa.sa_sigaction = handler;
37 sa.sa_flags = SA_SIGINFO | flags;
38 sigemptyset(&sa.sa_mask);
39 if (sigaction(sig, &sa, 0))
40 err(1, "sigaction");
41 }
42
43 static void clearhandler(int sig)
44 {
45 struct sigaction sa;
46 memset(&sa, 0, sizeof(sa));
47 sa.sa_handler = SIG_DFL;
48 sigemptyset(&sa.sa_mask);
49 if (sigaction(sig, &sa, 0))
50 err(1, "sigaction");
51 }
52
53 static sig_atomic_t got_signal;
54
55 static void sighandler(int sig, siginfo_t *info, void *ctx_void)
56 {
57 ucontext_t *ctx = (ucontext_t*)ctx_void;
58
59 if (ctx->uc_mcontext.gregs[REG_EFL] & X86_EFLAGS_VM ||
60 (ctx->uc_mcontext.gregs[REG_CS] & 3) != 3) {
61 printf("[FAIL]\tSignal frame should not reflect vm86 mode\n");
62 nerrs++;
63 }
64
65 const char *signame;
66 if (sig == SIGSEGV)
67 signame = "SIGSEGV";
68 else if (sig == SIGILL)
69 signame = "SIGILL";
70 else
71 signame = "unexpected signal";
72
73 printf("[INFO]\t%s: FLAGS = 0x%lx, CS = 0x%hx\n", signame,
74 (unsigned long)ctx->uc_mcontext.gregs[REG_EFL],
75 (unsigned short)ctx->uc_mcontext.gregs[REG_CS]);
76
77 got_signal = 1;
78 }
79
80 asm (
81 ".pushsection .rodata\n\t"
82 ".type vmcode_bound, @object\n\t"
83 "vmcode:\n\t"
84 "vmcode_bound:\n\t"
85 ".code16\n\t"
86 "bound %ax, (2048)\n\t"
87 "int3\n\t"
88 "vmcode_sysenter:\n\t"
89 "sysenter\n\t"
90 "vmcode_syscall:\n\t"
91 "syscall\n\t"
92 "vmcode_sti:\n\t"
93 "sti\n\t"
94 "vmcode_int3:\n\t"
95 "int3\n\t"
96 "vmcode_int80:\n\t"
97 "int $0x80\n\t"
98 "vmcode_popf_hlt:\n\t"
99 "push %ax\n\t"
100 "popf\n\t"
101 "hlt\n\t"
102 "vmcode_umip:\n\t"
103 /* addressing via displacements */
104 "smsw (2052)\n\t"
105 "sidt (2054)\n\t"
106 "sgdt (2060)\n\t"
107 /* addressing via registers */
108 "mov $2066, %bx\n\t"
109 "smsw (%bx)\n\t"
110 "mov $2068, %bx\n\t"
111 "sidt (%bx)\n\t"
112 "mov $2074, %bx\n\t"
113 "sgdt (%bx)\n\t"
114 /* register operands, only for smsw */
115 "smsw %ax\n\t"
116 "mov %ax, (2080)\n\t"
117 "int3\n\t"
118 "vmcode_umip_str:\n\t"
119 "str %eax\n\t"
120 "vmcode_umip_sldt:\n\t"
121 "sldt %eax\n\t"
122 "int3\n\t"
123 ".size vmcode, . - vmcode\n\t"
124 "end_vmcode:\n\t"
125 ".code32\n\t"
126 ".popsection"
127 );
128
129 extern unsigned char vmcode[], end_vmcode[];
130 extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[],
131 vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_popf_hlt[],
132 vmcode_umip[], vmcode_umip_str[], vmcode_umip_sldt[];
133
134 /* Returns false if the test was skipped. */
135 static bool do_test(struct vm86plus_struct *v86, unsigned long eip,
136 unsigned int rettype, unsigned int retarg,
137 const char *text)
138 {
139 long ret;
140
141 printf("[RUN]\t%s from vm86 mode\n", text);
142 v86->regs.eip = eip;
143 ret = vm86(VM86_ENTER, v86);
144
145 if (ret == -1 && (errno == ENOSYS || errno == EPERM)) {
146 printf("[SKIP]\tvm86 %s\n",
147 errno == ENOSYS ? "not supported" : "not allowed");
148 return false;
149 }
150
151 if (VM86_TYPE(ret) == VM86_INTx) {
152 char trapname[32];
153 int trapno = VM86_ARG(ret);
154 if (trapno == 13)
155 strcpy(trapname, "GP");
156 else if (trapno == 5)
157 strcpy(trapname, "BR");
158 else if (trapno == 14)
159 strcpy(trapname, "PF");
160 else
161 sprintf(trapname, "%d", trapno);
162
163 printf("[INFO]\tExited vm86 mode due to #%s\n", trapname);
164 } else if (VM86_TYPE(ret) == VM86_UNKNOWN) {
165 printf("[INFO]\tExited vm86 mode due to unhandled GP fault\n");
166 } else if (VM86_TYPE(ret) == VM86_TRAP) {
167 printf("[INFO]\tExited vm86 mode due to a trap (arg=%ld)\n",
168 VM86_ARG(ret));
169 } else if (VM86_TYPE(ret) == VM86_SIGNAL) {
170 printf("[INFO]\tExited vm86 mode due to a signal\n");
171 } else if (VM86_TYPE(ret) == VM86_STI) {
172 printf("[INFO]\tExited vm86 mode due to STI\n");
173 } else {
174 printf("[INFO]\tExited vm86 mode due to type %ld, arg %ld\n",
175 VM86_TYPE(ret), VM86_ARG(ret));
176 }
177
178 if (rettype == -1 ||
179 (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) {
180 printf("[OK]\tReturned correctly\n");
181 } else {
182 printf("[FAIL]\tIncorrect return reason (started at eip = 0x%lx, ended at eip = 0x%lx)\n", eip, v86->regs.eip);
183 nerrs++;
184 }
185
186 return true;
187 }
188
189 void do_umip_tests(struct vm86plus_struct *vm86, unsigned char *test_mem)
190 {
191 struct table_desc {
192 unsigned short limit;
193 unsigned long base;
194 } __attribute__((packed));
195
196 /* Initialize variables with arbitrary values */
197 struct table_desc gdt1 = { .base = 0x3c3c3c3c, .limit = 0x9999 };
198 struct table_desc gdt2 = { .base = 0x1a1a1a1a, .limit = 0xaeae };
199 struct table_desc idt1 = { .base = 0x7b7b7b7b, .limit = 0xf1f1 };
200 struct table_desc idt2 = { .base = 0x89898989, .limit = 0x1313 };
201 unsigned short msw1 = 0x1414, msw2 = 0x2525, msw3 = 3737;
202
203 /* UMIP -- exit with INT3 unless kernel emulation did not trap #GP */
204 do_test(vm86, vmcode_umip - vmcode, VM86_TRAP, 3, "UMIP tests");
205
206 /* Results from displacement-only addressing */
207 msw1 = *(unsigned short *)(test_mem + 2052);
208 memcpy(&idt1, test_mem + 2054, sizeof(idt1));
209 memcpy(&gdt1, test_mem + 2060, sizeof(gdt1));
210
211 /* Results from register-indirect addressing */
212 msw2 = *(unsigned short *)(test_mem + 2066);
213 memcpy(&idt2, test_mem + 2068, sizeof(idt2));
214 memcpy(&gdt2, test_mem + 2074, sizeof(gdt2));
215
216 /* Results when using register operands */
217 msw3 = *(unsigned short *)(test_mem + 2080);
218
219 printf("[INFO]\tResult from SMSW:[0x%04x]\n", msw1);
220 printf("[INFO]\tResult from SIDT: limit[0x%04x]base[0x%08lx]\n",
221 idt1.limit, idt1.base);
222 printf("[INFO]\tResult from SGDT: limit[0x%04x]base[0x%08lx]\n",
223 gdt1.limit, gdt1.base);
224
225 if (msw1 != msw2 || msw1 != msw3)
226 printf("[FAIL]\tAll the results of SMSW should be the same.\n");
227 else
228 printf("[PASS]\tAll the results from SMSW are identical.\n");
229
230 if (memcmp(&gdt1, &gdt2, sizeof(gdt1)))
231 printf("[FAIL]\tAll the results of SGDT should be the same.\n");
232 else
233 printf("[PASS]\tAll the results from SGDT are identical.\n");
234
235 if (memcmp(&idt1, &idt2, sizeof(idt1)))
236 printf("[FAIL]\tAll the results of SIDT should be the same.\n");
237 else
238 printf("[PASS]\tAll the results from SIDT are identical.\n");
239
240 sethandler(SIGILL, sighandler, 0);
241 do_test(vm86, vmcode_umip_str - vmcode, VM86_SIGNAL, 0,
242 "STR instruction");
243 clearhandler(SIGILL);
244
245 sethandler(SIGILL, sighandler, 0);
246 do_test(vm86, vmcode_umip_sldt - vmcode, VM86_SIGNAL, 0,
247 "SLDT instruction");
248 clearhandler(SIGILL);
249 }
250
251 int main(void)
252 {
253 struct vm86plus_struct v86;
254 unsigned char *addr = mmap((void *)load_addr, 4096,
255 PROT_READ | PROT_WRITE | PROT_EXEC,
256 MAP_ANONYMOUS | MAP_PRIVATE, -1,0);
257 if (addr != (unsigned char *)load_addr)
258 err(1, "mmap");
259
260 memcpy(addr, vmcode, end_vmcode - vmcode);
261 addr[2048] = 2;
262 addr[2050] = 3;
263
264 memset(&v86, 0, sizeof(v86));
265
266 v86.regs.cs = load_addr / 16;
267 v86.regs.ss = load_addr / 16;
268 v86.regs.ds = load_addr / 16;
269 v86.regs.es = load_addr / 16;
270
271 /* Use the end of the page as our stack. */
272 v86.regs.esp = 4096;
273
274 assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */
275
276 /* #BR -- should deliver SIG??? */
277 do_test(&v86, vmcode_bound - vmcode, VM86_INTx, 5, "#BR");
278
279 /*
280 * SYSENTER -- should cause #GP or #UD depending on CPU.
281 * Expected return type -1 means that we shouldn't validate
282 * the vm86 return value. This will avoid problems on non-SEP
283 * CPUs.
284 */
285 sethandler(SIGILL, sighandler, 0);
286 do_test(&v86, vmcode_sysenter - vmcode, -1, 0, "SYSENTER");
287 clearhandler(SIGILL);
288
289 /*
290 * SYSCALL would be a disaster in VM86 mode. Fortunately,
291 * there is no kernel that both enables SYSCALL and sets
292 * EFER.SCE, so it's #UD on all systems. But vm86 is
293 * buggy (or has a "feature"), so the SIGILL will actually
294 * be delivered.
295 */
296 sethandler(SIGILL, sighandler, 0);
297 do_test(&v86, vmcode_syscall - vmcode, VM86_SIGNAL, 0, "SYSCALL");
298 clearhandler(SIGILL);
299
300 /* STI with VIP set */
301 v86.regs.eflags |= X86_EFLAGS_VIP;
302 v86.regs.eflags &= ~X86_EFLAGS_IF;
303 do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set");
304
305 /* POPF with VIP set but IF clear: should not trap */
306 v86.regs.eflags = X86_EFLAGS_VIP;
307 v86.regs.eax = 0;
308 do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP set and IF clear");
309
310 /* POPF with VIP set and IF set: should trap */
311 v86.regs.eflags = X86_EFLAGS_VIP;
312 v86.regs.eax = X86_EFLAGS_IF;
313 do_test(&v86, vmcode_popf_hlt - vmcode, VM86_STI, 0, "POPF with VIP and IF set");
314
315 /* POPF with VIP clear and IF set: should not trap */
316 v86.regs.eflags = 0;
317 v86.regs.eax = X86_EFLAGS_IF;
318 do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP clear and IF set");
319
320 v86.regs.eflags = 0;
321
322 /* INT3 -- should cause #BP */
323 do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3");
324
325 /* INT80 -- should exit with "INTx 0x80" */
326 v86.regs.eax = (unsigned int)-1;
327 do_test(&v86, vmcode_int80 - vmcode, VM86_INTx, 0x80, "int80");
328
329 /* UMIP -- should exit with INTx 0x80 unless UMIP was not disabled */
330 do_umip_tests(&v86, addr);
331
332 /* Execute a null pointer */
333 v86.regs.cs = 0;
334 v86.regs.ss = 0;
335 sethandler(SIGSEGV, sighandler, 0);
336 got_signal = 0;
337 if (do_test(&v86, 0, VM86_SIGNAL, 0, "Execute null pointer") &&
338 !got_signal) {
339 printf("[FAIL]\tDid not receive SIGSEGV\n");
340 nerrs++;
341 }
342 clearhandler(SIGSEGV);
343
344 /* Make sure nothing explodes if we fork. */
345 if (fork() == 0)
346 return 0;
347
348 return (nerrs == 0 ? 0 : 1);
349 }
Linux with added FPC-III support