This source file includes following definitions.
- check_invalid_segment
- check_valid_segment
- install_valid_mode
- install_valid
- install_invalid
- safe_modify_ldt
- fail_install
- do_simple_tests
- threadproc
- fix_sa_restorer
- fix_sa_restorer
- sethandler
- sigsegv
- do_multicpu_tests
- finish_exec_test
- do_exec_test
- setup_counter_page
- invoke_set_thread_area
- setup_low_user_desc
- test_gdt_invalidation
- main
1
2
3
4
5
6
7 #define _GNU_SOURCE
8 #include <err.h>
9 #include <stdio.h>
10 #include <stdint.h>
11 #include <signal.h>
12 #include <setjmp.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <errno.h>
16 #include <unistd.h>
17 #include <sys/syscall.h>
18 #include <asm/ldt.h>
19 #include <sys/types.h>
20 #include <sys/wait.h>
21 #include <stdbool.h>
22 #include <pthread.h>
23 #include <sched.h>
24 #include <linux/futex.h>
25 #include <sys/mman.h>
26 #include <asm/prctl.h>
27 #include <sys/prctl.h>
28
29 #define AR_ACCESSED (1<<8)
30
31 #define AR_TYPE_RODATA (0 * (1<<9))
32 #define AR_TYPE_RWDATA (1 * (1<<9))
33 #define AR_TYPE_RODATA_EXPDOWN (2 * (1<<9))
34 #define AR_TYPE_RWDATA_EXPDOWN (3 * (1<<9))
35 #define AR_TYPE_XOCODE (4 * (1<<9))
36 #define AR_TYPE_XRCODE (5 * (1<<9))
37 #define AR_TYPE_XOCODE_CONF (6 * (1<<9))
38 #define AR_TYPE_XRCODE_CONF (7 * (1<<9))
39
40 #define AR_DPL3 (3 * (1<<13))
41
42 #define AR_S (1 << 12)
43 #define AR_P (1 << 15)
44 #define AR_AVL (1 << 20)
45 #define AR_L (1 << 21)
46 #define AR_DB (1 << 22)
47 #define AR_G (1 << 23)
48
49 #ifdef __x86_64__
50 # define INT80_CLOBBERS "r8", "r9", "r10", "r11"
51 #else
52 # define INT80_CLOBBERS
53 #endif
54
55 static int nerrs;
56
57
58 static const unsigned int *counter_page;
59 static struct user_desc *low_user_desc;
60 static struct user_desc *low_user_desc_clear;
61 static int gdt_entry_num;
62
63 static void check_invalid_segment(uint16_t index, int ldt)
64 {
65 uint32_t has_limit = 0, has_ar = 0, limit, ar;
66 uint32_t selector = (index << 3) | (ldt << 2) | 3;
67
68 asm ("lsl %[selector], %[limit]\n\t"
69 "jnz 1f\n\t"
70 "movl $1, %[has_limit]\n\t"
71 "1:"
72 : [limit] "=r" (limit), [has_limit] "+rm" (has_limit)
73 : [selector] "r" (selector));
74 asm ("larl %[selector], %[ar]\n\t"
75 "jnz 1f\n\t"
76 "movl $1, %[has_ar]\n\t"
77 "1:"
78 : [ar] "=r" (ar), [has_ar] "+rm" (has_ar)
79 : [selector] "r" (selector));
80
81 if (has_limit || has_ar) {
82 printf("[FAIL]\t%s entry %hu is valid but should be invalid\n",
83 (ldt ? "LDT" : "GDT"), index);
84 nerrs++;
85 } else {
86 printf("[OK]\t%s entry %hu is invalid\n",
87 (ldt ? "LDT" : "GDT"), index);
88 }
89 }
90
91 static void check_valid_segment(uint16_t index, int ldt,
92 uint32_t expected_ar, uint32_t expected_limit,
93 bool verbose)
94 {
95 uint32_t has_limit = 0, has_ar = 0, limit, ar;
96 uint32_t selector = (index << 3) | (ldt << 2) | 3;
97
98 asm ("lsl %[selector], %[limit]\n\t"
99 "jnz 1f\n\t"
100 "movl $1, %[has_limit]\n\t"
101 "1:"
102 : [limit] "=r" (limit), [has_limit] "+rm" (has_limit)
103 : [selector] "r" (selector));
104 asm ("larl %[selector], %[ar]\n\t"
105 "jnz 1f\n\t"
106 "movl $1, %[has_ar]\n\t"
107 "1:"
108 : [ar] "=r" (ar), [has_ar] "+rm" (has_ar)
109 : [selector] "r" (selector));
110
111 if (!has_limit || !has_ar) {
112 printf("[FAIL]\t%s entry %hu is invalid but should be valid\n",
113 (ldt ? "LDT" : "GDT"), index);
114 nerrs++;
115 return;
116 }
117
118
119 ar &= ~0xF0000;
120
121
122
123
124
125 if (ar != expected_ar && ar != (expected_ar | AR_ACCESSED)) {
126 printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n",
127 (ldt ? "LDT" : "GDT"), index, ar, expected_ar);
128 nerrs++;
129 } else if (limit != expected_limit) {
130 printf("[FAIL]\t%s entry %hu has limit 0x%08X but expected 0x%08X\n",
131 (ldt ? "LDT" : "GDT"), index, limit, expected_limit);
132 nerrs++;
133 } else if (verbose) {
134 printf("[OK]\t%s entry %hu has AR 0x%08X and limit 0x%08X\n",
135 (ldt ? "LDT" : "GDT"), index, ar, limit);
136 }
137 }
138
139 static bool install_valid_mode(const struct user_desc *d, uint32_t ar,
140 bool oldmode, bool ldt)
141 {
142 struct user_desc desc = *d;
143 int ret;
144
145 if (!ldt) {
146 #ifndef __i386__
147
148 return false;
149 #endif
150 if (!gdt_entry_num)
151 return false;
152 desc.entry_number = gdt_entry_num;
153
154 ret = syscall(SYS_set_thread_area, &desc);
155 } else {
156 ret = syscall(SYS_modify_ldt, oldmode ? 1 : 0x11,
157 &desc, sizeof(desc));
158
159 if (ret < -1)
160 errno = -ret;
161
162 if (ret != 0 && errno == ENOSYS) {
163 printf("[OK]\tmodify_ldt returned -ENOSYS\n");
164 return false;
165 }
166 }
167
168 if (ret == 0) {
169 uint32_t limit = desc.limit;
170 if (desc.limit_in_pages)
171 limit = (limit << 12) + 4095;
172 check_valid_segment(desc.entry_number, ldt, ar, limit, true);
173 return true;
174 } else {
175 if (desc.seg_32bit) {
176 printf("[FAIL]\tUnexpected %s failure %d\n",
177 ldt ? "modify_ldt" : "set_thread_area",
178 errno);
179 nerrs++;
180 return false;
181 } else {
182 printf("[OK]\t%s rejected 16 bit segment\n",
183 ldt ? "modify_ldt" : "set_thread_area");
184 return false;
185 }
186 }
187 }
188
189 static bool install_valid(const struct user_desc *desc, uint32_t ar)
190 {
191 bool ret = install_valid_mode(desc, ar, false, true);
192
193 if (desc->contents <= 1 && desc->seg_32bit &&
194 !desc->seg_not_present) {
195
196 install_valid_mode(desc, ar, false, false);
197 }
198
199 return ret;
200 }
201
202 static void install_invalid(const struct user_desc *desc, bool oldmode)
203 {
204 int ret = syscall(SYS_modify_ldt, oldmode ? 1 : 0x11,
205 desc, sizeof(*desc));
206 if (ret < -1)
207 errno = -ret;
208 if (ret == 0) {
209 check_invalid_segment(desc->entry_number, 1);
210 } else if (errno == ENOSYS) {
211 printf("[OK]\tmodify_ldt returned -ENOSYS\n");
212 } else {
213 if (desc->seg_32bit) {
214 printf("[FAIL]\tUnexpected modify_ldt failure %d\n",
215 errno);
216 nerrs++;
217 } else {
218 printf("[OK]\tmodify_ldt rejected 16 bit segment\n");
219 }
220 }
221 }
222
223 static int safe_modify_ldt(int func, struct user_desc *ptr,
224 unsigned long bytecount)
225 {
226 int ret = syscall(SYS_modify_ldt, 0x11, ptr, bytecount);
227 if (ret < -1)
228 errno = -ret;
229 return ret;
230 }
231
232 static void fail_install(struct user_desc *desc)
233 {
234 if (safe_modify_ldt(0x11, desc, sizeof(*desc)) == 0) {
235 printf("[FAIL]\tmodify_ldt accepted a bad descriptor\n");
236 nerrs++;
237 } else if (errno == ENOSYS) {
238 printf("[OK]\tmodify_ldt returned -ENOSYS\n");
239 } else {
240 printf("[OK]\tmodify_ldt failure %d\n", errno);
241 }
242 }
243
244 static void do_simple_tests(void)
245 {
246 struct user_desc desc = {
247 .entry_number = 0,
248 .base_addr = 0,
249 .limit = 10,
250 .seg_32bit = 1,
251 .contents = 2,
252 .read_exec_only = 0,
253 .limit_in_pages = 0,
254 .seg_not_present = 0,
255 .useable = 0
256 };
257 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | AR_S | AR_P | AR_DB);
258
259 desc.limit_in_pages = 1;
260 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
261 AR_S | AR_P | AR_DB | AR_G);
262
263 check_invalid_segment(1, 1);
264
265 desc.entry_number = 2;
266 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
267 AR_S | AR_P | AR_DB | AR_G);
268
269 check_invalid_segment(1, 1);
270
271 desc.base_addr = 0xf0000000;
272 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
273 AR_S | AR_P | AR_DB | AR_G);
274
275 desc.useable = 1;
276 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
277 AR_S | AR_P | AR_DB | AR_G | AR_AVL);
278
279 desc.seg_not_present = 1;
280 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
281 AR_S | AR_DB | AR_G | AR_AVL);
282
283 desc.seg_32bit = 0;
284 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
285 AR_S | AR_G | AR_AVL);
286
287 desc.seg_32bit = 1;
288 desc.contents = 0;
289 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA |
290 AR_S | AR_DB | AR_G | AR_AVL);
291
292 desc.read_exec_only = 1;
293 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA |
294 AR_S | AR_DB | AR_G | AR_AVL);
295
296 desc.contents = 1;
297 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN |
298 AR_S | AR_DB | AR_G | AR_AVL);
299
300 desc.read_exec_only = 0;
301 desc.limit_in_pages = 0;
302 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN |
303 AR_S | AR_DB | AR_AVL);
304
305 desc.contents = 3;
306 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE_CONF |
307 AR_S | AR_DB | AR_AVL);
308
309 desc.read_exec_only = 1;
310 install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE_CONF |
311 AR_S | AR_DB | AR_AVL);
312
313 desc.read_exec_only = 0;
314 desc.contents = 2;
315 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE |
316 AR_S | AR_DB | AR_AVL);
317
318 desc.read_exec_only = 1;
319
320 #ifdef __x86_64__
321 desc.lm = 1;
322 install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE |
323 AR_S | AR_DB | AR_AVL);
324 desc.lm = 0;
325 #endif
326
327 bool entry1_okay = install_valid(&desc, AR_DPL3 | AR_TYPE_XOCODE |
328 AR_S | AR_DB | AR_AVL);
329
330 if (entry1_okay) {
331 printf("[RUN]\tTest fork\n");
332 pid_t child = fork();
333 if (child == 0) {
334 nerrs = 0;
335 check_valid_segment(desc.entry_number, 1,
336 AR_DPL3 | AR_TYPE_XOCODE |
337 AR_S | AR_DB | AR_AVL, desc.limit,
338 true);
339 check_invalid_segment(1, 1);
340 exit(nerrs ? 1 : 0);
341 } else {
342 int status;
343 if (waitpid(child, &status, 0) != child ||
344 !WIFEXITED(status)) {
345 printf("[FAIL]\tChild died\n");
346 nerrs++;
347 } else if (WEXITSTATUS(status) != 0) {
348 printf("[FAIL]\tChild failed\n");
349 nerrs++;
350 } else {
351 printf("[OK]\tChild succeeded\n");
352 }
353 }
354
355 printf("[RUN]\tTest size\n");
356 int i;
357 for (i = 0; i < 8192; i++) {
358 desc.entry_number = i;
359 desc.limit = i;
360 if (safe_modify_ldt(0x11, &desc, sizeof(desc)) != 0) {
361 printf("[FAIL]\tFailed to install entry %d\n", i);
362 nerrs++;
363 break;
364 }
365 }
366 for (int j = 0; j < i; j++) {
367 check_valid_segment(j, 1, AR_DPL3 | AR_TYPE_XOCODE |
368 AR_S | AR_DB | AR_AVL, j, false);
369 }
370 printf("[DONE]\tSize test\n");
371 } else {
372 printf("[SKIP]\tSkipping fork and size tests because we have no LDT\n");
373 }
374
375
376 desc.entry_number = 8192;
377 fail_install(&desc);
378
379
380 memset(&desc, 0, sizeof(desc));
381 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P);
382
383 desc.seg_not_present = 1;
384 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S);
385
386 desc.seg_not_present = 0;
387 desc.read_exec_only = 1;
388 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P);
389
390 desc.read_exec_only = 0;
391 desc.seg_not_present = 1;
392 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S);
393
394 desc.read_exec_only = 1;
395 desc.limit = 1;
396 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S);
397
398 desc.limit = 0;
399 desc.base_addr = 1;
400 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S);
401
402 desc.base_addr = 0;
403 install_invalid(&desc, false);
404
405 desc.seg_not_present = 0;
406 desc.seg_32bit = 1;
407 desc.read_exec_only = 0;
408 desc.limit = 0xfffff;
409
410 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB);
411
412 desc.limit_in_pages = 1;
413
414 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G);
415 desc.read_exec_only = 1;
416 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G);
417 desc.contents = 1;
418 desc.read_exec_only = 0;
419 install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G);
420 desc.read_exec_only = 1;
421 install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G);
422
423 desc.limit = 0;
424 install_invalid(&desc, true);
425 }
426
427
428
429
430
431
432
433 static volatile unsigned int ftx;
434
435 static void *threadproc(void *ctx)
436 {
437 cpu_set_t cpuset;
438 CPU_ZERO(&cpuset);
439 CPU_SET(1, &cpuset);
440 if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0)
441 err(1, "sched_setaffinity to CPU 1");
442
443 while (1) {
444 syscall(SYS_futex, &ftx, FUTEX_WAIT, 0, NULL, NULL, 0);
445 while (ftx != 2) {
446 if (ftx >= 3)
447 return NULL;
448 }
449
450
451 const struct user_desc desc = {};
452 if (syscall(SYS_modify_ldt, 1, &desc, sizeof(desc)) != 0)
453 err(1, "modify_ldt");
454
455
456 unsigned int x = -2;
457 asm volatile ("lock xaddl %[x], %[ftx]" :
458 [x] "+r" (x), [ftx] "+m" (ftx));
459 if (x != 2)
460 return NULL;
461 }
462 }
463
464 #ifdef __i386__
465
466 #ifndef SA_RESTORE
467 #define SA_RESTORER 0x04000000
468 #endif
469
470
471
472
473
474 struct fake_ksigaction {
475 void *handler;
476 unsigned long sa_flags;
477 void (*sa_restorer)(void);
478 unsigned char sigset[8];
479 };
480
481 static void fix_sa_restorer(int sig)
482 {
483 struct fake_ksigaction ksa;
484
485 if (syscall(SYS_rt_sigaction, sig, NULL, &ksa, 8) == 0) {
486
487
488
489
490
491
492
493
494 if (!(ksa.sa_flags & SA_RESTORER) && ksa.sa_restorer) {
495 ksa.sa_restorer = NULL;
496 if (syscall(SYS_rt_sigaction, sig, &ksa, NULL,
497 sizeof(ksa.sigset)) != 0)
498 err(1, "rt_sigaction");
499 }
500 }
501 }
502 #else
503 static void fix_sa_restorer(int sig)
504 {
505
506 }
507 #endif
508
509 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
510 int flags)
511 {
512 struct sigaction sa;
513 memset(&sa, 0, sizeof(sa));
514 sa.sa_sigaction = handler;
515 sa.sa_flags = SA_SIGINFO | flags;
516 sigemptyset(&sa.sa_mask);
517 if (sigaction(sig, &sa, 0))
518 err(1, "sigaction");
519
520 fix_sa_restorer(sig);
521 }
522
523 static jmp_buf jmpbuf;
524
525 static void sigsegv(int sig, siginfo_t *info, void *ctx_void)
526 {
527 siglongjmp(jmpbuf, 1);
528 }
529
530 static void do_multicpu_tests(void)
531 {
532 cpu_set_t cpuset;
533 pthread_t thread;
534 int failures = 0, iters = 5, i;
535 unsigned short orig_ss;
536
537 CPU_ZERO(&cpuset);
538 CPU_SET(1, &cpuset);
539 if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) {
540 printf("[SKIP]\tCannot set affinity to CPU 1\n");
541 return;
542 }
543
544 CPU_ZERO(&cpuset);
545 CPU_SET(0, &cpuset);
546 if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) {
547 printf("[SKIP]\tCannot set affinity to CPU 0\n");
548 return;
549 }
550
551 sethandler(SIGSEGV, sigsegv, 0);
552 #ifdef __i386__
553
554 sethandler(SIGILL, sigsegv, 0);
555 #endif
556
557 printf("[RUN]\tCross-CPU LDT invalidation\n");
558
559 if (pthread_create(&thread, 0, threadproc, 0) != 0)
560 err(1, "pthread_create");
561
562 asm volatile ("mov %%ss, %0" : "=rm" (orig_ss));
563
564 for (i = 0; i < 5; i++) {
565 if (sigsetjmp(jmpbuf, 1) != 0)
566 continue;
567
568
569 while (ftx != 0)
570 ;
571
572 struct user_desc desc = {
573 .entry_number = 0,
574 .base_addr = 0,
575 .limit = 0xfffff,
576 .seg_32bit = 1,
577 .contents = 0,
578 .read_exec_only = 0,
579 .limit_in_pages = 1,
580 .seg_not_present = 0,
581 .useable = 0
582 };
583
584 if (safe_modify_ldt(0x11, &desc, sizeof(desc)) != 0) {
585 if (errno != ENOSYS)
586 err(1, "modify_ldt");
587 printf("[SKIP]\tmodify_ldt unavailable\n");
588 break;
589 }
590
591
592 ftx = 1;
593 syscall(SYS_futex, &ftx, FUTEX_WAKE, 0, NULL, NULL, 0);
594
595 asm volatile ("mov %0, %%ss" : : "r" (0x7));
596
597
598 ftx = 2;
599
600 while (ftx != 0)
601 ;
602
603
604
605
606
607
608 failures++;
609 asm volatile ("mov %0, %%ss" : : "rm" (orig_ss));
610 };
611
612 ftx = 100;
613 syscall(SYS_futex, &ftx, FUTEX_WAKE, 0, NULL, NULL, 0);
614
615 if (pthread_join(thread, NULL) != 0)
616 err(1, "pthread_join");
617
618 if (failures) {
619 printf("[FAIL]\t%d of %d iterations failed\n", failures, iters);
620 nerrs++;
621 } else {
622 printf("[OK]\tAll %d iterations succeeded\n", iters);
623 }
624 }
625
626 static int finish_exec_test(void)
627 {
628
629
630
631
632 check_invalid_segment(0, 1);
633
634 return nerrs ? 1 : 0;
635 }
636
637 static void do_exec_test(void)
638 {
639 printf("[RUN]\tTest exec\n");
640
641 struct user_desc desc = {
642 .entry_number = 0,
643 .base_addr = 0,
644 .limit = 42,
645 .seg_32bit = 1,
646 .contents = 2,
647 .read_exec_only = 0,
648 .limit_in_pages = 0,
649 .seg_not_present = 0,
650 .useable = 0
651 };
652 install_valid(&desc, AR_DPL3 | AR_TYPE_XRCODE | AR_S | AR_P | AR_DB);
653
654 pid_t child = fork();
655 if (child == 0) {
656 execl("/proc/self/exe", "ldt_gdt_test_exec", NULL);
657 printf("[FAIL]\tCould not exec self\n");
658 exit(1);
659 } else {
660 int status;
661 if (waitpid(child, &status, 0) != child ||
662 !WIFEXITED(status)) {
663 printf("[FAIL]\tChild died\n");
664 nerrs++;
665 } else if (WEXITSTATUS(status) != 0) {
666 printf("[FAIL]\tChild failed\n");
667 nerrs++;
668 } else {
669 printf("[OK]\tChild succeeded\n");
670 }
671 }
672 }
673
674 static void setup_counter_page(void)
675 {
676 unsigned int *page = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
677 MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1, 0);
678 if (page == MAP_FAILED)
679 err(1, "mmap");
680
681 for (int i = 0; i < 1024; i++)
682 page[i] = i;
683 counter_page = page;
684 }
685
686 static int invoke_set_thread_area(void)
687 {
688 int ret;
689 asm volatile ("int $0x80"
690 : "=a" (ret), "+m" (low_user_desc) :
691 "a" (243), "b" (low_user_desc)
692 : INT80_CLOBBERS);
693 return ret;
694 }
695
696 static void setup_low_user_desc(void)
697 {
698 low_user_desc = mmap(NULL, 2 * sizeof(struct user_desc),
699 PROT_READ | PROT_WRITE,
700 MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1, 0);
701 if (low_user_desc == MAP_FAILED)
702 err(1, "mmap");
703
704 low_user_desc->entry_number = -1;
705 low_user_desc->base_addr = (unsigned long)&counter_page[1];
706 low_user_desc->limit = 0xfffff;
707 low_user_desc->seg_32bit = 1;
708 low_user_desc->contents = 0;
709 low_user_desc->read_exec_only = 0;
710 low_user_desc->limit_in_pages = 1;
711 low_user_desc->seg_not_present = 0;
712 low_user_desc->useable = 0;
713
714 if (invoke_set_thread_area() == 0) {
715 gdt_entry_num = low_user_desc->entry_number;
716 printf("[NOTE]\tset_thread_area is available; will use GDT index %d\n", gdt_entry_num);
717 } else {
718 printf("[NOTE]\tset_thread_area is unavailable\n");
719 }
720
721 low_user_desc_clear = low_user_desc + 1;
722 low_user_desc_clear->entry_number = gdt_entry_num;
723 low_user_desc_clear->read_exec_only = 1;
724 low_user_desc_clear->seg_not_present = 1;
725 }
726
727 static void test_gdt_invalidation(void)
728 {
729 if (!gdt_entry_num)
730 return;
731
732 unsigned short prev_sel;
733 unsigned short sel;
734 unsigned int eax;
735 const char *result;
736 #ifdef __x86_64__
737 unsigned long saved_base;
738 unsigned long new_base;
739 #endif
740
741
742 invoke_set_thread_area();
743 eax = 243;
744 sel = (gdt_entry_num << 3) | 3;
745 asm volatile ("movw %%ds, %[prev_sel]\n\t"
746 "movw %[sel], %%ds\n\t"
747 #ifdef __i386__
748 "pushl %%ebx\n\t"
749 #endif
750 "movl %[arg1], %%ebx\n\t"
751 "int $0x80\n\t"
752 #ifdef __i386__
753 "popl %%ebx\n\t"
754 #endif
755 "movw %%ds, %[sel]\n\t"
756 "movw %[prev_sel], %%ds"
757 : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel),
758 "+a" (eax)
759 : "m" (low_user_desc_clear),
760 [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear)
761 : INT80_CLOBBERS);
762
763 if (sel != 0) {
764 result = "FAIL";
765 nerrs++;
766 } else {
767 result = "OK";
768 }
769 printf("[%s]\tInvalidate DS with set_thread_area: new DS = 0x%hx\n",
770 result, sel);
771
772
773 invoke_set_thread_area();
774 eax = 243;
775 sel = (gdt_entry_num << 3) | 3;
776 asm volatile ("movw %%es, %[prev_sel]\n\t"
777 "movw %[sel], %%es\n\t"
778 #ifdef __i386__
779 "pushl %%ebx\n\t"
780 #endif
781 "movl %[arg1], %%ebx\n\t"
782 "int $0x80\n\t"
783 #ifdef __i386__
784 "popl %%ebx\n\t"
785 #endif
786 "movw %%es, %[sel]\n\t"
787 "movw %[prev_sel], %%es"
788 : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel),
789 "+a" (eax)
790 : "m" (low_user_desc_clear),
791 [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear)
792 : INT80_CLOBBERS);
793
794 if (sel != 0) {
795 result = "FAIL";
796 nerrs++;
797 } else {
798 result = "OK";
799 }
800 printf("[%s]\tInvalidate ES with set_thread_area: new ES = 0x%hx\n",
801 result, sel);
802
803
804 invoke_set_thread_area();
805 eax = 243;
806 sel = (gdt_entry_num << 3) | 3;
807 #ifdef __x86_64__
808 syscall(SYS_arch_prctl, ARCH_GET_FS, &saved_base);
809 #endif
810 asm volatile ("movw %%fs, %[prev_sel]\n\t"
811 "movw %[sel], %%fs\n\t"
812 #ifdef __i386__
813 "pushl %%ebx\n\t"
814 #endif
815 "movl %[arg1], %%ebx\n\t"
816 "int $0x80\n\t"
817 #ifdef __i386__
818 "popl %%ebx\n\t"
819 #endif
820 "movw %%fs, %[sel]\n\t"
821 : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel),
822 "+a" (eax)
823 : "m" (low_user_desc_clear),
824 [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear)
825 : INT80_CLOBBERS);
826
827 #ifdef __x86_64__
828 syscall(SYS_arch_prctl, ARCH_GET_FS, &new_base);
829 #endif
830
831
832 asm volatile ("movw %[prev_sel], %%fs" : : [prev_sel] "rm" (prev_sel));
833 #ifdef __x86_64__
834 if (saved_base)
835 syscall(SYS_arch_prctl, ARCH_SET_FS, saved_base);
836 #endif
837
838 if (sel != 0) {
839 result = "FAIL";
840 nerrs++;
841 } else {
842 result = "OK";
843 }
844 printf("[%s]\tInvalidate FS with set_thread_area: new FS = 0x%hx\n",
845 result, sel);
846
847 #ifdef __x86_64__
848 if (sel == 0 && new_base != 0) {
849 nerrs++;
850 printf("[FAIL]\tNew FSBASE was 0x%lx\n", new_base);
851 } else {
852 printf("[OK]\tNew FSBASE was zero\n");
853 }
854 #endif
855
856
857 invoke_set_thread_area();
858 eax = 243;
859 sel = (gdt_entry_num << 3) | 3;
860 #ifdef __x86_64__
861 syscall(SYS_arch_prctl, ARCH_GET_GS, &saved_base);
862 #endif
863 asm volatile ("movw %%gs, %[prev_sel]\n\t"
864 "movw %[sel], %%gs\n\t"
865 #ifdef __i386__
866 "pushl %%ebx\n\t"
867 #endif
868 "movl %[arg1], %%ebx\n\t"
869 "int $0x80\n\t"
870 #ifdef __i386__
871 "popl %%ebx\n\t"
872 #endif
873 "movw %%gs, %[sel]\n\t"
874 : [prev_sel] "=&r" (prev_sel), [sel] "+r" (sel),
875 "+a" (eax)
876 : "m" (low_user_desc_clear),
877 [arg1] "r" ((unsigned int)(unsigned long)low_user_desc_clear)
878 : INT80_CLOBBERS);
879
880 #ifdef __x86_64__
881 syscall(SYS_arch_prctl, ARCH_GET_GS, &new_base);
882 #endif
883
884
885 asm volatile ("movw %[prev_sel], %%gs" : : [prev_sel] "rm" (prev_sel));
886 #ifdef __x86_64__
887 if (saved_base)
888 syscall(SYS_arch_prctl, ARCH_SET_GS, saved_base);
889 #endif
890
891 if (sel != 0) {
892 result = "FAIL";
893 nerrs++;
894 } else {
895 result = "OK";
896 }
897 printf("[%s]\tInvalidate GS with set_thread_area: new GS = 0x%hx\n",
898 result, sel);
899
900 #ifdef __x86_64__
901 if (sel == 0 && new_base != 0) {
902 nerrs++;
903 printf("[FAIL]\tNew GSBASE was 0x%lx\n", new_base);
904 } else {
905 printf("[OK]\tNew GSBASE was zero\n");
906 }
907 #endif
908 }
909
910 int main(int argc, char **argv)
911 {
912 if (argc == 1 && !strcmp(argv[0], "ldt_gdt_test_exec"))
913 return finish_exec_test();
914
915 setup_counter_page();
916 setup_low_user_desc();
917
918 do_simple_tests();
919
920 do_multicpu_tests();
921
922 do_exec_test();
923
924 test_gdt_invalidation();
925
926 return nerrs ? 1 : 0;
927 }