Commit-ID:  9402eaf4c11f0b892eda7b2bcb4654ab34ce34f9
Gitweb:     https://git.kernel.org/tip/9402eaf4c11f0b892eda7b2bcb4654ab34ce34f9
Author:     Andy Lutomirski <l...@kernel.org>
AuthorDate: Mon, 1 Jul 2019 20:43:19 -0700
Committer:  Thomas Gleixner <t...@linutronix.de>
CommitDate: Tue, 2 Jul 2019 08:45:20 +0200

selftests/x86: Test SYSCALL and SYSENTER manually with TF set

Make sure that both variants of the nasty TF-in-compat-syscall are
exercised regardless of what vendor's CPU is running the tests.

Also change the intentional signal after SYSCALL to use ud2, which
is a lot more comprehensible.

This crashes the kernel due to an FSGSBASE bug right now.

This test *also* detects a bug in KVM when run on an Intel host.  KVM
people, feel free to use it to help debug.  There's a bunch of code in this
test to warn instead of going into an infinite looping when the bug gets
triggered.

Reported-by: Vegard Nossum <vegard.nos...@oracle.com>
Signed-off-by: Andy Lutomirski <l...@kernel.org>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Cc:  "BaeChang Seok" <chang.seok....@intel.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Cc: "Bae, Chang Seok" <chang.seok....@intel.com>
Link: 
https://lkml.kernel.org/r/5f5de10441ab2e3005538b4c33be9b1965d1bb63.1562035429.git.l...@kernel.org

---
 tools/testing/selftests/x86/Makefile            |   5 +-
 tools/testing/selftests/x86/syscall_arg_fault.c | 112 ++++++++++++++++++++++--
 2 files changed, 110 insertions(+), 7 deletions(-)

diff --git a/tools/testing/selftests/x86/Makefile 
b/tools/testing/selftests/x86/Makefile
index 186520198de7..fa07d526fe39 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -12,8 +12,9 @@ CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) 
trivial_program.c -no-pie)
 
 TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt 
test_mremap_vdso \
                        check_initial_reg_state sigreturn iopl mpx-mini-test 
ioperm \
-                       protection_keys test_vdso test_vsyscall mov_ss_trap
-TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault test_syscall_vdso 
unwind_vdso \
+                       protection_keys test_vdso test_vsyscall mov_ss_trap \
+                       syscall_arg_fault
+TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \
                        test_FCMOV test_FCOMI test_FISTTP \
                        vdso_restorer
 TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip
diff --git a/tools/testing/selftests/x86/syscall_arg_fault.c 
b/tools/testing/selftests/x86/syscall_arg_fault.c
index 4e25d38c8bbd..bc0ecc2e862e 100644
--- a/tools/testing/selftests/x86/syscall_arg_fault.c
+++ b/tools/testing/selftests/x86/syscall_arg_fault.c
@@ -15,9 +15,30 @@
 #include <setjmp.h>
 #include <errno.h>
 
+#ifdef __x86_64__
+# define WIDTH "q"
+#else
+# define WIDTH "l"
+#endif
+
 /* Our sigaltstack scratch space. */
 static unsigned char altstack_data[SIGSTKSZ];
 
+static unsigned long get_eflags(void)
+{
+       unsigned long eflags;
+       asm volatile ("pushf" WIDTH "\n\tpop" WIDTH " %0" : "=rm" (eflags));
+       return eflags;
+}
+
+static void set_eflags(unsigned long eflags)
+{
+       asm volatile ("push" WIDTH " %0\n\tpopf" WIDTH
+                     : : "rm" (eflags) : "flags");
+}
+
+#define X86_EFLAGS_TF (1UL << 8)
+
 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
                       int flags)
 {
@@ -35,13 +56,22 @@ static sigjmp_buf jmpbuf;
 
 static volatile sig_atomic_t n_errs;
 
+#ifdef __x86_64__
+#define REG_AX REG_RAX
+#define REG_IP REG_RIP
+#else
+#define REG_AX REG_EAX
+#define REG_IP REG_EIP
+#endif
+
 static void sigsegv_or_sigbus(int sig, siginfo_t *info, void *ctx_void)
 {
        ucontext_t *ctx = (ucontext_t*)ctx_void;
+       long ax = (long)ctx->uc_mcontext.gregs[REG_AX];
 
-       if (ctx->uc_mcontext.gregs[REG_EAX] != -EFAULT) {
-               printf("[FAIL]\tAX had the wrong value: 0x%x\n",
-                      ctx->uc_mcontext.gregs[REG_EAX]);
+       if (ax != -EFAULT && ax != -ENOSYS) {
+               printf("[FAIL]\tAX had the wrong value: 0x%lx\n",
+                      (unsigned long)ax);
                n_errs++;
        } else {
                printf("[OK]\tSeems okay\n");
@@ -50,9 +80,42 @@ static void sigsegv_or_sigbus(int sig, siginfo_t *info, void 
*ctx_void)
        siglongjmp(jmpbuf, 1);
 }
 
+static volatile sig_atomic_t sigtrap_consecutive_syscalls;
+
+static void sigtrap(int sig, siginfo_t *info, void *ctx_void)
+{
+       /*
+        * KVM has some bugs that can cause us to stop making progress.
+        * detect them and complain, but don't infinite loop or fail the
+        * test.
+        */
+
+       ucontext_t *ctx = (ucontext_t*)ctx_void;
+       unsigned short *ip = (unsigned short *)ctx->uc_mcontext.gregs[REG_IP];
+
+       if (*ip == 0x340f || *ip == 0x050f) {
+               /* The trap was on SYSCALL or SYSENTER */
+               sigtrap_consecutive_syscalls++;
+               if (sigtrap_consecutive_syscalls > 3) {
+                       printf("[WARN]\tGot stuck single-stepping -- you 
probably have a KVM bug\n");
+                       siglongjmp(jmpbuf, 1);
+               }
+       } else {
+               sigtrap_consecutive_syscalls = 0;
+       }
+}
+
 static void sigill(int sig, siginfo_t *info, void *ctx_void)
 {
-       printf("[SKIP]\tIllegal instruction\n");
+       ucontext_t *ctx = (ucontext_t*)ctx_void;
+       unsigned short *ip = (unsigned short *)ctx->uc_mcontext.gregs[REG_IP];
+
+       if (*ip == 0x0b0f) {
+               /* one of the ud2 instructions faulted */
+               printf("[OK]\tSYSCALL returned normally\n");
+       } else {
+               printf("[SKIP]\tIllegal instruction\n");
+       }
        siglongjmp(jmpbuf, 1);
 }
 
@@ -120,9 +183,48 @@ int main()
                        "movl $-1, %%ebp\n\t"
                        "movl $-1, %%esp\n\t"
                        "syscall\n\t"
-                       "pushl $0"      /* make sure we segfault cleanly */
+                       "ud2"           /* make sure we recover cleanly */
+                       : : : "memory", "flags");
+       }
+
+       printf("[RUN]\tSYSENTER with TF and invalid state\n");
+       sethandler(SIGTRAP, sigtrap, SA_ONSTACK);
+
+       if (sigsetjmp(jmpbuf, 1) == 0) {
+               sigtrap_consecutive_syscalls = 0;
+               set_eflags(get_eflags() | X86_EFLAGS_TF);
+               asm volatile (
+                       "movl $-1, %%eax\n\t"
+                       "movl $-1, %%ebx\n\t"
+                       "movl $-1, %%ecx\n\t"
+                       "movl $-1, %%edx\n\t"
+                       "movl $-1, %%esi\n\t"
+                       "movl $-1, %%edi\n\t"
+                       "movl $-1, %%ebp\n\t"
+                       "movl $-1, %%esp\n\t"
+                       "sysenter"
+                       : : : "memory", "flags");
+       }
+       set_eflags(get_eflags() & ~X86_EFLAGS_TF);
+
+       printf("[RUN]\tSYSCALL with TF and invalid state\n");
+       if (sigsetjmp(jmpbuf, 1) == 0) {
+               sigtrap_consecutive_syscalls = 0;
+               set_eflags(get_eflags() | X86_EFLAGS_TF);
+               asm volatile (
+                       "movl $-1, %%eax\n\t"
+                       "movl $-1, %%ebx\n\t"
+                       "movl $-1, %%ecx\n\t"
+                       "movl $-1, %%edx\n\t"
+                       "movl $-1, %%esi\n\t"
+                       "movl $-1, %%edi\n\t"
+                       "movl $-1, %%ebp\n\t"
+                       "movl $-1, %%esp\n\t"
+                       "syscall\n\t"
+                       "ud2"           /* make sure we recover cleanly */
                        : : : "memory", "flags");
        }
+       set_eflags(get_eflags() & ~X86_EFLAGS_TF);
 
        return 0;
 }

Reply via email to