search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.133
[linux/fpc-iii.git] / tools / testing / selftests / x86 / sysret_rip.c
blobd85ec5b3671cc9bb97d7b445697de15d07b46104
1 /*
2 * sigreturn.c - tests that x86 avoids Intel SYSRET pitfalls
3 * Copyright (c) 2014-2016 Andrew Lutomirski
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 */
14
15 #define _GNU_SOURCE
16
17 #include <stdlib.h>
18 #include <unistd.h>
19 #include <stdio.h>
20 #include <string.h>
21 #include <inttypes.h>
22 #include <sys/signal.h>
23 #include <sys/ucontext.h>
24 #include <sys/syscall.h>
25 #include <err.h>
26 #include <stddef.h>
27 #include <stdbool.h>
28 #include <setjmp.h>
29 #include <sys/user.h>
30 #include <sys/mman.h>
31 #include <assert.h>
32
33
34 asm (
35 ".pushsection \".text\", \"ax\"\n\t"
36 ".balign 4096\n\t"
37 "test_page: .globl test_page\n\t"
38 ".fill 4094,1,0xcc\n\t"
39 "test_syscall_insn:\n\t"
40 "syscall\n\t"
41 ".ifne . - test_page - 4096\n\t"
42 ".error \"test page is not one page long\"\n\t"
43 ".endif\n\t"
44 ".popsection"
45 );
46
47 extern const char test_page[];
48 static void const *current_test_page_addr = test_page;
49
50 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
51 int flags)
52 {
53 struct sigaction sa;
54 memset(&sa, 0, sizeof(sa));
55 sa.sa_sigaction = handler;
56 sa.sa_flags = SA_SIGINFO | flags;
57 sigemptyset(&sa.sa_mask);
58 if (sigaction(sig, &sa, 0))
59 err(1, "sigaction");
60 }
61
62 static void clearhandler(int sig)
63 {
64 struct sigaction sa;
65 memset(&sa, 0, sizeof(sa));
66 sa.sa_handler = SIG_DFL;
67 sigemptyset(&sa.sa_mask);
68 if (sigaction(sig, &sa, 0))
69 err(1, "sigaction");
70 }
71
72 /* State used by our signal handlers. */
73 static gregset_t initial_regs;
74
75 static volatile unsigned long rip;
76
77 static void sigsegv_for_sigreturn_test(int sig, siginfo_t *info, void *ctx_void)
78 {
79 ucontext_t *ctx = (ucontext_t*)ctx_void;
80
81 if (rip != ctx->uc_mcontext.gregs[REG_RIP]) {
82 printf("[FAIL]\tRequested RIP=0x%lx but got RIP=0x%lx\n",
83 rip, (unsigned long)ctx->uc_mcontext.gregs[REG_RIP]);
84 fflush(stdout);
85 _exit(1);
86 }
87
88 memcpy(&ctx->uc_mcontext.gregs, &initial_regs, sizeof(gregset_t));
89
90 printf("[OK]\tGot SIGSEGV at RIP=0x%lx\n", rip);
91 }
92
93 static void sigusr1(int sig, siginfo_t *info, void *ctx_void)
94 {
95 ucontext_t *ctx = (ucontext_t*)ctx_void;
96
97 memcpy(&initial_regs, &ctx->uc_mcontext.gregs, sizeof(gregset_t));
98
99 /* Set IP and CX to match so that SYSRET can happen. */
100 ctx->uc_mcontext.gregs[REG_RIP] = rip;
101 ctx->uc_mcontext.gregs[REG_RCX] = rip;
102
103 /* R11 and EFLAGS should already match. */
104 assert(ctx->uc_mcontext.gregs[REG_EFL] ==
105 ctx->uc_mcontext.gregs[REG_R11]);
106
107 sethandler(SIGSEGV, sigsegv_for_sigreturn_test, SA_RESETHAND);
108
109 return;
110 }
111
112 static void test_sigreturn_to(unsigned long ip)
113 {
114 rip = ip;
115 printf("[RUN]\tsigreturn to 0x%lx\n", ip);
116 raise(SIGUSR1);
117 }
118
119 static jmp_buf jmpbuf;
120
121 static void sigsegv_for_fallthrough(int sig, siginfo_t *info, void *ctx_void)
122 {
123 ucontext_t *ctx = (ucontext_t*)ctx_void;
124
125 if (rip != ctx->uc_mcontext.gregs[REG_RIP]) {
126 printf("[FAIL]\tExpected SIGSEGV at 0x%lx but got RIP=0x%lx\n",
127 rip, (unsigned long)ctx->uc_mcontext.gregs[REG_RIP]);
128 fflush(stdout);
129 _exit(1);
130 }
131
132 siglongjmp(jmpbuf, 1);
133 }
134
135 static void test_syscall_fallthrough_to(unsigned long ip)
136 {
137 void *new_address = (void *)(ip - 4096);
138 void *ret;
139
140 printf("[RUN]\tTrying a SYSCALL that falls through to 0x%lx\n", ip);
141
142 ret = mremap((void *)current_test_page_addr, 4096, 4096,
143 MREMAP_MAYMOVE | MREMAP_FIXED, new_address);
144 if (ret == MAP_FAILED) {
145 if (ip <= (1UL << 47) - PAGE_SIZE) {
146 err(1, "mremap to %p", new_address);
147 } else {
148 printf("[OK]\tmremap to %p failed\n", new_address);
149 return;
150 }
151 }
152
153 if (ret != new_address)
154 errx(1, "mremap malfunctioned: asked for %p but got %p\n",
155 new_address, ret);
156
157 current_test_page_addr = new_address;
158 rip = ip;
159
160 if (sigsetjmp(jmpbuf, 1) == 0) {
161 asm volatile ("call *%[syscall_insn]" :: "a" (SYS_getpid),
162 [syscall_insn] "rm" (ip - 2));
163 errx(1, "[FAIL]\tSyscall trampoline returned");
164 }
165
166 printf("[OK]\tWe survived\n");
167 }
168
169 int main()
170 {
171 /*
172 * When the kernel returns from a slow-path syscall, it will
173 * detect whether SYSRET is appropriate. If it incorrectly
174 * thinks that SYSRET is appropriate when RIP is noncanonical,
175 * it'll crash on Intel CPUs.
176 */
177 sethandler(SIGUSR1, sigusr1, 0);
178 for (int i = 47; i < 64; i++)
179 test_sigreturn_to(1UL<<i);
180
181 clearhandler(SIGUSR1);
182
183 sethandler(SIGSEGV, sigsegv_for_fallthrough, 0);
184
185 /* One extra test to check that we didn't screw up the mremap logic. */
186 test_syscall_fallthrough_to((1UL << 47) - 2*PAGE_SIZE);
187
188 /* These are the interesting cases. */
189 for (int i = 47; i < 64; i++) {
190 test_syscall_fallthrough_to((1UL<<i) - PAGE_SIZE);
191 test_syscall_fallthrough_to(1UL<<i);
192 }
193
194 return 0;
195 }
Linux with added FPC-III support