18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * ldt_gdt.c - Test cases for LDT and GDT access 48c2ecf20Sopenharmony_ci * Copyright (c) 2015 Andrew Lutomirski 58c2ecf20Sopenharmony_ci */ 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_ci#define _GNU_SOURCE 88c2ecf20Sopenharmony_ci#include <err.h> 98c2ecf20Sopenharmony_ci#include <stdio.h> 108c2ecf20Sopenharmony_ci#include <stdint.h> 118c2ecf20Sopenharmony_ci#include <signal.h> 128c2ecf20Sopenharmony_ci#include <setjmp.h> 138c2ecf20Sopenharmony_ci#include <stdlib.h> 148c2ecf20Sopenharmony_ci#include <string.h> 158c2ecf20Sopenharmony_ci#include <errno.h> 168c2ecf20Sopenharmony_ci#include <unistd.h> 178c2ecf20Sopenharmony_ci#include <sys/syscall.h> 188c2ecf20Sopenharmony_ci#include <asm/ldt.h> 198c2ecf20Sopenharmony_ci#include <sys/types.h> 208c2ecf20Sopenharmony_ci#include <sys/wait.h> 218c2ecf20Sopenharmony_ci#include <stdbool.h> 228c2ecf20Sopenharmony_ci#include <pthread.h> 238c2ecf20Sopenharmony_ci#include <sched.h> 248c2ecf20Sopenharmony_ci#include <linux/futex.h> 258c2ecf20Sopenharmony_ci#include <sys/mman.h> 268c2ecf20Sopenharmony_ci#include <asm/prctl.h> 278c2ecf20Sopenharmony_ci#include <sys/prctl.h> 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ci#define AR_ACCESSED (1<<8) 308c2ecf20Sopenharmony_ci 318c2ecf20Sopenharmony_ci#define AR_TYPE_RODATA (0 * (1<<9)) 328c2ecf20Sopenharmony_ci#define AR_TYPE_RWDATA (1 * (1<<9)) 338c2ecf20Sopenharmony_ci#define AR_TYPE_RODATA_EXPDOWN (2 * (1<<9)) 348c2ecf20Sopenharmony_ci#define AR_TYPE_RWDATA_EXPDOWN (3 * (1<<9)) 358c2ecf20Sopenharmony_ci#define AR_TYPE_XOCODE (4 * (1<<9)) 368c2ecf20Sopenharmony_ci#define AR_TYPE_XRCODE (5 * (1<<9)) 378c2ecf20Sopenharmony_ci#define AR_TYPE_XOCODE_CONF (6 * (1<<9)) 388c2ecf20Sopenharmony_ci#define AR_TYPE_XRCODE_CONF (7 * (1<<9)) 398c2ecf20Sopenharmony_ci 408c2ecf20Sopenharmony_ci#define AR_DPL3 (3 * (1<<13)) 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_ci#define AR_S (1 << 12) 438c2ecf20Sopenharmony_ci#define AR_P (1 << 15) 448c2ecf20Sopenharmony_ci#define AR_AVL (1 << 20) 458c2ecf20Sopenharmony_ci#define AR_L (1 << 21) 468c2ecf20Sopenharmony_ci#define AR_DB (1 << 22) 478c2ecf20Sopenharmony_ci#define AR_G (1 << 23) 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci#ifdef __x86_64__ 508c2ecf20Sopenharmony_ci# define INT80_CLOBBERS "r8", "r9", "r10", "r11" 518c2ecf20Sopenharmony_ci#else 528c2ecf20Sopenharmony_ci# define INT80_CLOBBERS 538c2ecf20Sopenharmony_ci#endif 548c2ecf20Sopenharmony_ci 558c2ecf20Sopenharmony_cistatic int nerrs; 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_ci/* Points to an array of 1024 ints, each holding its own index. */ 588c2ecf20Sopenharmony_cistatic const unsigned int *counter_page; 598c2ecf20Sopenharmony_cistatic struct user_desc *low_user_desc; 608c2ecf20Sopenharmony_cistatic struct user_desc *low_user_desc_clear; /* Use to delete GDT entry */ 618c2ecf20Sopenharmony_cistatic int gdt_entry_num; 628c2ecf20Sopenharmony_ci 638c2ecf20Sopenharmony_cistatic void check_invalid_segment(uint16_t index, int ldt) 648c2ecf20Sopenharmony_ci{ 658c2ecf20Sopenharmony_ci uint32_t has_limit = 0, has_ar = 0, limit, ar; 668c2ecf20Sopenharmony_ci uint32_t selector = (index << 3) | (ldt << 2) | 3; 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_ci asm ("lsl %[selector], %[limit]\n\t" 698c2ecf20Sopenharmony_ci "jnz 1f\n\t" 708c2ecf20Sopenharmony_ci "movl $1, %[has_limit]\n\t" 718c2ecf20Sopenharmony_ci "1:" 728c2ecf20Sopenharmony_ci : [limit] "=r" (limit), [has_limit] "+rm" (has_limit) 738c2ecf20Sopenharmony_ci : [selector] "r" (selector)); 748c2ecf20Sopenharmony_ci asm ("larl %[selector], %[ar]\n\t" 758c2ecf20Sopenharmony_ci "jnz 1f\n\t" 768c2ecf20Sopenharmony_ci "movl $1, %[has_ar]\n\t" 778c2ecf20Sopenharmony_ci "1:" 788c2ecf20Sopenharmony_ci : [ar] "=r" (ar), [has_ar] "+rm" (has_ar) 798c2ecf20Sopenharmony_ci : [selector] "r" (selector)); 808c2ecf20Sopenharmony_ci 818c2ecf20Sopenharmony_ci if (has_limit || has_ar) { 828c2ecf20Sopenharmony_ci printf("[FAIL]\t%s entry %hu is valid but should be invalid\n", 838c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index); 848c2ecf20Sopenharmony_ci nerrs++; 858c2ecf20Sopenharmony_ci } else { 868c2ecf20Sopenharmony_ci printf("[OK]\t%s entry %hu is invalid\n", 878c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index); 888c2ecf20Sopenharmony_ci } 898c2ecf20Sopenharmony_ci} 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_cistatic void check_valid_segment(uint16_t index, int ldt, 928c2ecf20Sopenharmony_ci uint32_t expected_ar, uint32_t expected_limit, 938c2ecf20Sopenharmony_ci bool verbose) 948c2ecf20Sopenharmony_ci{ 958c2ecf20Sopenharmony_ci uint32_t has_limit = 0, has_ar = 0, limit, ar; 968c2ecf20Sopenharmony_ci uint32_t selector = (index << 3) | (ldt << 2) | 3; 978c2ecf20Sopenharmony_ci 988c2ecf20Sopenharmony_ci asm ("lsl %[selector], %[limit]\n\t" 998c2ecf20Sopenharmony_ci "jnz 1f\n\t" 1008c2ecf20Sopenharmony_ci "movl $1, %[has_limit]\n\t" 1018c2ecf20Sopenharmony_ci "1:" 1028c2ecf20Sopenharmony_ci : [limit] "=r" (limit), [has_limit] "+rm" (has_limit) 1038c2ecf20Sopenharmony_ci : [selector] "r" (selector)); 1048c2ecf20Sopenharmony_ci asm ("larl %[selector], %[ar]\n\t" 1058c2ecf20Sopenharmony_ci "jnz 1f\n\t" 1068c2ecf20Sopenharmony_ci "movl $1, %[has_ar]\n\t" 1078c2ecf20Sopenharmony_ci "1:" 1088c2ecf20Sopenharmony_ci : [ar] "=r" (ar), [has_ar] "+rm" (has_ar) 1098c2ecf20Sopenharmony_ci : [selector] "r" (selector)); 1108c2ecf20Sopenharmony_ci 1118c2ecf20Sopenharmony_ci if (!has_limit || !has_ar) { 1128c2ecf20Sopenharmony_ci printf("[FAIL]\t%s entry %hu is invalid but should be valid\n", 1138c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index); 1148c2ecf20Sopenharmony_ci nerrs++; 1158c2ecf20Sopenharmony_ci return; 1168c2ecf20Sopenharmony_ci } 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci /* The SDM says "bits 19:16 are undefined". Thanks. */ 1198c2ecf20Sopenharmony_ci ar &= ~0xF0000; 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci /* 1228c2ecf20Sopenharmony_ci * NB: Different Linux versions do different things with the 1238c2ecf20Sopenharmony_ci * accessed bit in set_thread_area(). 1248c2ecf20Sopenharmony_ci */ 1258c2ecf20Sopenharmony_ci if (ar != expected_ar && ar != (expected_ar | AR_ACCESSED)) { 1268c2ecf20Sopenharmony_ci printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n", 1278c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index, ar, expected_ar); 1288c2ecf20Sopenharmony_ci nerrs++; 1298c2ecf20Sopenharmony_ci } else if (limit != expected_limit) { 1308c2ecf20Sopenharmony_ci printf("[FAIL]\t%s entry %hu has limit 0x%08X but expected 0x%08X\n", 1318c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index, limit, expected_limit); 1328c2ecf20Sopenharmony_ci nerrs++; 1338c2ecf20Sopenharmony_ci } else if (verbose) { 1348c2ecf20Sopenharmony_ci printf("[OK]\t%s entry %hu has AR 0x%08X and limit 0x%08X\n", 1358c2ecf20Sopenharmony_ci (ldt ? "LDT" : "GDT"), index, ar, limit); 1368c2ecf20Sopenharmony_ci } 1378c2ecf20Sopenharmony_ci} 1388c2ecf20Sopenharmony_ci 1398c2ecf20Sopenharmony_cistatic bool install_valid_mode(const struct user_desc *d, uint32_t ar, 1408c2ecf20Sopenharmony_ci bool oldmode, bool ldt) 1418c2ecf20Sopenharmony_ci{ 1428c2ecf20Sopenharmony_ci struct user_desc desc = *d; 1438c2ecf20Sopenharmony_ci int ret; 1448c2ecf20Sopenharmony_ci 1458c2ecf20Sopenharmony_ci if (!ldt) { 1468c2ecf20Sopenharmony_ci#ifndef __i386__ 1478c2ecf20Sopenharmony_ci /* No point testing set_thread_area in a 64-bit build */ 1488c2ecf20Sopenharmony_ci return false; 1498c2ecf20Sopenharmony_ci#endif 1508c2ecf20Sopenharmony_ci if (!gdt_entry_num) 1518c2ecf20Sopenharmony_ci return false; 1528c2ecf20Sopenharmony_ci desc.entry_number = gdt_entry_num; 1538c2ecf20Sopenharmony_ci 1548c2ecf20Sopenharmony_ci ret = syscall(SYS_set_thread_area, &desc); 1558c2ecf20Sopenharmony_ci } else { 1568c2ecf20Sopenharmony_ci ret = syscall(SYS_modify_ldt, oldmode ? 1 : 0x11, 1578c2ecf20Sopenharmony_ci &desc, sizeof(desc)); 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci if (ret < -1) 1608c2ecf20Sopenharmony_ci errno = -ret; 1618c2ecf20Sopenharmony_ci 1628c2ecf20Sopenharmony_ci if (ret != 0 && errno == ENOSYS) { 1638c2ecf20Sopenharmony_ci printf("[OK]\tmodify_ldt returned -ENOSYS\n"); 1648c2ecf20Sopenharmony_ci return false; 1658c2ecf20Sopenharmony_ci } 1668c2ecf20Sopenharmony_ci } 1678c2ecf20Sopenharmony_ci 1688c2ecf20Sopenharmony_ci if (ret == 0) { 1698c2ecf20Sopenharmony_ci uint32_t limit = desc.limit; 1708c2ecf20Sopenharmony_ci if (desc.limit_in_pages) 1718c2ecf20Sopenharmony_ci limit = (limit << 12) + 4095; 1728c2ecf20Sopenharmony_ci check_valid_segment(desc.entry_number, ldt, ar, limit, true); 1738c2ecf20Sopenharmony_ci return true; 1748c2ecf20Sopenharmony_ci } else { 1758c2ecf20Sopenharmony_ci if (desc.seg_32bit) { 1768c2ecf20Sopenharmony_ci printf("[FAIL]\tUnexpected %s failure %d\n", 1778c2ecf20Sopenharmony_ci ldt ? "modify_ldt" : "set_thread_area", 1788c2ecf20Sopenharmony_ci errno); 1798c2ecf20Sopenharmony_ci nerrs++; 1808c2ecf20Sopenharmony_ci return false; 1818c2ecf20Sopenharmony_ci } else { 1828c2ecf20Sopenharmony_ci printf("[OK]\t%s rejected 16 bit segment\n", 1838c2ecf20Sopenharmony_ci ldt ? "modify_ldt" : "set_thread_area"); 1848c2ecf20Sopenharmony_ci return false; 1858c2ecf20Sopenharmony_ci } 1868c2ecf20Sopenharmony_ci } 1878c2ecf20Sopenharmony_ci} 1888c2ecf20Sopenharmony_ci 1898c2ecf20Sopenharmony_cistatic bool install_valid(const struct user_desc *desc, uint32_t ar) 1908c2ecf20Sopenharmony_ci{ 1918c2ecf20Sopenharmony_ci bool ret = install_valid_mode(desc, ar, false, true); 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_ci if (desc->contents <= 1 && desc->seg_32bit && 1948c2ecf20Sopenharmony_ci !desc->seg_not_present) { 1958c2ecf20Sopenharmony_ci /* Should work in the GDT, too. */ 1968c2ecf20Sopenharmony_ci install_valid_mode(desc, ar, false, false); 1978c2ecf20Sopenharmony_ci } 1988c2ecf20Sopenharmony_ci 1998c2ecf20Sopenharmony_ci return ret; 2008c2ecf20Sopenharmony_ci} 2018c2ecf20Sopenharmony_ci 2028c2ecf20Sopenharmony_cistatic void install_invalid(const struct user_desc *desc, bool oldmode) 2038c2ecf20Sopenharmony_ci{ 2048c2ecf20Sopenharmony_ci int ret = syscall(SYS_modify_ldt, oldmode ? 1 : 0x11, 2058c2ecf20Sopenharmony_ci desc, sizeof(*desc)); 2068c2ecf20Sopenharmony_ci if (ret < -1) 2078c2ecf20Sopenharmony_ci errno = -ret; 2088c2ecf20Sopenharmony_ci if (ret == 0) { 2098c2ecf20Sopenharmony_ci check_invalid_segment(desc->entry_number, 1); 2108c2ecf20Sopenharmony_ci } else if (errno == ENOSYS) { 2118c2ecf20Sopenharmony_ci printf("[OK]\tmodify_ldt returned -ENOSYS\n"); 2128c2ecf20Sopenharmony_ci } else { 2138c2ecf20Sopenharmony_ci if (desc->seg_32bit) { 2148c2ecf20Sopenharmony_ci printf("[FAIL]\tUnexpected modify_ldt failure %d\n", 2158c2ecf20Sopenharmony_ci errno); 2168c2ecf20Sopenharmony_ci nerrs++; 2178c2ecf20Sopenharmony_ci } else { 2188c2ecf20Sopenharmony_ci printf("[OK]\tmodify_ldt rejected 16 bit segment\n"); 2198c2ecf20Sopenharmony_ci } 2208c2ecf20Sopenharmony_ci } 2218c2ecf20Sopenharmony_ci} 2228c2ecf20Sopenharmony_ci 2238c2ecf20Sopenharmony_cistatic int safe_modify_ldt(int func, struct user_desc *ptr, 2248c2ecf20Sopenharmony_ci unsigned long bytecount) 2258c2ecf20Sopenharmony_ci{ 2268c2ecf20Sopenharmony_ci int ret = syscall(SYS_modify_ldt, 0x11, ptr, bytecount); 2278c2ecf20Sopenharmony_ci if (ret < -1) 2288c2ecf20Sopenharmony_ci errno = -ret; 2298c2ecf20Sopenharmony_ci return ret; 2308c2ecf20Sopenharmony_ci} 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_cistatic void fail_install(struct user_desc *desc) 2338c2ecf20Sopenharmony_ci{ 2348c2ecf20Sopenharmony_ci if (safe_modify_ldt(0x11, desc, sizeof(*desc)) == 0) { 2358c2ecf20Sopenharmony_ci printf("[FAIL]\tmodify_ldt accepted a bad descriptor\n"); 2368c2ecf20Sopenharmony_ci nerrs++; 2378c2ecf20Sopenharmony_ci } else if (errno == ENOSYS) { 2388c2ecf20Sopenharmony_ci printf("[OK]\tmodify_ldt returned -ENOSYS\n"); 2398c2ecf20Sopenharmony_ci } else { 2408c2ecf20Sopenharmony_ci printf("[OK]\tmodify_ldt failure %d\n", errno); 2418c2ecf20Sopenharmony_ci } 2428c2ecf20Sopenharmony_ci} 2438c2ecf20Sopenharmony_ci 2448c2ecf20Sopenharmony_cistatic void do_simple_tests(void) 2458c2ecf20Sopenharmony_ci{ 2468c2ecf20Sopenharmony_ci struct user_desc desc = { 2478c2ecf20Sopenharmony_ci .entry_number = 0, 2488c2ecf20Sopenharmony_ci .base_addr = 0, 2498c2ecf20Sopenharmony_ci .limit = 10, 2508c2ecf20Sopenharmony_ci .seg_32bit = 1, 2518c2ecf20Sopenharmony_ci .contents = 2, /* Code, not conforming */ 2528c2ecf20Sopenharmony_ci .read_exec_only = 0, 2538c2ecf20Sopenharmony_ci .limit_in_pages = 0, 2548c2ecf20Sopenharmony_ci .seg_not_present = 0, 2558c2ecf20Sopenharmony_ci .useable = 0 2568c2ecf20Sopenharmony_ci }; 2578c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | AR_S | AR_P | AR_DB); 2588c2ecf20Sopenharmony_ci 2598c2ecf20Sopenharmony_ci desc.limit_in_pages = 1; 2608c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2618c2ecf20Sopenharmony_ci AR_S | AR_P | AR_DB | AR_G); 2628c2ecf20Sopenharmony_ci 2638c2ecf20Sopenharmony_ci check_invalid_segment(1, 1); 2648c2ecf20Sopenharmony_ci 2658c2ecf20Sopenharmony_ci desc.entry_number = 2; 2668c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2678c2ecf20Sopenharmony_ci AR_S | AR_P | AR_DB | AR_G); 2688c2ecf20Sopenharmony_ci 2698c2ecf20Sopenharmony_ci check_invalid_segment(1, 1); 2708c2ecf20Sopenharmony_ci 2718c2ecf20Sopenharmony_ci desc.base_addr = 0xf0000000; 2728c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2738c2ecf20Sopenharmony_ci AR_S | AR_P | AR_DB | AR_G); 2748c2ecf20Sopenharmony_ci 2758c2ecf20Sopenharmony_ci desc.useable = 1; 2768c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2778c2ecf20Sopenharmony_ci AR_S | AR_P | AR_DB | AR_G | AR_AVL); 2788c2ecf20Sopenharmony_ci 2798c2ecf20Sopenharmony_ci desc.seg_not_present = 1; 2808c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2818c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_G | AR_AVL); 2828c2ecf20Sopenharmony_ci 2838c2ecf20Sopenharmony_ci desc.seg_32bit = 0; 2848c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 2858c2ecf20Sopenharmony_ci AR_S | AR_G | AR_AVL); 2868c2ecf20Sopenharmony_ci 2878c2ecf20Sopenharmony_ci desc.seg_32bit = 1; 2888c2ecf20Sopenharmony_ci desc.contents = 0; 2898c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | 2908c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_G | AR_AVL); 2918c2ecf20Sopenharmony_ci 2928c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 2938c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | 2948c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_G | AR_AVL); 2958c2ecf20Sopenharmony_ci 2968c2ecf20Sopenharmony_ci desc.contents = 1; 2978c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | 2988c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_G | AR_AVL); 2998c2ecf20Sopenharmony_ci 3008c2ecf20Sopenharmony_ci desc.read_exec_only = 0; 3018c2ecf20Sopenharmony_ci desc.limit_in_pages = 0; 3028c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | 3038c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3048c2ecf20Sopenharmony_ci 3058c2ecf20Sopenharmony_ci desc.contents = 3; 3068c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE_CONF | 3078c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3088c2ecf20Sopenharmony_ci 3098c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 3108c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE_CONF | 3118c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3128c2ecf20Sopenharmony_ci 3138c2ecf20Sopenharmony_ci desc.read_exec_only = 0; 3148c2ecf20Sopenharmony_ci desc.contents = 2; 3158c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | 3168c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3178c2ecf20Sopenharmony_ci 3188c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 3198c2ecf20Sopenharmony_ci 3208c2ecf20Sopenharmony_ci#ifdef __x86_64__ 3218c2ecf20Sopenharmony_ci desc.lm = 1; 3228c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE | 3238c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3248c2ecf20Sopenharmony_ci desc.lm = 0; 3258c2ecf20Sopenharmony_ci#endif 3268c2ecf20Sopenharmony_ci 3278c2ecf20Sopenharmony_ci bool entry1_okay = install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE | 3288c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL); 3298c2ecf20Sopenharmony_ci 3308c2ecf20Sopenharmony_ci if (entry1_okay) { 3318c2ecf20Sopenharmony_ci printf("[RUN]\tTest fork\n"); 3328c2ecf20Sopenharmony_ci pid_t child = fork(); 3338c2ecf20Sopenharmony_ci if (child == 0) { 3348c2ecf20Sopenharmony_ci nerrs = 0; 3358c2ecf20Sopenharmony_ci check_valid_segment(desc.entry_number, 1, 3368c2ecf20Sopenharmony_ci AR_DPL3 | AR_TYPE_XOCODE | 3378c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL, desc.limit, 3388c2ecf20Sopenharmony_ci true); 3398c2ecf20Sopenharmony_ci check_invalid_segment(1, 1); 3408c2ecf20Sopenharmony_ci exit(nerrs ? 1 : 0); 3418c2ecf20Sopenharmony_ci } else { 3428c2ecf20Sopenharmony_ci int status; 3438c2ecf20Sopenharmony_ci if (waitpid(child, &status, 0) != child || 3448c2ecf20Sopenharmony_ci !WIFEXITED(status)) { 3458c2ecf20Sopenharmony_ci printf("[FAIL]\tChild died\n"); 3468c2ecf20Sopenharmony_ci nerrs++; 3478c2ecf20Sopenharmony_ci } else if (WEXITSTATUS(status) != 0) { 3488c2ecf20Sopenharmony_ci printf("[FAIL]\tChild failed\n"); 3498c2ecf20Sopenharmony_ci nerrs++; 3508c2ecf20Sopenharmony_ci } else { 3518c2ecf20Sopenharmony_ci printf("[OK]\tChild succeeded\n"); 3528c2ecf20Sopenharmony_ci } 3538c2ecf20Sopenharmony_ci } 3548c2ecf20Sopenharmony_ci 3558c2ecf20Sopenharmony_ci printf("[RUN]\tTest size\n"); 3568c2ecf20Sopenharmony_ci int i; 3578c2ecf20Sopenharmony_ci for (i = 0; i < 8192; i++) { 3588c2ecf20Sopenharmony_ci desc.entry_number = i; 3598c2ecf20Sopenharmony_ci desc.limit = i; 3608c2ecf20Sopenharmony_ci if (safe_modify_ldt(0x11, &desc, sizeof(desc)) != 0) { 3618c2ecf20Sopenharmony_ci printf("[FAIL]\tFailed to install entry %d\n", i); 3628c2ecf20Sopenharmony_ci nerrs++; 3638c2ecf20Sopenharmony_ci break; 3648c2ecf20Sopenharmony_ci } 3658c2ecf20Sopenharmony_ci } 3668c2ecf20Sopenharmony_ci for (int j = 0; j < i; j++) { 3678c2ecf20Sopenharmony_ci check_valid_segment(j, 1, AR_DPL3 | AR_TYPE_XOCODE | 3688c2ecf20Sopenharmony_ci AR_S | AR_DB | AR_AVL, j, false); 3698c2ecf20Sopenharmony_ci } 3708c2ecf20Sopenharmony_ci printf("[DONE]\tSize test\n"); 3718c2ecf20Sopenharmony_ci } else { 3728c2ecf20Sopenharmony_ci printf("[SKIP]\tSkipping fork and size tests because we have no LDT\n"); 3738c2ecf20Sopenharmony_ci } 3748c2ecf20Sopenharmony_ci 3758c2ecf20Sopenharmony_ci /* Test entry_number too high. */ 3768c2ecf20Sopenharmony_ci desc.entry_number = 8192; 3778c2ecf20Sopenharmony_ci fail_install(&desc); 3788c2ecf20Sopenharmony_ci 3798c2ecf20Sopenharmony_ci /* Test deletion and actions mistakeable for deletion. */ 3808c2ecf20Sopenharmony_ci memset(&desc, 0, sizeof(desc)); 3818c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P); 3828c2ecf20Sopenharmony_ci 3838c2ecf20Sopenharmony_ci desc.seg_not_present = 1; 3848c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S); 3858c2ecf20Sopenharmony_ci 3868c2ecf20Sopenharmony_ci desc.seg_not_present = 0; 3878c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 3888c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P); 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_ci desc.read_exec_only = 0; 3918c2ecf20Sopenharmony_ci desc.seg_not_present = 1; 3928c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S); 3938c2ecf20Sopenharmony_ci 3948c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 3958c2ecf20Sopenharmony_ci desc.limit = 1; 3968c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S); 3978c2ecf20Sopenharmony_ci 3988c2ecf20Sopenharmony_ci desc.limit = 0; 3998c2ecf20Sopenharmony_ci desc.base_addr = 1; 4008c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S); 4018c2ecf20Sopenharmony_ci 4028c2ecf20Sopenharmony_ci desc.base_addr = 0; 4038c2ecf20Sopenharmony_ci install_invalid(&desc, false); 4048c2ecf20Sopenharmony_ci 4058c2ecf20Sopenharmony_ci desc.seg_not_present = 0; 4068c2ecf20Sopenharmony_ci desc.seg_32bit = 1; 4078c2ecf20Sopenharmony_ci desc.read_exec_only = 0; 4088c2ecf20Sopenharmony_ci desc.limit = 0xfffff; 4098c2ecf20Sopenharmony_ci 4108c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB); 4118c2ecf20Sopenharmony_ci 4128c2ecf20Sopenharmony_ci desc.limit_in_pages = 1; 4138c2ecf20Sopenharmony_ci 4148c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G); 4158c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 4168c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G); 4178c2ecf20Sopenharmony_ci desc.contents = 1; 4188c2ecf20Sopenharmony_ci desc.read_exec_only = 0; 4198c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); 4208c2ecf20Sopenharmony_ci desc.read_exec_only = 1; 4218c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); 4228c2ecf20Sopenharmony_ci 4238c2ecf20Sopenharmony_ci desc.limit = 0; 4248c2ecf20Sopenharmony_ci install_invalid(&desc, true); 4258c2ecf20Sopenharmony_ci} 4268c2ecf20Sopenharmony_ci 4278c2ecf20Sopenharmony_ci/* 4288c2ecf20Sopenharmony_ci * 0: thread is idle 4298c2ecf20Sopenharmony_ci * 1: thread armed 4308c2ecf20Sopenharmony_ci * 2: thread should clear LDT entry 0 4318c2ecf20Sopenharmony_ci * 3: thread should exit 4328c2ecf20Sopenharmony_ci */ 4338c2ecf20Sopenharmony_cistatic volatile unsigned int ftx; 4348c2ecf20Sopenharmony_ci 4358c2ecf20Sopenharmony_cistatic void *threadproc(void *ctx) 4368c2ecf20Sopenharmony_ci{ 4378c2ecf20Sopenharmony_ci cpu_set_t cpuset; 4388c2ecf20Sopenharmony_ci CPU_ZERO(&cpuset); 4398c2ecf20Sopenharmony_ci CPU_SET(1, &cpuset); 4408c2ecf20Sopenharmony_ci if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) 4418c2ecf20Sopenharmony_ci err(1, "sched_setaffinity to CPU 1"); /* should never fail */ 4428c2ecf20Sopenharmony_ci 4438c2ecf20Sopenharmony_ci while (1) { 4448c2ecf20Sopenharmony_ci syscall(SYS_futex, &ftx, FUTEX_WAIT, 0, NULL, NULL, 0); 4458c2ecf20Sopenharmony_ci while (ftx != 2) { 4468c2ecf20Sopenharmony_ci if (ftx >= 3) 4478c2ecf20Sopenharmony_ci return NULL; 4488c2ecf20Sopenharmony_ci } 4498c2ecf20Sopenharmony_ci 4508c2ecf20Sopenharmony_ci /* clear LDT entry 0 */ 4518c2ecf20Sopenharmony_ci const struct user_desc desc = {}; 4528c2ecf20Sopenharmony_ci if (syscall(SYS_modify_ldt, 1, &desc, sizeof(desc)) != 0) 4538c2ecf20Sopenharmony_ci err(1, "modify_ldt"); 4548c2ecf20Sopenharmony_ci 4558c2ecf20Sopenharmony_ci /* If ftx == 2, set it to zero. If ftx == 100, quit. */ 4568c2ecf20Sopenharmony_ci unsigned int x = -2; 4578c2ecf20Sopenharmony_ci asm volatile ("lock xaddl %[x], %[ftx]" : 4588c2ecf20Sopenharmony_ci [x] "+r" (x), [ftx] "+m" (ftx)); 4598c2ecf20Sopenharmony_ci if (x != 2) 4608c2ecf20Sopenharmony_ci return NULL; 4618c2ecf20Sopenharmony_ci } 4628c2ecf20Sopenharmony_ci} 4638c2ecf20Sopenharmony_ci 4648c2ecf20Sopenharmony_ci#ifdef __i386__ 4658c2ecf20Sopenharmony_ci 4668c2ecf20Sopenharmony_ci#ifndef SA_RESTORE 4678c2ecf20Sopenharmony_ci#define SA_RESTORER 0x04000000 4688c2ecf20Sopenharmony_ci#endif 4698c2ecf20Sopenharmony_ci 4708c2ecf20Sopenharmony_ci/* 4718c2ecf20Sopenharmony_ci * The UAPI header calls this 'struct sigaction', which conflicts with 4728c2ecf20Sopenharmony_ci * glibc. Sigh. 4738c2ecf20Sopenharmony_ci */ 4748c2ecf20Sopenharmony_cistruct fake_ksigaction { 4758c2ecf20Sopenharmony_ci void *handler; /* the real type is nasty */ 4768c2ecf20Sopenharmony_ci unsigned long sa_flags; 4778c2ecf20Sopenharmony_ci void (*sa_restorer)(void); 4788c2ecf20Sopenharmony_ci unsigned char sigset[8]; 4798c2ecf20Sopenharmony_ci}; 4808c2ecf20Sopenharmony_ci 4818c2ecf20Sopenharmony_cistatic void fix_sa_restorer(int sig) 4828c2ecf20Sopenharmony_ci{ 4838c2ecf20Sopenharmony_ci struct fake_ksigaction ksa; 4848c2ecf20Sopenharmony_ci 4858c2ecf20Sopenharmony_ci if (syscall(SYS_rt_sigaction, sig, NULL, &ksa, 8) == 0) { 4868c2ecf20Sopenharmony_ci /* 4878c2ecf20Sopenharmony_ci * glibc has a nasty bug: it sometimes writes garbage to 4888c2ecf20Sopenharmony_ci * sa_restorer. This interacts quite badly with anything 4898c2ecf20Sopenharmony_ci * that fiddles with SS because it can trigger legacy 4908c2ecf20Sopenharmony_ci * stack switching. Patch it up. See: 4918c2ecf20Sopenharmony_ci * 4928c2ecf20Sopenharmony_ci * https://sourceware.org/bugzilla/show_bug.cgi?id=21269 4938c2ecf20Sopenharmony_ci */ 4948c2ecf20Sopenharmony_ci if (!(ksa.sa_flags & SA_RESTORER) && ksa.sa_restorer) { 4958c2ecf20Sopenharmony_ci ksa.sa_restorer = NULL; 4968c2ecf20Sopenharmony_ci if (syscall(SYS_rt_sigaction, sig, &ksa, NULL, 4978c2ecf20Sopenharmony_ci sizeof(ksa.sigset)) != 0) 4988c2ecf20Sopenharmony_ci err(1, "rt_sigaction"); 4998c2ecf20Sopenharmony_ci } 5008c2ecf20Sopenharmony_ci } 5018c2ecf20Sopenharmony_ci} 5028c2ecf20Sopenharmony_ci#else 5038c2ecf20Sopenharmony_cistatic void fix_sa_restorer(int sig) 5048c2ecf20Sopenharmony_ci{ 5058c2ecf20Sopenharmony_ci /* 64-bit glibc works fine. */ 5068c2ecf20Sopenharmony_ci} 5078c2ecf20Sopenharmony_ci#endif 5088c2ecf20Sopenharmony_ci 5098c2ecf20Sopenharmony_cistatic void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), 5108c2ecf20Sopenharmony_ci int flags) 5118c2ecf20Sopenharmony_ci{ 5128c2ecf20Sopenharmony_ci struct sigaction sa; 5138c2ecf20Sopenharmony_ci memset(&sa, 0, sizeof(sa)); 5148c2ecf20Sopenharmony_ci sa.sa_sigaction = handler; 5158c2ecf20Sopenharmony_ci sa.sa_flags = SA_SIGINFO | flags; 5168c2ecf20Sopenharmony_ci sigemptyset(&sa.sa_mask); 5178c2ecf20Sopenharmony_ci if (sigaction(sig, &sa, 0)) 5188c2ecf20Sopenharmony_ci err(1, "sigaction"); 5198c2ecf20Sopenharmony_ci 5208c2ecf20Sopenharmony_ci fix_sa_restorer(sig); 5218c2ecf20Sopenharmony_ci} 5228c2ecf20Sopenharmony_ci 5238c2ecf20Sopenharmony_cistatic jmp_buf jmpbuf; 5248c2ecf20Sopenharmony_ci 5258c2ecf20Sopenharmony_cistatic void sigsegv(int sig, siginfo_t *info, void *ctx_void) 5268c2ecf20Sopenharmony_ci{ 5278c2ecf20Sopenharmony_ci siglongjmp(jmpbuf, 1); 5288c2ecf20Sopenharmony_ci} 5298c2ecf20Sopenharmony_ci 5308c2ecf20Sopenharmony_cistatic void do_multicpu_tests(void) 5318c2ecf20Sopenharmony_ci{ 5328c2ecf20Sopenharmony_ci cpu_set_t cpuset; 5338c2ecf20Sopenharmony_ci pthread_t thread; 5348c2ecf20Sopenharmony_ci int failures = 0, iters = 5, i; 5358c2ecf20Sopenharmony_ci unsigned short orig_ss; 5368c2ecf20Sopenharmony_ci 5378c2ecf20Sopenharmony_ci CPU_ZERO(&cpuset); 5388c2ecf20Sopenharmony_ci CPU_SET(1, &cpuset); 5398c2ecf20Sopenharmony_ci if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) { 5408c2ecf20Sopenharmony_ci printf("[SKIP]\tCannot set affinity to CPU 1\n"); 5418c2ecf20Sopenharmony_ci return; 5428c2ecf20Sopenharmony_ci } 5438c2ecf20Sopenharmony_ci 5448c2ecf20Sopenharmony_ci CPU_ZERO(&cpuset); 5458c2ecf20Sopenharmony_ci CPU_SET(0, &cpuset); 5468c2ecf20Sopenharmony_ci if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) { 5478c2ecf20Sopenharmony_ci printf("[SKIP]\tCannot set affinity to CPU 0\n"); 5488c2ecf20Sopenharmony_ci return; 5498c2ecf20Sopenharmony_ci } 5508c2ecf20Sopenharmony_ci 5518c2ecf20Sopenharmony_ci sethandler(SIGSEGV, sigsegv, 0); 5528c2ecf20Sopenharmony_ci#ifdef __i386__ 5538c2ecf20Sopenharmony_ci /* True 32-bit kernels send SIGILL instead of SIGSEGV on IRET faults. */ 5548c2ecf20Sopenharmony_ci sethandler(SIGILL, sigsegv, 0); 5558c2ecf20Sopenharmony_ci#endif 5568c2ecf20Sopenharmony_ci 5578c2ecf20Sopenharmony_ci printf("[RUN]\tCross-CPU LDT invalidation\n"); 5588c2ecf20Sopenharmony_ci 5598c2ecf20Sopenharmony_ci if (pthread_create(&thread, 0, threadproc, 0) != 0) 5608c2ecf20Sopenharmony_ci err(1, "pthread_create"); 5618c2ecf20Sopenharmony_ci 5628c2ecf20Sopenharmony_ci asm volatile ("mov %%ss, %0" : "=rm" (orig_ss)); 5638c2ecf20Sopenharmony_ci 5648c2ecf20Sopenharmony_ci for (i = 0; i < 5; i++) { 5658c2ecf20Sopenharmony_ci if (sigsetjmp(jmpbuf, 1) != 0) 5668c2ecf20Sopenharmony_ci continue; 5678c2ecf20Sopenharmony_ci 5688c2ecf20Sopenharmony_ci /* Make sure the thread is ready after the last test. */ 5698c2ecf20Sopenharmony_ci while (ftx != 0) 5708c2ecf20Sopenharmony_ci ; 5718c2ecf20Sopenharmony_ci 5728c2ecf20Sopenharmony_ci struct user_desc desc = { 5738c2ecf20Sopenharmony_ci .entry_number = 0, 5748c2ecf20Sopenharmony_ci .base_addr = 0, 5758c2ecf20Sopenharmony_ci .limit = 0xfffff, 5768c2ecf20Sopenharmony_ci .seg_32bit = 1, 5778c2ecf20Sopenharmony_ci .contents = 0, /* Data */ 5788c2ecf20Sopenharmony_ci .read_exec_only = 0, 5798c2ecf20Sopenharmony_ci .limit_in_pages = 1, 5808c2ecf20Sopenharmony_ci .seg_not_present = 0, 5818c2ecf20Sopenharmony_ci .useable = 0 5828c2ecf20Sopenharmony_ci }; 5838c2ecf20Sopenharmony_ci 5848c2ecf20Sopenharmony_ci if (safe_modify_ldt(0x11, &desc, sizeof(desc)) != 0) { 5858c2ecf20Sopenharmony_ci if (errno != ENOSYS) 5868c2ecf20Sopenharmony_ci err(1, "modify_ldt"); 5878c2ecf20Sopenharmony_ci printf("[SKIP]\tmodify_ldt unavailable\n"); 5888c2ecf20Sopenharmony_ci break; 5898c2ecf20Sopenharmony_ci } 5908c2ecf20Sopenharmony_ci 5918c2ecf20Sopenharmony_ci /* Arm the thread. */ 5928c2ecf20Sopenharmony_ci ftx = 1; 5938c2ecf20Sopenharmony_ci syscall(SYS_futex, &ftx, FUTEX_WAKE, 0, NULL, NULL, 0); 5948c2ecf20Sopenharmony_ci 5958c2ecf20Sopenharmony_ci asm volatile ("mov %0, %%ss" : : "r" (0x7)); 5968c2ecf20Sopenharmony_ci 5978c2ecf20Sopenharmony_ci /* Go! */ 5988c2ecf20Sopenharmony_ci ftx = 2; 5998c2ecf20Sopenharmony_ci 6008c2ecf20Sopenharmony_ci while (ftx != 0) 6018c2ecf20Sopenharmony_ci ; 6028c2ecf20Sopenharmony_ci 6038c2ecf20Sopenharmony_ci /* 6048c2ecf20Sopenharmony_ci * On success, modify_ldt will segfault us synchronously, 6058c2ecf20Sopenharmony_ci * and we'll escape via siglongjmp. 6068c2ecf20Sopenharmony_ci */ 6078c2ecf20Sopenharmony_ci 6088c2ecf20Sopenharmony_ci failures++; 6098c2ecf20Sopenharmony_ci asm volatile ("mov %0, %%ss" : : "rm" (orig_ss)); 6108c2ecf20Sopenharmony_ci }; 6118c2ecf20Sopenharmony_ci 6128c2ecf20Sopenharmony_ci ftx = 100; /* Kill the thread. */ 6138c2ecf20Sopenharmony_ci syscall(SYS_futex, &ftx, FUTEX_WAKE, 0, NULL, NULL, 0); 6148c2ecf20Sopenharmony_ci 6158c2ecf20Sopenharmony_ci if (pthread_join(thread, NULL) != 0) 6168c2ecf20Sopenharmony_ci err(1, "pthread_join"); 6178c2ecf20Sopenharmony_ci 6188c2ecf20Sopenharmony_ci if (failures) { 6198c2ecf20Sopenharmony_ci printf("[FAIL]\t%d of %d iterations failed\n", failures, iters); 6208c2ecf20Sopenharmony_ci nerrs++; 6218c2ecf20Sopenharmony_ci } else { 6228c2ecf20Sopenharmony_ci printf("[OK]\tAll %d iterations succeeded\n", iters); 6238c2ecf20Sopenharmony_ci } 6248c2ecf20Sopenharmony_ci} 6258c2ecf20Sopenharmony_ci 6268c2ecf20Sopenharmony_cistatic int finish_exec_test(void) 6278c2ecf20Sopenharmony_ci{ 6288c2ecf20Sopenharmony_ci /* 6298c2ecf20Sopenharmony_ci * Older kernel versions did inherit the LDT on exec() which is 6308c2ecf20Sopenharmony_ci * wrong because exec() starts from a clean state. 6318c2ecf20Sopenharmony_ci */ 6328c2ecf20Sopenharmony_ci check_invalid_segment(0, 1); 6338c2ecf20Sopenharmony_ci 6348c2ecf20Sopenharmony_ci return nerrs ? 1 : 0; 6358c2ecf20Sopenharmony_ci} 6368c2ecf20Sopenharmony_ci 6378c2ecf20Sopenharmony_cistatic void do_exec_test(void) 6388c2ecf20Sopenharmony_ci{ 6398c2ecf20Sopenharmony_ci printf("[RUN]\tTest exec\n"); 6408c2ecf20Sopenharmony_ci 6418c2ecf20Sopenharmony_ci struct user_desc desc = { 6428c2ecf20Sopenharmony_ci .entry_number = 0, 6438c2ecf20Sopenharmony_ci .base_addr = 0, 6448c2ecf20Sopenharmony_ci .limit = 42, 6458c2ecf20Sopenharmony_ci .seg_32bit = 1, 6468c2ecf20Sopenharmony_ci .contents = 2, /* Code, not conforming */ 6478c2ecf20Sopenharmony_ci .read_exec_only = 0, 6488c2ecf20Sopenharmony_ci .limit_in_pages = 0, 6498c2ecf20Sopenharmony_ci .seg_not_present = 0, 6508c2ecf20Sopenharmony_ci .useable = 0 6518c2ecf20Sopenharmony_ci }; 6528c2ecf20Sopenharmony_ci install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | AR_S | AR_P | AR_DB); 6538c2ecf20Sopenharmony_ci 6548c2ecf20Sopenharmony_ci pid_t child = fork(); 6558c2ecf20Sopenharmony_ci if (child == 0) { 6568c2ecf20Sopenharmony_ci execl("/proc/self/exe", "ldt_gdt_test_exec", NULL); 6578c2ecf20Sopenharmony_ci printf("[FAIL]\tCould not exec self\n"); 6588c2ecf20Sopenharmony_ci exit(1); /* exec failed */ 6598c2ecf20Sopenharmony_ci } else { 6608c2ecf20Sopenharmony_ci int status; 6618c2ecf20Sopenharmony_ci if (waitpid(child, &status, 0) != child || 6628c2ecf20Sopenharmony_ci !WIFEXITED(status)) { 6638c2ecf20Sopenharmony_ci printf("[FAIL]\tChild died\n"); 6648c2ecf20Sopenharmony_ci nerrs++; 6658c2ecf20Sopenharmony_ci } else if (WEXITSTATUS(status) != 0) { 6668c2ecf20Sopenharmony_ci printf("[FAIL]\tChild failed\n"); 6678c2ecf20Sopenharmony_ci nerrs++; 6688c2ecf20Sopenharmony_ci } else { 6698c2ecf20Sopenharmony_ci printf("[OK]\tChild succeeded\n"); 6708c2ecf20Sopenharmony_ci } 6718c2ecf20Sopenharmony_ci } 6728c2ecf20Sopenharmony_ci} 6738c2ecf20Sopenharmony_ci 6748c2ecf20Sopenharmony_cistatic void setup_counter_page(void) 6758c2ecf20Sopenharmony_ci{ 6768c2ecf20Sopenharmony_ci unsigned int *page = mmap(NULL, 4096, PROT_READ | PROT_WRITE, 6778c2ecf20Sopenharmony_ci MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1, 0); 6788c2ecf20Sopenharmony_ci if (page == MAP_FAILED) 6798c2ecf20Sopenharmony_ci err(1, "mmap"); 6808c2ecf20Sopenharmony_ci 6818c2ecf20Sopenharmony_ci for (int i = 0; i < 1024; i++) 6828c2ecf20Sopenharmony_ci page[i] = i; 6838c2ecf20Sopenharmony_ci counter_page = page; 6848c2ecf20Sopenharmony_ci} 6858c2ecf20Sopenharmony_ci 6868c2ecf20Sopenharmony_cistatic int invoke_set_thread_area(void) 6878c2ecf20Sopenharmony_ci{ 6888c2ecf20Sopenharmony_ci int ret; 6898c2ecf20Sopenharmony_ci asm volatile ("int $0x80" 6908c2ecf20Sopenharmony_ci : "=a" (ret), "+m" (low_user_desc) : 6918c2ecf20Sopenharmony_ci "a" (243), "b" (low_user_desc) 6928c2ecf20Sopenharmony_ci : INT80_CLOBBERS); 6938c2ecf20Sopenharmony_ci return ret; 6948c2ecf20Sopenharmony_ci} 6958c2ecf20Sopenharmony_ci 6968c2ecf20Sopenharmony_cistatic void setup_low_user_desc(void) 6978c2ecf20Sopenharmony_ci{ 6988c2ecf20Sopenharmony_ci low_user_desc = mmap(NULL, 2 * sizeof(struct user_desc), 6998c2ecf20Sopenharmony_ci PROT_READ | PROT_WRITE, 7008c2ecf20Sopenharmony_ci MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1, 0); 7018c2ecf20Sopenharmony_ci if (low_user_desc == MAP_FAILED) 7028c2ecf20Sopenharmony_ci err(1, "mmap"); 7038c2ecf20Sopenharmony_ci 7048c2ecf20Sopenharmony_ci low_user_desc->entry_number = -1; 7058c2ecf20Sopenharmony_ci low_user_desc->base_addr = (unsigned long)&counter_page[1]; 7068c2ecf20Sopenharmony_ci low_user_desc->limit = 0xfffff; 7078c2ecf20Sopenharmony_ci low_user_desc->seg_32bit = 1; 7088c2ecf20Sopenharmony_ci low_user_desc->contents = 0; /* Data, grow-up*/ 7098c2ecf20Sopenharmony_ci low_user_desc->read_exec_only = 0; 7108c2ecf20Sopenharmony_ci low_user_desc->limit_in_pages = 1; 7118c2ecf20Sopenharmony_ci low_user_desc->seg_not_present = 0; 7128c2ecf20Sopenharmony_ci low_user_desc->useable = 0; 7138c2ecf20Sopenharmony_ci 7148c2ecf20Sopenharmony_ci if (invoke_set_thread_area() == 0) { 7158c2ecf20Sopenharmony_ci gdt_entry_num = low_user_desc->entry_number; 7168c2ecf20Sopenharmony_ci printf("[NOTE]\tset_thread_area is available; will use GDT index %d\n", gdt_entry_num); 7178c2ecf20Sopenharmony_ci } else { 7188c2ecf20Sopenharmony_ci printf("[NOTE]\tset_thread_area is unavailable\n"); 7198c2ecf20Sopenharmony_ci } 7208c2ecf20Sopenharmony_ci 7218c2ecf20Sopenharmony_ci low_user_desc_clear = low_user_desc + 1; 7228c2ecf20Sopenharmony_ci low_user_desc_clear->entry_number = gdt_entry_num; 7238c2ecf20Sopenharmony_ci low_user_desc_clear->read_exec_only = 1; 7248c2ecf20Sopenharmony_ci low_user_desc_clear->seg_not_present = 1; 7258c2ecf20Sopenharmony_ci} 7268c2ecf20Sopenharmony_ci 7278c2ecf20Sopenharmony_cistatic void test_gdt_invalidation(void) 7288c2ecf20Sopenharmony_ci{ 7298c2ecf20Sopenharmony_ci if (!gdt_entry_num) 7308c2ecf20Sopenharmony_ci return; /* 64-bit only system -- we can't use set_thread_area */ 7318c2ecf20Sopenharmony_ci 7328c2ecf20Sopenharmony_ci unsigned short prev_sel; 7338c2ecf20Sopenharmony_ci unsigned short sel; 7348c2ecf20Sopenharmony_ci unsigned int eax; 7358c2ecf20Sopenharmony_ci const char *result; 7368c2ecf20Sopenharmony_ci#ifdef __x86_64__ 7378c2ecf20Sopenharmony_ci unsigned long saved_base; 7388c2ecf20Sopenharmony_ci unsigned long new_base; 7398c2ecf20Sopenharmony_ci#endif 7408c2ecf20Sopenharmony_ci 7418c2ecf20Sopenharmony_ci /* Test DS */ 7428c2ecf20Sopenharmony_ci invoke_set_thread_area(); 7438c2ecf20Sopenharmony_ci eax = 243; 7448c2ecf20Sopenharmony_ci sel = (gdt_entry_num << 3) | 3; 7458c2ecf20Sopenharmony_ci asm volatile ("movw %%ds, %[prev_sel]\n\t" 7468c2ecf20Sopenharmony_ci "movw %[sel], %%ds\n\t" 7478c2ecf20Sopenharmony_ci#ifdef __i386__ 7488c2ecf20Sopenharmony_ci "pushl %%ebx\n\t" 7498c2ecf20Sopenharmony_ci#endif 7508c2ecf20Sopenharmony_ci "movl %[arg1], %%ebx\n\t" 7518c2ecf20Sopenharmony_ci "int $0x80\n\t" /* Should invalidate ds */ 7528c2ecf20Sopenharmony_ci#ifdef __i386__ 7538c2ecf20Sopenharmony_ci "popl %%ebx\n\t" 7548c2ecf20Sopenharmony_ci#endif 7558c2ecf20Sopenharmony_ci "movw %%ds, %[sel]\n\t" 7568c2ecf20Sopenharmony_ci "movw %[prev_sel], %%ds" 7578c2ecf20Sopenharmony_ci : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel), 7588c2ecf20Sopenharmony_ci "+a" (eax) 7598c2ecf20Sopenharmony_ci : "m" (low_user_desc_clear), 7608c2ecf20Sopenharmony_ci [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear) 7618c2ecf20Sopenharmony_ci : INT80_CLOBBERS); 7628c2ecf20Sopenharmony_ci 7638c2ecf20Sopenharmony_ci if (sel != 0) { 7648c2ecf20Sopenharmony_ci result = "FAIL"; 7658c2ecf20Sopenharmony_ci nerrs++; 7668c2ecf20Sopenharmony_ci } else { 7678c2ecf20Sopenharmony_ci result = "OK"; 7688c2ecf20Sopenharmony_ci } 7698c2ecf20Sopenharmony_ci printf("[%s]\tInvalidate DS with set_thread_area: new DS = 0x%hx\n", 7708c2ecf20Sopenharmony_ci result, sel); 7718c2ecf20Sopenharmony_ci 7728c2ecf20Sopenharmony_ci /* Test ES */ 7738c2ecf20Sopenharmony_ci invoke_set_thread_area(); 7748c2ecf20Sopenharmony_ci eax = 243; 7758c2ecf20Sopenharmony_ci sel = (gdt_entry_num << 3) | 3; 7768c2ecf20Sopenharmony_ci asm volatile ("movw %%es, %[prev_sel]\n\t" 7778c2ecf20Sopenharmony_ci "movw %[sel], %%es\n\t" 7788c2ecf20Sopenharmony_ci#ifdef __i386__ 7798c2ecf20Sopenharmony_ci "pushl %%ebx\n\t" 7808c2ecf20Sopenharmony_ci#endif 7818c2ecf20Sopenharmony_ci "movl %[arg1], %%ebx\n\t" 7828c2ecf20Sopenharmony_ci "int $0x80\n\t" /* Should invalidate es */ 7838c2ecf20Sopenharmony_ci#ifdef __i386__ 7848c2ecf20Sopenharmony_ci "popl %%ebx\n\t" 7858c2ecf20Sopenharmony_ci#endif 7868c2ecf20Sopenharmony_ci "movw %%es, %[sel]\n\t" 7878c2ecf20Sopenharmony_ci "movw %[prev_sel], %%es" 7888c2ecf20Sopenharmony_ci : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel), 7898c2ecf20Sopenharmony_ci "+a" (eax) 7908c2ecf20Sopenharmony_ci : "m" (low_user_desc_clear), 7918c2ecf20Sopenharmony_ci [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear) 7928c2ecf20Sopenharmony_ci : INT80_CLOBBERS); 7938c2ecf20Sopenharmony_ci 7948c2ecf20Sopenharmony_ci if (sel != 0) { 7958c2ecf20Sopenharmony_ci result = "FAIL"; 7968c2ecf20Sopenharmony_ci nerrs++; 7978c2ecf20Sopenharmony_ci } else { 7988c2ecf20Sopenharmony_ci result = "OK"; 7998c2ecf20Sopenharmony_ci } 8008c2ecf20Sopenharmony_ci printf("[%s]\tInvalidate ES with set_thread_area: new ES = 0x%hx\n", 8018c2ecf20Sopenharmony_ci result, sel); 8028c2ecf20Sopenharmony_ci 8038c2ecf20Sopenharmony_ci /* Test FS */ 8048c2ecf20Sopenharmony_ci invoke_set_thread_area(); 8058c2ecf20Sopenharmony_ci eax = 243; 8068c2ecf20Sopenharmony_ci sel = (gdt_entry_num << 3) | 3; 8078c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8088c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_GET_FS, &saved_base); 8098c2ecf20Sopenharmony_ci#endif 8108c2ecf20Sopenharmony_ci asm volatile ("movw %%fs, %[prev_sel]\n\t" 8118c2ecf20Sopenharmony_ci "movw %[sel], %%fs\n\t" 8128c2ecf20Sopenharmony_ci#ifdef __i386__ 8138c2ecf20Sopenharmony_ci "pushl %%ebx\n\t" 8148c2ecf20Sopenharmony_ci#endif 8158c2ecf20Sopenharmony_ci "movl %[arg1], %%ebx\n\t" 8168c2ecf20Sopenharmony_ci "int $0x80\n\t" /* Should invalidate fs */ 8178c2ecf20Sopenharmony_ci#ifdef __i386__ 8188c2ecf20Sopenharmony_ci "popl %%ebx\n\t" 8198c2ecf20Sopenharmony_ci#endif 8208c2ecf20Sopenharmony_ci "movw %%fs, %[sel]\n\t" 8218c2ecf20Sopenharmony_ci : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel), 8228c2ecf20Sopenharmony_ci "+a" (eax) 8238c2ecf20Sopenharmony_ci : "m" (low_user_desc_clear), 8248c2ecf20Sopenharmony_ci [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear) 8258c2ecf20Sopenharmony_ci : INT80_CLOBBERS); 8268c2ecf20Sopenharmony_ci 8278c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8288c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_GET_FS, &new_base); 8298c2ecf20Sopenharmony_ci#endif 8308c2ecf20Sopenharmony_ci 8318c2ecf20Sopenharmony_ci /* Restore FS/BASE for glibc */ 8328c2ecf20Sopenharmony_ci asm volatile ("movw %[prev_sel], %%fs" : : [prev_sel] "rm" (prev_sel)); 8338c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8348c2ecf20Sopenharmony_ci if (saved_base) 8358c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_SET_FS, saved_base); 8368c2ecf20Sopenharmony_ci#endif 8378c2ecf20Sopenharmony_ci 8388c2ecf20Sopenharmony_ci if (sel != 0) { 8398c2ecf20Sopenharmony_ci result = "FAIL"; 8408c2ecf20Sopenharmony_ci nerrs++; 8418c2ecf20Sopenharmony_ci } else { 8428c2ecf20Sopenharmony_ci result = "OK"; 8438c2ecf20Sopenharmony_ci } 8448c2ecf20Sopenharmony_ci printf("[%s]\tInvalidate FS with set_thread_area: new FS = 0x%hx\n", 8458c2ecf20Sopenharmony_ci result, sel); 8468c2ecf20Sopenharmony_ci 8478c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8488c2ecf20Sopenharmony_ci if (sel == 0 && new_base != 0) { 8498c2ecf20Sopenharmony_ci nerrs++; 8508c2ecf20Sopenharmony_ci printf("[FAIL]\tNew FSBASE was 0x%lx\n", new_base); 8518c2ecf20Sopenharmony_ci } else { 8528c2ecf20Sopenharmony_ci printf("[OK]\tNew FSBASE was zero\n"); 8538c2ecf20Sopenharmony_ci } 8548c2ecf20Sopenharmony_ci#endif 8558c2ecf20Sopenharmony_ci 8568c2ecf20Sopenharmony_ci /* Test GS */ 8578c2ecf20Sopenharmony_ci invoke_set_thread_area(); 8588c2ecf20Sopenharmony_ci eax = 243; 8598c2ecf20Sopenharmony_ci sel = (gdt_entry_num << 3) | 3; 8608c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8618c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_GET_GS, &saved_base); 8628c2ecf20Sopenharmony_ci#endif 8638c2ecf20Sopenharmony_ci asm volatile ("movw %%gs, %[prev_sel]\n\t" 8648c2ecf20Sopenharmony_ci "movw %[sel], %%gs\n\t" 8658c2ecf20Sopenharmony_ci#ifdef __i386__ 8668c2ecf20Sopenharmony_ci "pushl %%ebx\n\t" 8678c2ecf20Sopenharmony_ci#endif 8688c2ecf20Sopenharmony_ci "movl %[arg1], %%ebx\n\t" 8698c2ecf20Sopenharmony_ci "int $0x80\n\t" /* Should invalidate gs */ 8708c2ecf20Sopenharmony_ci#ifdef __i386__ 8718c2ecf20Sopenharmony_ci "popl %%ebx\n\t" 8728c2ecf20Sopenharmony_ci#endif 8738c2ecf20Sopenharmony_ci "movw %%gs, %[sel]\n\t" 8748c2ecf20Sopenharmony_ci : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel), 8758c2ecf20Sopenharmony_ci "+a" (eax) 8768c2ecf20Sopenharmony_ci : "m" (low_user_desc_clear), 8778c2ecf20Sopenharmony_ci [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear) 8788c2ecf20Sopenharmony_ci : INT80_CLOBBERS); 8798c2ecf20Sopenharmony_ci 8808c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8818c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_GET_GS, &new_base); 8828c2ecf20Sopenharmony_ci#endif 8838c2ecf20Sopenharmony_ci 8848c2ecf20Sopenharmony_ci /* Restore GS/BASE for glibc */ 8858c2ecf20Sopenharmony_ci asm volatile ("movw %[prev_sel], %%gs" : : [prev_sel] "rm" (prev_sel)); 8868c2ecf20Sopenharmony_ci#ifdef __x86_64__ 8878c2ecf20Sopenharmony_ci if (saved_base) 8888c2ecf20Sopenharmony_ci syscall(SYS_arch_prctl, ARCH_SET_GS, saved_base); 8898c2ecf20Sopenharmony_ci#endif 8908c2ecf20Sopenharmony_ci 8918c2ecf20Sopenharmony_ci if (sel != 0) { 8928c2ecf20Sopenharmony_ci result = "FAIL"; 8938c2ecf20Sopenharmony_ci nerrs++; 8948c2ecf20Sopenharmony_ci } else { 8958c2ecf20Sopenharmony_ci result = "OK"; 8968c2ecf20Sopenharmony_ci } 8978c2ecf20Sopenharmony_ci printf("[%s]\tInvalidate GS with set_thread_area: new GS = 0x%hx\n", 8988c2ecf20Sopenharmony_ci result, sel); 8998c2ecf20Sopenharmony_ci 9008c2ecf20Sopenharmony_ci#ifdef __x86_64__ 9018c2ecf20Sopenharmony_ci if (sel == 0 && new_base != 0) { 9028c2ecf20Sopenharmony_ci nerrs++; 9038c2ecf20Sopenharmony_ci printf("[FAIL]\tNew GSBASE was 0x%lx\n", new_base); 9048c2ecf20Sopenharmony_ci } else { 9058c2ecf20Sopenharmony_ci printf("[OK]\tNew GSBASE was zero\n"); 9068c2ecf20Sopenharmony_ci } 9078c2ecf20Sopenharmony_ci#endif 9088c2ecf20Sopenharmony_ci} 9098c2ecf20Sopenharmony_ci 9108c2ecf20Sopenharmony_ciint main(int argc, char **argv) 9118c2ecf20Sopenharmony_ci{ 9128c2ecf20Sopenharmony_ci if (argc == 1 && !strcmp(argv[0], "ldt_gdt_test_exec")) 9138c2ecf20Sopenharmony_ci return finish_exec_test(); 9148c2ecf20Sopenharmony_ci 9158c2ecf20Sopenharmony_ci setup_counter_page(); 9168c2ecf20Sopenharmony_ci setup_low_user_desc(); 9178c2ecf20Sopenharmony_ci 9188c2ecf20Sopenharmony_ci do_simple_tests(); 9198c2ecf20Sopenharmony_ci 9208c2ecf20Sopenharmony_ci do_multicpu_tests(); 9218c2ecf20Sopenharmony_ci 9228c2ecf20Sopenharmony_ci do_exec_test(); 9238c2ecf20Sopenharmony_ci 9248c2ecf20Sopenharmony_ci test_gdt_invalidation(); 9258c2ecf20Sopenharmony_ci 9268c2ecf20Sopenharmony_ci return nerrs ? 1 : 0; 9278c2ecf20Sopenharmony_ci} 928