Home Explore Help
Sign In
RISCI_ATOM
/
v86
mirror of https://github.com/copy/v86.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: c7cc131e19
Branches Tags
v86
/
tests
/
kvm-unit-tests
/
x86
/
smap.c

smap.c 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. #include "libcflat.h"
    2. 

  2. #include "x86/desc.h"
    3. 

  3. #include "x86/processor.h"
    4. 

  4. #include "x86/vm.h"
    5. 

  5. 

  6. #define X86_FEATURE_SMAP	20
    7. 

  7. 

  8. volatile int pf_count = 0;
    9. 

  9. volatile int save;
    10. 

  10. volatile unsigned test;
    11. 

  11. 

  12. 

  13. // When doing ring 3 tests, page fault handlers will always run on a
    14. 

  14. // separate stack (the ring 0 stack).  Seems easier to use the alt_stack
    15. 

  15. // mechanism for both ring 0 and ring 3.
    16. 

  16. 

  17. void do_pf_tss(unsigned long error_code)
    18. 

  18. {
    19. 

  19. 	pf_count++;
    20. 

  20. 	save = test;
    21. 

  21. 

  22. #ifndef __x86_64__
    23. 

  23. 	tss.eflags |= X86_EFLAGS_AC;
    24. 

  24. #endif
    25. 

  25. }
    26. 

  26. 

  27. extern void pf_tss(void);
    28. 

  28. asm ("pf_tss:\n"
    29. 

  29. #ifdef __x86_64__
    30. 

  30.         // no task on x86_64, save/restore caller-save regs
    31. 

  31.         "push %rax; push %rcx; push %rdx; push %rsi; push %rdi\n"
    32. 

  32.         "push %r8; push %r9; push %r10; push %r11\n"
    33. 

  33. 	"mov 9*8(%rsp),%rsi\n"
    34. 

  34. #endif
    35. 

  35. 	"call do_pf_tss\n"
    36. 

  36. #ifdef __x86_64__
    37. 

  37.         "pop %r11; pop %r10; pop %r9; pop %r8\n"
    38. 

  38.         "pop %rdi; pop %rsi; pop %rdx; pop %rcx; pop %rax\n"
    39. 

  39. #endif
    40. 

  40. 	"add $"S", %"R "sp\n"
    41. 

  41. #ifdef __x86_64__
    42. 

  42. 	"orl $" xstr(X86_EFLAGS_AC) ", 2*"S"(%"R "sp)\n"  // set EFLAGS.AC and retry
    43. 

  43. #endif
    44. 

  44.         "iret"W" \n\t"
    45. 

  45.         "jmp pf_tss\n\t");
    46. 

  46. 

  47. 

  48. #define USER_BASE	(1 << 24)
    49. 

  49. #define USER_VAR(v)	(*((__typeof__(&(v))) (((unsigned long)&v) + USER_BASE)))
    50. 

  50. #define USER_ADDR(v)   ((void *)((unsigned long)(&v) + USER_BASE))
    51. 

  51. 

  52. static void init_test(int i)
    53. 

  53. {
    54. 

  54. 	pf_count = 0;
    55. 

  55. 	if (i) {
    56. 

  56. 		invlpg(&test);
    57. 

  57. 		invlpg(&USER_VAR(test));
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. static void check_smap_nowp(void)
    62. 

  62. {
    63. 

  63. 	test = 0x99;
    64. 

  64. 

  65. 	*get_pte(phys_to_virt(read_cr3()), USER_ADDR(test)) &= ~PT_WRITABLE_MASK;
    66. 

  66. 

  67. 	write_cr4(read_cr4() & ~X86_CR4_SMAP);
    68. 

  68. 	write_cr0(read_cr0() & ~X86_CR0_WP);
    69. 

  69. 	clac();
    70. 

  70. 	write_cr3(read_cr3());
    71. 

  71. 

  72. 	init_test(0);
    73. 

  73. 	USER_VAR(test) = 0x99;
    74. 

  74. 	report("write from user page with SMAP=0, AC=0, WP=0, PTE.U=1 && PTE.W=0", pf_count == 0);
    75. 

  75. 

  76. 	write_cr4(read_cr4() | X86_CR4_SMAP);
    77. 

  77. 	write_cr3(read_cr3());
    78. 

  78. 

  79. 	init_test(0);
    80. 

  80. 	(void)USER_VAR(test);
    81. 

  81. 	report("read from user page with SMAP=1, AC=0, WP=0, PTE.U=1 && PTE.W=0", pf_count == 1 && save == 0x99);
    82. 

  82. 

  83. 	/* Undo changes */
    84. 

  84. 	*get_pte(phys_to_virt(read_cr3()), USER_ADDR(test)) |= PT_WRITABLE_MASK;
    85. 

  85. 

  86. 	write_cr0(read_cr0() | X86_CR0_WP);
    87. 

  87. 	write_cr3(read_cr3());
    88. 

  88. }
    89. 

  89. 

  90. int main(int ac, char **av)
    91. 

  91. {
    92. 

  92. 	unsigned long i;
    93. 

  93. 

  94. 	if (!(cpuid_indexed(7, 0).b & (1 << X86_FEATURE_SMAP))) {
    95. 

  95. 		printf("SMAP not enabled\n");
    96. 

  96. 		return report_summary();
    97. 

  97. 	}
    98. 

  98. 

  99. 	setup_vm();
    100. 

  100. 	setup_alt_stack();
    101. 

  101. 	set_intr_alt_stack(14, pf_tss);
    102. 

  102. 

  103. 	// Map first 16MB as supervisor pages
    104. 

  104. 	for (i = 0; i < USER_BASE; i += PAGE_SIZE) {
    105. 

  105. 		*get_pte(phys_to_virt(read_cr3()), phys_to_virt(i)) &= ~PT_USER_MASK;
    106. 

  106. 		invlpg((void *)i);
    107. 

  107. 	}
    108. 

  108. 

  109. 	// Present the same 16MB as user pages in the 16MB-32MB range
    110. 

  110. 	for (i = USER_BASE; i < 2 * USER_BASE; i += PAGE_SIZE) {
    111. 

  111. 		*get_pte(phys_to_virt(read_cr3()), phys_to_virt(i)) &= ~USER_BASE;
    112. 

  112. 		invlpg((void *)i);
    113. 

  113. 	}
    114. 

  114. 

  115. 	clac();
    116. 

  116. 	write_cr4(read_cr4() | X86_CR4_SMAP);
    117. 

  117. 	write_cr3(read_cr3());
    118. 

  118. 

  119. 	for (i = 0; i < 2; i++) {
    120. 

  120. 		if (i)
    121. 

  121. 			printf("testing with INVLPG\n");
    122. 

  122. 		else
    123. 

  123. 			printf("testing without INVLPG\n");
    124. 

  124. 

  125. 		init_test(i);
    126. 

  126. 		clac();
    127. 

  127. 		test = 42;
    128. 

  128. 		report("write to supervisor page", pf_count == 0 && test == 42);
    129. 

  129. 

  130. 		init_test(i);
    131. 

  131. 		stac();
    132. 

  132. 		(void)USER_VAR(test);
    133. 

  133. 		report("read from user page with AC=1", pf_count == 0);
    134. 

  134. 

  135. 		init_test(i);
    136. 

  136. 		clac();
    137. 

  137. 		(void)USER_VAR(test);
    138. 

  138. 		report("read from user page with AC=0", pf_count == 1 && save == 42);
    139. 

  139. 

  140. 		init_test(i);
    141. 

  141. 		stac();
    142. 

  142. 		save = 0;
    143. 

  143. 		USER_VAR(test) = 43;
    144. 

  144. 		report("write to user page with AC=1", pf_count == 0 && test == 43);
    145. 

  145. 

  146. 		init_test(i);
    147. 

  147. 		clac();
    148. 

  148. 		USER_VAR(test) = 44;
    149. 

  149. 		report("read from user page with AC=0", pf_count == 1 && test == 44 && save == 43);
    150. 

  150. 

  151. 		init_test(i);
    152. 

  152. 		stac();
    153. 

  153. 		test = -1;
    154. 

  154. 		asm("or $(" xstr(USER_BASE) "), %"R "sp \n"
    155. 

  155. 		    "push $44 \n "
    156. 

  156. 		    "decl test\n"
    157. 

  157. 		    "and $~(" xstr(USER_BASE) "), %"R "sp \n"
    158. 

  158. 		    "pop %"R "ax\n"
    159. 

  159. 		    "movl %eax, test");
    160. 

  160. 		report("write to user stack with AC=1", pf_count == 0 && test == 44);
    161. 

  161. 

  162. 		init_test(i);
    163. 

  163. 		clac();
    164. 

  164. 		test = -1;
    165. 

  165. 		asm("or $(" xstr(USER_BASE) "), %"R "sp \n"
    166. 

  166. 		    "push $45 \n "
    167. 

  167. 		    "decl test\n"
    168. 

  168. 		    "and $~(" xstr(USER_BASE) "), %"R "sp \n"
    169. 

  169. 		    "pop %"R "ax\n"
    170. 

  170. 		    "movl %eax, test");
    171. 

  171. 		report("write to user stack with AC=0", pf_count == 1 && test == 45 && save == -1);
    172. 

  172. 

  173. 		/* This would be trapped by SMEP */
    174. 

  174. 		init_test(i);
    175. 

  175. 		clac();
    176. 

  176. 		asm("jmp 1f + "xstr(USER_BASE)" \n"
    177. 

  177. 		    "1: jmp 2f - "xstr(USER_BASE)" \n"
    178. 

  178. 		    "2:");
    179. 

  179. 		report("executing on user page with AC=0", pf_count == 0);
    180. 

  180. 	}
    181. 

  181. 

  182. 	check_smap_nowp();
    183. 

  183. 

  184. 	// TODO: implicit kernel access from ring 3 (e.g. int)
    185. 

  185. 

  186. 	return report_summary();
    187. 

  187. }
    188.