LXR linux/tools/testing/selftests/x86/syscall_arg

   1/*
   2 * syscall_arg_fault.c - tests faults 32-bit fast syscall stack args
   3 * Copyright (c) 2015 Andrew Lutomirski
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms and conditions of the GNU General Public License,
   7 * version 2, as published by the Free Software Foundation.
   8 *
   9 * This program is distributed in the hope it will be useful, but
  10 * WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12 * General Public License for more details.
  13 */
  14
  15#define _GNU_SOURCE
  16
  17#include <stdlib.h>
  18#include <stdio.h>
  19#include <string.h>
  20#include <sys/signal.h>
  21#include <sys/ucontext.h>
  22#include <err.h>
  23#include <setjmp.h>
  24#include <errno.h>
  25
  26/* Our sigaltstack scratch space. */
  27static unsigned char altstack_data[SIGSTKSZ];
  28
  29static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
  30                       int flags)
  31{
  32        struct sigaction sa;
  33        memset(&sa, 0, sizeof(sa));
  34        sa.sa_sigaction = handler;
  35        sa.sa_flags = SA_SIGINFO | flags;
  36        sigemptyset(&sa.sa_mask);
  37        if (sigaction(sig, &sa, 0))
  38                err(1, "sigaction");
  39}
  40
  41static volatile sig_atomic_t sig_traps;
  42static sigjmp_buf jmpbuf;
  43
  44static volatile sig_atomic_t n_errs;
  45
  46static void sigsegv(int sig, siginfo_t *info, void *ctx_void)
  47{
  48        ucontext_t *ctx = (ucontext_t*)ctx_void;
  49
  50        if (ctx->uc_mcontext.gregs[REG_EAX] != -EFAULT) {
  51                printf("[FAIL]\tAX had the wrong value: 0x%x\n",
  52                       ctx->uc_mcontext.gregs[REG_EAX]);
  53                n_errs++;
  54        } else {
  55                printf("[OK]\tSeems okay\n");
  56        }
  57
  58        siglongjmp(jmpbuf, 1);
  59}
  60
  61static void sigill(int sig, siginfo_t *info, void *ctx_void)
  62{
  63        printf("[SKIP]\tIllegal instruction\n");
  64        siglongjmp(jmpbuf, 1);
  65}
  66
  67int main()
  68{
  69        stack_t stack = {
  70                .ss_sp = altstack_data,
  71                .ss_size = SIGSTKSZ,
  72        };
  73        if (sigaltstack(&stack, NULL) != 0)
  74                err(1, "sigaltstack");
  75
  76        sethandler(SIGSEGV, sigsegv, SA_ONSTACK);
  77        sethandler(SIGILL, sigill, SA_ONSTACK);
  78
  79        /*
  80         * Exercise another nasty special case.  The 32-bit SYSCALL
  81         * and SYSENTER instructions (even in compat mode) each
  82         * clobber one register.  A Linux system call has a syscall
  83         * number and six arguments, and the user stack pointer
  84         * needs to live in some register on return.  That means
  85         * that we need eight registers, but SYSCALL and SYSENTER
  86         * only preserve seven registers.  As a result, one argument
  87         * ends up on the stack.  The stack is user memory, which
  88         * means that the kernel can fail to read it.
  89         *
  90         * The 32-bit fast system calls don't have a defined ABI:
  91         * we're supposed to invoke them through the vDSO.  So we'll
  92         * fudge it: we set all regs to invalid pointer values and
  93         * invoke the entry instruction.  The return will fail no
  94         * matter what, and we completely lose our program state,
  95         * but we can fix it up with a signal handler.
  96         */
  97
  98        printf("[RUN]\tSYSENTER with invalid state\n");
  99        if (sigsetjmp(jmpbuf, 1) == 0) {
 100                asm volatile (
 101                        "movl $-1, %%eax\n\t"
 102                        "movl $-1, %%ebx\n\t"
 103                        "movl $-1, %%ecx\n\t"
 104                        "movl $-1, %%edx\n\t"
 105                        "movl $-1, %%esi\n\t"
 106                        "movl $-1, %%edi\n\t"
 107                        "movl $-1, %%ebp\n\t"
 108                        "movl $-1, %%esp\n\t"
 109                        "sysenter"
 110                        : : : "memory", "flags");
 111        }
 112
 113        printf("[RUN]\tSYSCALL with invalid state\n");
 114        if (sigsetjmp(jmpbuf, 1) == 0) {
 115                asm volatile (
 116                        "movl $-1, %%eax\n\t"
 117                        "movl $-1, %%ebx\n\t"
 118                        "movl $-1, %%ecx\n\t"
 119                        "movl $-1, %%edx\n\t"
 120                        "movl $-1, %%esi\n\t"
 121                        "movl $-1, %%edi\n\t"
 122                        "movl $-1, %%ebp\n\t"
 123                        "movl $-1, %%esp\n\t"
 124                        "syscall\n\t"
 125                        "pushl $0"      /* make sure we segfault cleanly */
 126                        : : : "memory", "flags");
 127        }
 128
 129        return 0;
 130}
 131