LXR linux/tools/testing/selftests/x86/mpx-mini-test.c

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * mpx-mini-test.c: routines to test Intel MPX (Memory Protection eXtentions)
   4 *
   5 * Written by:
   6 * "Ren, Qiaowei" <qiaowei.ren@intel.com>
   7 * "Wei, Gang" <gang.wei@intel.com>
   8 * "Hansen, Dave" <dave.hansen@intel.com>
   9 */
  10
  11/*
  12 * 2014-12-05: Dave Hansen: fixed all of the compiler warnings, and made sure
  13 *             it works on 32-bit.
  14 */
  15
  16int inspect_every_this_many_mallocs = 100;
  17int zap_all_every_this_many_mallocs = 1000;
  18
  19#define _GNU_SOURCE
  20#define _LARGEFILE64_SOURCE
  21
  22#include <string.h>
  23#include <stdio.h>
  24#include <stdint.h>
  25#include <stdbool.h>
  26#include <signal.h>
  27#include <assert.h>
  28#include <stdlib.h>
  29#include <ucontext.h>
  30#include <sys/mman.h>
  31#include <sys/types.h>
  32#include <sys/stat.h>
  33#include <fcntl.h>
  34#include <unistd.h>
  35
  36#include "mpx-hw.h"
  37#include "mpx-debug.h"
  38#include "mpx-mm.h"
  39
  40#ifndef __always_inline
  41#define __always_inline inline __attribute__((always_inline)
  42#endif
  43
  44#ifndef TEST_DURATION_SECS
  45#define TEST_DURATION_SECS 3
  46#endif
  47
  48void write_int_to(char *prefix, char *file, int int_to_write)
  49{
  50        char buf[100];
  51        int fd = open(file, O_RDWR);
  52        int len;
  53        int ret;
  54
  55        assert(fd >= 0);
  56        len = snprintf(buf, sizeof(buf), "%s%d", prefix, int_to_write);
  57        assert(len >= 0);
  58        assert(len < sizeof(buf));
  59        ret = write(fd, buf, len);
  60        assert(ret == len);
  61        ret = close(fd);
  62        assert(!ret);
  63}
  64
  65void write_pid_to(char *prefix, char *file)
  66{
  67        write_int_to(prefix, file, getpid());
  68}
  69
  70void trace_me(void)
  71{
  72/* tracing events dir */
  73#define TED "/sys/kernel/debug/tracing/events/"
  74/*
  75        write_pid_to("common_pid=", TED "signal/filter");
  76        write_pid_to("common_pid=", TED "exceptions/filter");
  77        write_int_to("", TED "signal/enable", 1);
  78        write_int_to("", TED "exceptions/enable", 1);
  79*/
  80        write_pid_to("", "/sys/kernel/debug/tracing/set_ftrace_pid");
  81        write_int_to("", "/sys/kernel/debug/tracing/trace", 0);
  82}
  83
  84#define test_failed() __test_failed(__FILE__, __LINE__)
  85static void __test_failed(char *f, int l)
  86{
  87        fprintf(stderr, "abort @ %s::%d\n", f, l);
  88        abort();
  89}
  90
  91/* Error Printf */
  92#define eprintf(args...)        fprintf(stderr, args)
  93
  94#ifdef __i386__
  95
  96/* i386 directory size is 4MB */
  97#define REG_IP_IDX      REG_EIP
  98#define REX_PREFIX
  99
 100#define XSAVE_OFFSET_IN_FPMEM   sizeof(struct _libc_fpstate)
 101
 102/*
 103 * __cpuid() is from the Linux Kernel:
 104 */
 105static inline void __cpuid(unsigned int *eax, unsigned int *ebx,
 106                unsigned int *ecx, unsigned int *edx)
 107{
 108        /* ecx is often an input as well as an output. */
 109        asm volatile(
 110                "push %%ebx;"
 111                "cpuid;"
 112                "mov %%ebx, %1;"
 113                "pop %%ebx"
 114                : "=a" (*eax),
 115                  "=g" (*ebx),
 116                  "=c" (*ecx),
 117                  "=d" (*edx)
 118                : "0" (*eax), "2" (*ecx));
 119}
 120
 121#else /* __i386__ */
 122
 123#define REG_IP_IDX      REG_RIP
 124#define REX_PREFIX "0x48, "
 125
 126#define XSAVE_OFFSET_IN_FPMEM   0
 127
 128/*
 129 * __cpuid() is from the Linux Kernel:
 130 */
 131static inline void __cpuid(unsigned int *eax, unsigned int *ebx,
 132                unsigned int *ecx, unsigned int *edx)
 133{
 134        /* ecx is often an input as well as an output. */
 135        asm volatile(
 136                "cpuid;"
 137                : "=a" (*eax),
 138                  "=b" (*ebx),
 139                  "=c" (*ecx),
 140                  "=d" (*edx)
 141                : "0" (*eax), "2" (*ecx));
 142}
 143
 144#endif /* !__i386__ */
 145
 146struct xsave_hdr_struct {
 147        uint64_t xstate_bv;
 148        uint64_t reserved1[2];
 149        uint64_t reserved2[5];
 150} __attribute__((packed));
 151
 152struct bndregs_struct {
 153        uint64_t bndregs[8];
 154} __attribute__((packed));
 155
 156struct bndcsr_struct {
 157        uint64_t cfg_reg_u;
 158        uint64_t status_reg;
 159} __attribute__((packed));
 160
 161struct xsave_struct {
 162        uint8_t fpu_sse[512];
 163        struct xsave_hdr_struct xsave_hdr;
 164        uint8_t ymm[256];
 165        uint8_t lwp[128];
 166        struct bndregs_struct bndregs;
 167        struct bndcsr_struct bndcsr;
 168} __attribute__((packed));
 169
 170uint8_t __attribute__((__aligned__(64))) buffer[4096];
 171struct xsave_struct *xsave_buf = (struct xsave_struct *)buffer;
 172
 173uint8_t __attribute__((__aligned__(64))) test_buffer[4096];
 174struct xsave_struct *xsave_test_buf = (struct xsave_struct *)test_buffer;
 175
 176uint64_t num_bnd_chk;
 177
 178static __always_inline void xrstor_state(struct xsave_struct *fx, uint64_t mask)
 179{
 180        uint32_t lmask = mask;
 181        uint32_t hmask = mask >> 32;
 182
 183        asm volatile(".byte " REX_PREFIX "0x0f,0xae,0x2f\n\t"
 184                     : : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
 185                     :   "memory");
 186}
 187
 188static __always_inline void xsave_state_1(void *_fx, uint64_t mask)
 189{
 190        uint32_t lmask = mask;
 191        uint32_t hmask = mask >> 32;
 192        unsigned char *fx = _fx;
 193
 194        asm volatile(".byte " REX_PREFIX "0x0f,0xae,0x27\n\t"
 195                     : : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
 196                     :   "memory");
 197}
 198
 199static inline uint64_t xgetbv(uint32_t index)
 200{
 201        uint32_t eax, edx;
 202
 203        asm volatile(".byte 0x0f,0x01,0xd0" /* xgetbv */
 204                     : "=a" (eax), "=d" (edx)
 205                     : "c" (index));
 206        return eax + ((uint64_t)edx << 32);
 207}
 208
 209static uint64_t read_mpx_status_sig(ucontext_t *uctxt)
 210{
 211        memset(buffer, 0, sizeof(buffer));
 212        memcpy(buffer,
 213                (uint8_t *)uctxt->uc_mcontext.fpregs + XSAVE_OFFSET_IN_FPMEM,
 214                sizeof(struct xsave_struct));
 215
 216        return xsave_buf->bndcsr.status_reg;
 217}
 218
 219#include <pthread.h>
 220
 221static uint8_t *get_next_inst_ip(uint8_t *addr)
 222{
 223        uint8_t *ip = addr;
 224        uint8_t sib;
 225        uint8_t rm;
 226        uint8_t mod;
 227        uint8_t base;
 228        uint8_t modrm;
 229
 230        /* determine the prefix. */
 231        switch(*ip) {
 232        case 0xf2:
 233        case 0xf3:
 234        case 0x66:
 235                ip++;
 236                break;
 237        }
 238
 239        /* look for rex prefix */
 240        if ((*ip & 0x40) == 0x40)
 241                ip++;
 242
 243        /* Make sure we have a MPX instruction. */
 244        if (*ip++ != 0x0f)
 245                return addr;
 246
 247        /* Skip the op code byte. */
 248        ip++;
 249
 250        /* Get the modrm byte. */
 251        modrm = *ip++;
 252
 253        /* Break it down into parts. */
 254        rm = modrm & 7;
 255        mod = (modrm >> 6);
 256
 257        /* Init the parts of the address mode. */
 258        base = 8;
 259
 260        /* Is it a mem mode? */
 261        if (mod != 3) {
 262                /* look for scaled indexed addressing */
 263                if (rm == 4) {
 264                        /* SIB addressing */
 265                        sib = *ip++;
 266                        base = sib & 7;
 267                        switch (mod) {
 268                        case 0:
 269                                if (base == 5)
 270                                        ip += 4;
 271                                break;
 272
 273                        case 1:
 274                                ip++;
 275                                break;
 276
 277                        case 2:
 278                                ip += 4;
 279                                break;
 280                        }
 281
 282                } else {
 283                        /* MODRM addressing */
 284                        switch (mod) {
 285                        case 0:
 286                                /* DISP32 addressing, no base */
 287                                if (rm == 5)
 288                                        ip += 4;
 289                                break;
 290
 291                        case 1:
 292                                ip++;
 293                                break;
 294
 295                        case 2:
 296                                ip += 4;
 297                                break;
 298                        }
 299                }
 300        }
 301        return ip;
 302}
 303
 304#ifdef si_lower
 305static inline void *__si_bounds_lower(siginfo_t *si)
 306{
 307        return si->si_lower;
 308}
 309
 310static inline void *__si_bounds_upper(siginfo_t *si)
 311{
 312        return si->si_upper;
 313}
 314#else
 315
 316/*
 317 * This deals with old version of _sigfault in some distros:
 318 *
 319
 320old _sigfault:
 321        struct {
 322            void *si_addr;
 323        } _sigfault;
 324
 325new _sigfault:
 326        struct {
 327                void __user *_addr;
 328                int _trapno;
 329                short _addr_lsb;
 330                union {
 331                        struct {
 332                                void __user *_lower;
 333                                void __user *_upper;
 334                        } _addr_bnd;
 335                        __u32 _pkey;
 336                };
 337        } _sigfault;
 338 *
 339 */
 340
 341static inline void **__si_bounds_hack(siginfo_t *si)
 342{
 343        void *sigfault = &si->_sifields._sigfault;
 344        void *end_sigfault = sigfault + sizeof(si->_sifields._sigfault);
 345        int *trapno = (int*)end_sigfault;
 346        /* skip _trapno and _addr_lsb */
 347        void **__si_lower = (void**)(trapno + 2);
 348
 349        return __si_lower;
 350}
 351
 352static inline void *__si_bounds_lower(siginfo_t *si)
 353{
 354        return *__si_bounds_hack(si);
 355}
 356
 357static inline void *__si_bounds_upper(siginfo_t *si)
 358{
 359        return *(__si_bounds_hack(si) + 1);
 360}
 361#endif
 362
 363static int br_count;
 364static int expected_bnd_index = -1;
 365uint64_t shadow_plb[NR_MPX_BOUNDS_REGISTERS][2]; /* shadow MPX bound registers */
 366unsigned long shadow_map[NR_MPX_BOUNDS_REGISTERS];
 367
 368/* Failed address bound checks: */
 369#ifndef SEGV_BNDERR
 370# define SEGV_BNDERR    3
 371#endif
 372
 373/*
 374 * The kernel is supposed to provide some information about the bounds
 375 * exception in the siginfo.  It should match what we have in the bounds
 376 * registers that we are checking against.  Just check against the shadow copy
 377 * since it is easily available, and we also check that *it* matches the real
 378 * registers.
 379 */
 380void check_siginfo_vs_shadow(siginfo_t* si)
 381{
 382        int siginfo_ok = 1;
 383        void *shadow_lower = (void *)(unsigned long)shadow_plb[expected_bnd_index][0];
 384        void *shadow_upper = (void *)(unsigned long)shadow_plb[expected_bnd_index][1];
 385
 386        if ((expected_bnd_index < 0) ||
 387            (expected_bnd_index >= NR_MPX_BOUNDS_REGISTERS)) {
 388                fprintf(stderr, "ERROR: invalid expected_bnd_index: %d\n",
 389                        expected_bnd_index);
 390                exit(6);
 391        }
 392        if (__si_bounds_lower(si) != shadow_lower)
 393                siginfo_ok = 0;
 394        if (__si_bounds_upper(si) != shadow_upper)
 395                siginfo_ok = 0;
 396
 397        if (!siginfo_ok) {
 398                fprintf(stderr, "ERROR: siginfo bounds do not match "
 399                        "shadow bounds for register %d\n", expected_bnd_index);
 400                exit(7);
 401        }
 402}
 403
 404void handler(int signum, siginfo_t *si, void *vucontext)
 405{
 406        int i;
 407        ucontext_t *uctxt = vucontext;
 408        int trapno;
 409        unsigned long ip;
 410
 411        dprintf1("entered signal handler\n");
 412
 413        trapno = uctxt->uc_mcontext.gregs[REG_TRAPNO];
 414        ip = uctxt->uc_mcontext.gregs[REG_IP_IDX];
 415
 416        if (trapno == 5) {
 417                typeof(si->si_addr) *si_addr_ptr = &si->si_addr;
 418                uint64_t status = read_mpx_status_sig(uctxt);
 419                uint64_t br_reason =  status & 0x3;
 420
 421                br_count++;
 422                dprintf1("#BR 0x%jx (total seen: %d)\n", status, br_count);
 423
 424                dprintf2("Saw a #BR! status 0x%jx at %016lx br_reason: %jx\n",
 425                                status, ip, br_reason);
 426                dprintf2("si_signo: %d\n", si->si_signo);
 427                dprintf2("  signum: %d\n", signum);
 428                dprintf2("info->si_code == SEGV_BNDERR: %d\n",
 429                                (si->si_code == SEGV_BNDERR));
 430                dprintf2("info->si_code: %d\n", si->si_code);
 431                dprintf2("info->si_lower: %p\n", __si_bounds_lower(si));
 432                dprintf2("info->si_upper: %p\n", __si_bounds_upper(si));
 433
 434                for (i = 0; i < 8; i++)
 435                        dprintf3("[%d]: %p\n", i, si_addr_ptr[i]);
 436                switch (br_reason) {
 437                case 0: /* traditional BR */
 438                        fprintf(stderr,
 439                                "Undefined status with bound exception:%jx\n",
 440                                 status);
 441                        exit(5);
 442                case 1: /* #BR MPX bounds exception */
 443                        /* these are normal and we expect to see them */
 444
 445                        check_siginfo_vs_shadow(si);
 446
 447                        dprintf1("bounds exception (normal): status 0x%jx at %p si_addr: %p\n",
 448                                status, (void *)ip, si->si_addr);
 449                        num_bnd_chk++;
 450                        uctxt->uc_mcontext.gregs[REG_IP_IDX] =
 451                                (greg_t)get_next_inst_ip((uint8_t *)ip);
 452                        break;
 453                case 2:
 454                        fprintf(stderr, "#BR status == 2, missing bounds table,"
 455                                        "kernel should have handled!!\n");
 456                        exit(4);
 457                        break;
 458                default:
 459                        fprintf(stderr, "bound check error: status 0x%jx at %p\n",
 460                                status, (void *)ip);
 461                        num_bnd_chk++;
 462                        uctxt->uc_mcontext.gregs[REG_IP_IDX] =
 463                                (greg_t)get_next_inst_ip((uint8_t *)ip);
 464                        fprintf(stderr, "bound check error: si_addr %p\n", si->si_addr);
 465                        exit(3);
 466                }
 467        } else if (trapno == 14) {
 468                eprintf("ERROR: In signal handler, page fault, trapno = %d, ip = %016lx\n",
 469                        trapno, ip);
 470                eprintf("si_addr %p\n", si->si_addr);
 471                eprintf("REG_ERR: %lx\n", (unsigned long)uctxt->uc_mcontext.gregs[REG_ERR]);
 472                test_failed();
 473        } else {
 474                eprintf("unexpected trap %d! at 0x%lx\n", trapno, ip);
 475                eprintf("si_addr %p\n", si->si_addr);
 476                eprintf("REG_ERR: %lx\n", (unsigned long)uctxt->uc_mcontext.gregs[REG_ERR]);
 477                test_failed();
 478        }
 479}
 480
 481static inline void cpuid_count(unsigned int op, int count,
 482                               unsigned int *eax, unsigned int *ebx,
 483                               unsigned int *ecx, unsigned int *edx)
 484{
 485        *eax = op;
 486        *ecx = count;
 487        __cpuid(eax, ebx, ecx, edx);
 488}
 489
 490#define XSTATE_CPUID        0x0000000d
 491
 492/*
 493 * List of XSAVE features Linux knows about:
 494 */
 495enum xfeature_bit {
 496        XSTATE_BIT_FP,
 497        XSTATE_BIT_SSE,
 498        XSTATE_BIT_YMM,
 499        XSTATE_BIT_BNDREGS,
 500        XSTATE_BIT_BNDCSR,
 501        XSTATE_BIT_OPMASK,
 502        XSTATE_BIT_ZMM_Hi256,
 503        XSTATE_BIT_Hi16_ZMM,
 504
 505        XFEATURES_NR_MAX,
 506};
 507
 508#define XSTATE_FP              (1 << XSTATE_BIT_FP)
 509#define XSTATE_SSE            (1 << XSTATE_BIT_SSE)
 510#define XSTATE_YMM            (1 << XSTATE_BIT_YMM)
 511#define XSTATE_BNDREGS    (1 << XSTATE_BIT_BNDREGS)
 512#define XSTATE_BNDCSR      (1 << XSTATE_BIT_BNDCSR)
 513#define XSTATE_OPMASK      (1 << XSTATE_BIT_OPMASK)
 514#define XSTATE_ZMM_Hi256        (1 << XSTATE_BIT_ZMM_Hi256)
 515#define XSTATE_Hi16_ZMM  (1 << XSTATE_BIT_Hi16_ZMM)
 516
 517#define MPX_XSTATES             (XSTATE_BNDREGS | XSTATE_BNDCSR) /* 0x18 */
 518
 519bool one_bit(unsigned int x, int bit)
 520{
 521        return !!(x & (1<<bit));
 522}
 523
 524void print_state_component(int state_bit_nr, char *name)
 525{
 526        unsigned int eax, ebx, ecx, edx;
 527        unsigned int state_component_size;
 528        unsigned int state_component_supervisor;
 529        unsigned int state_component_user;
 530        unsigned int state_component_aligned;
 531
 532        /* See SDM Section 13.2 */
 533        cpuid_count(XSTATE_CPUID, state_bit_nr, &eax, &ebx, &ecx, &edx);
 534        assert(eax || ebx || ecx);
 535        state_component_size = eax;
 536        state_component_supervisor = ((!ebx) && one_bit(ecx, 0));
 537        state_component_user = !one_bit(ecx, 0);
 538        state_component_aligned = one_bit(ecx, 1);
 539        printf("%8s: size: %d user: %d supervisor: %d aligned: %d\n",
 540                name,
 541                state_component_size,       state_component_user,
 542                state_component_supervisor, state_component_aligned);
 543
 544}
 545
 546/* Intel-defined CPU features, CPUID level 0x00000001 (ecx) */
 547#define XSAVE_FEATURE_BIT       (26)  /* XSAVE/XRSTOR/XSETBV/XGETBV */
 548#define OSXSAVE_FEATURE_BIT     (27) /* XSAVE enabled in the OS */
 549
 550bool check_mpx_support(void)
 551{
 552        unsigned int eax, ebx, ecx, edx;
 553
 554        cpuid_count(1, 0, &eax, &ebx, &ecx, &edx);
 555
 556        /* We can't do much without XSAVE, so just make these assert()'s */
 557        if (!one_bit(ecx, XSAVE_FEATURE_BIT)) {
 558                fprintf(stderr, "processor lacks XSAVE, can not run MPX tests\n");
 559                exit(0);
 560        }
 561
 562        if (!one_bit(ecx, OSXSAVE_FEATURE_BIT)) {
 563                fprintf(stderr, "processor lacks OSXSAVE, can not run MPX tests\n");
 564                exit(0);
 565        }
 566
 567        /* CPUs not supporting the XSTATE CPUID leaf do not support MPX */
 568        /* Is this redundant with the feature bit checks? */
 569        cpuid_count(0, 0, &eax, &ebx, &ecx, &edx);
 570        if (eax < XSTATE_CPUID) {
 571                fprintf(stderr, "processor lacks XSTATE CPUID leaf,"
 572                                " can not run MPX tests\n");
 573                exit(0);
 574        }
 575
 576        printf("XSAVE is supported by HW & OS\n");
 577
 578        cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
 579
 580        printf("XSAVE processor supported state mask: 0x%x\n", eax);
 581        printf("XSAVE OS supported state mask: 0x%jx\n", xgetbv(0));
 582
 583        /* Make sure that the MPX states are enabled in in XCR0 */
 584        if ((eax & MPX_XSTATES) != MPX_XSTATES) {
 585                fprintf(stderr, "processor lacks MPX XSTATE(s), can not run MPX tests\n");
 586                exit(0);
 587        }
 588
 589        /* Make sure the MPX states are supported by XSAVE* */
 590        if ((xgetbv(0) & MPX_XSTATES) != MPX_XSTATES) {
 591                fprintf(stderr, "MPX XSTATE(s) no enabled in XCR0, "
 592                                "can not run MPX tests\n");
 593                exit(0);
 594        }
 595
 596        print_state_component(XSTATE_BIT_BNDREGS, "BNDREGS");
 597        print_state_component(XSTATE_BIT_BNDCSR,  "BNDCSR");
 598
 599        return true;
 600}
 601
 602void enable_mpx(void *l1base)
 603{
 604        /* enable point lookup */
 605        memset(buffer, 0, sizeof(buffer));
 606        xrstor_state(xsave_buf, 0x18);
 607
 608        xsave_buf->xsave_hdr.xstate_bv = 0x10;
 609        xsave_buf->bndcsr.cfg_reg_u = (unsigned long)l1base | 1;
 610        xsave_buf->bndcsr.status_reg = 0;
 611
 612        dprintf2("bf xrstor\n");
 613        dprintf2("xsave cndcsr: status %jx, configu %jx\n",
 614               xsave_buf->bndcsr.status_reg, xsave_buf->bndcsr.cfg_reg_u);
 615        xrstor_state(xsave_buf, 0x18);
 616        dprintf2("after xrstor\n");
 617
 618        xsave_state_1(xsave_buf, 0x18);
 619
 620        dprintf1("xsave bndcsr: status %jx, configu %jx\n",
 621               xsave_buf->bndcsr.status_reg, xsave_buf->bndcsr.cfg_reg_u);
 622}
 623
 624#include <sys/prctl.h>
 625
 626struct mpx_bounds_dir *bounds_dir_ptr;
 627
 628unsigned long __bd_incore(const char *func, int line)
 629{
 630        unsigned long ret = nr_incore(bounds_dir_ptr, MPX_BOUNDS_DIR_SIZE_BYTES);
 631        return ret;
 632}
 633#define bd_incore() __bd_incore(__func__, __LINE__)
 634
 635void check_clear(void *ptr, unsigned long sz)
 636{
 637        unsigned long *i;
 638
 639        for (i = ptr; (void *)i < ptr + sz; i++) {
 640                if (*i) {
 641                        dprintf1("%p is NOT clear at %p\n", ptr, i);
 642                        assert(0);
 643                }
 644        }
 645        dprintf1("%p is clear for %lx\n", ptr, sz);
 646}
 647
 648void check_clear_bd(void)
 649{
 650        check_clear(bounds_dir_ptr, 2UL << 30);
 651}
 652
 653#define USE_MALLOC_FOR_BOUNDS_DIR 1
 654bool process_specific_init(void)
 655{
 656        unsigned long size;
 657        unsigned long *dir;
 658        /* Guarantee we have the space to align it, add padding: */
 659        unsigned long pad = getpagesize();
 660
 661        size = 2UL << 30; /* 2GB */
 662        if (sizeof(unsigned long) == 4)
 663                size = 4UL << 20; /* 4MB */
 664        dprintf1("trying to allocate %ld MB bounds directory\n", (size >> 20));
 665
 666        if (USE_MALLOC_FOR_BOUNDS_DIR) {
 667                unsigned long _dir;
 668
 669                dir = malloc(size + pad);
 670                assert(dir);
 671                _dir = (unsigned long)dir;
 672                _dir += 0xfffUL;
 673                _dir &= ~0xfffUL;
 674                dir = (void *)_dir;
 675        } else {
 676                /*
 677                 * This makes debugging easier because the address
 678                 * calculations are simpler:
 679                 */
 680                dir = mmap((void *)0x200000000000, size + pad,
 681                                PROT_READ|PROT_WRITE,
 682                                MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
 683                if (dir == (void *)-1) {
 684                        perror("unable to allocate bounds directory");
 685                        abort();
 686                }
 687                check_clear(dir, size);
 688        }
 689        bounds_dir_ptr = (void *)dir;
 690        madvise(bounds_dir_ptr, size, MADV_NOHUGEPAGE);
 691        bd_incore();
 692        dprintf1("bounds directory: 0x%p -> 0x%p\n", bounds_dir_ptr,
 693                        (char *)bounds_dir_ptr + size);
 694        check_clear(dir, size);
 695        enable_mpx(dir);
 696        check_clear(dir, size);
 697        if (prctl(43, 0, 0, 0, 0)) {
 698                printf("no MPX support\n");
 699                abort();
 700                return false;
 701        }
 702        return true;
 703}
 704
 705bool process_specific_finish(void)
 706{
 707        if (prctl(44)) {
 708                printf("no MPX support\n");
 709                return false;
 710        }
 711        return true;
 712}
 713
 714void setup_handler()
 715{
 716        int r, rs;
 717        struct sigaction newact;
 718        struct sigaction oldact;
 719
 720        /* #BR is mapped to sigsegv */
 721        int signum  = SIGSEGV;
 722
 723        newact.sa_handler = 0;   /* void(*)(int)*/
 724        newact.sa_sigaction = handler; /* void (*)(int, siginfo_t*, void *) */
 725
 726        /*sigset_t - signals to block while in the handler */
 727        /* get the old signal mask. */
 728        rs = sigprocmask(SIG_SETMASK, 0, &newact.sa_mask);
 729        assert(rs == 0);
 730
 731        /* call sa_sigaction, not sa_handler*/
 732        newact.sa_flags = SA_SIGINFO;
 733
 734        newact.sa_restorer = 0;  /* void(*)(), obsolete */
 735        r = sigaction(signum, &newact, &oldact);
 736        assert(r == 0);
 737}
 738
 739void mpx_prepare(void)
 740{
 741        dprintf2("%s()\n", __func__);
 742        setup_handler();
 743        process_specific_init();
 744}
 745
 746void mpx_cleanup(void)
 747{
 748        printf("%s(): %jd BRs. bye...\n", __func__, num_bnd_chk);
 749        process_specific_finish();
 750}
 751
 752/*-------------- the following is test case ---------------*/
 753#include <stdint.h>
 754#include <stdbool.h>
 755#include <stdlib.h>
 756#include <stdio.h>
 757#include <time.h>
 758
 759uint64_t num_lower_brs;
 760uint64_t num_upper_brs;
 761
 762#define MPX_CONFIG_OFFSET 1024
 763#define MPX_BOUNDS_OFFSET 960
 764#define MPX_HEADER_OFFSET 512
 765#define MAX_ADDR_TESTED (1<<28)
 766#define TEST_ROUNDS 100
 767
 768/*
 769      0F 1A /r BNDLDX-Load
 770      0F 1B /r BNDSTX-Store Extended Bounds Using Address Translation
 771   66 0F 1A /r BNDMOV bnd1, bnd2/m128
 772   66 0F 1B /r BNDMOV bnd1/m128, bnd2
 773   F2 0F 1A /r BNDCU bnd, r/m64
 774   F2 0F 1B /r BNDCN bnd, r/m64
 775   F3 0F 1A /r BNDCL bnd, r/m64
 776   F3 0F 1B /r BNDMK bnd, m64
 777*/
 778
 779static __always_inline void xsave_state(void *_fx, uint64_t mask)
 780{
 781        uint32_t lmask = mask;
 782        uint32_t hmask = mask >> 32;
 783        unsigned char *fx = _fx;
 784
 785        asm volatile(".byte " REX_PREFIX "0x0f,0xae,0x27\n\t"
 786                     : : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
 787                     :   "memory");
 788}
 789
 790static __always_inline void mpx_clear_bnd0(void)
 791{
 792        long size = 0;
 793        void *ptr = NULL;
 794        /* F3 0F 1B /r BNDMK bnd, m64                   */
 795        /* f3 0f 1b 04 11    bndmk  (%rcx,%rdx,1),%bnd0 */
 796        asm volatile(".byte 0xf3,0x0f,0x1b,0x04,0x11\n\t"
 797                     : : "c" (ptr), "d" (size-1)
 798                     :   "memory");
 799}
 800
 801static __always_inline void mpx_make_bound_helper(unsigned long ptr,
 802                unsigned long size)
 803{
 804        /* F3 0F 1B /r          BNDMK bnd, m64                  */
 805        /* f3 0f 1b 04 11       bndmk  (%rcx,%rdx,1),%bnd0      */
 806        asm volatile(".byte 0xf3,0x0f,0x1b,0x04,0x11\n\t"
 807                     : : "c" (ptr), "d" (size-1)
 808                     :   "memory");
 809}
 810
 811static __always_inline void mpx_check_lowerbound_helper(unsigned long ptr)
 812{
 813        /* F3 0F 1A /r  NDCL bnd, r/m64                 */
 814        /* f3 0f 1a 01  bndcl  (%rcx),%bnd0             */
 815        asm volatile(".byte 0xf3,0x0f,0x1a,0x01\n\t"
 816                     : : "c" (ptr)
 817                     :   "memory");
 818}
 819
 820static __always_inline void mpx_check_upperbound_helper(unsigned long ptr)
 821{
 822        /* F2 0F 1A /r  BNDCU bnd, r/m64        */
 823        /* f2 0f 1a 01  bndcu  (%rcx),%bnd0     */
 824        asm volatile(".byte 0xf2,0x0f,0x1a,0x01\n\t"
 825                     : : "c" (ptr)
 826                     :   "memory");
 827}
 828
 829static __always_inline void mpx_movbndreg_helper()
 830{
 831        /* 66 0F 1B /r  BNDMOV bnd1/m128, bnd2  */
 832        /* 66 0f 1b c2  bndmov %bnd0,%bnd2      */
 833
 834        asm volatile(".byte 0x66,0x0f,0x1b,0xc2\n\t");
 835}
 836
 837static __always_inline void mpx_movbnd2mem_helper(uint8_t *mem)
 838{
 839        /* 66 0F 1B /r  BNDMOV bnd1/m128, bnd2  */
 840        /* 66 0f 1b 01  bndmov %bnd0,(%rcx)     */
 841        asm volatile(".byte 0x66,0x0f,0x1b,0x01\n\t"
 842                     : : "c" (mem)
 843                     :   "memory");
 844}
 845
 846static __always_inline void mpx_movbnd_from_mem_helper(uint8_t *mem)
 847{
 848        /* 66 0F 1A /r  BNDMOV bnd1, bnd2/m128  */
 849        /* 66 0f 1a 01  bndmov (%rcx),%bnd0     */
 850        asm volatile(".byte 0x66,0x0f,0x1a,0x01\n\t"
 851                     : : "c" (mem)
 852                     :   "memory");
 853}
 854
 855static __always_inline void mpx_store_dsc_helper(unsigned long ptr_addr,
 856                unsigned long ptr_val)
 857{
 858        /* 0F 1B /r     BNDSTX-Store Extended Bounds Using Address Translation  */
 859        /* 0f 1b 04 11  bndstx %bnd0,(%rcx,%rdx,1)                              */
 860        asm volatile(".byte 0x0f,0x1b,0x04,0x11\n\t"
 861                     : : "c" (ptr_addr), "d" (ptr_val)
 862                     :   "memory");
 863}
 864
 865static __always_inline void mpx_load_dsc_helper(unsigned long ptr_addr,
 866                unsigned long ptr_val)
 867{
 868        /* 0F 1A /r     BNDLDX-Load                     */
 869        /*/ 0f 1a 04 11 bndldx (%rcx,%rdx,1),%bnd0      */
 870        asm volatile(".byte 0x0f,0x1a,0x04,0x11\n\t"
 871                     : : "c" (ptr_addr), "d" (ptr_val)
 872                     :   "memory");
 873}
 874
 875void __print_context(void *__print_xsave_buffer, int line)
 876{
 877        uint64_t *bounds = (uint64_t *)(__print_xsave_buffer + MPX_BOUNDS_OFFSET);
 878        uint64_t *cfg    = (uint64_t *)(__print_xsave_buffer + MPX_CONFIG_OFFSET);
 879
 880        int i;
 881        eprintf("%s()::%d\n", "print_context", line);
 882        for (i = 0; i < 4; i++) {
 883                eprintf("bound[%d]: 0x%016lx 0x%016lx(0x%016lx)\n", i,
 884                       (unsigned long)bounds[i*2],
 885                       ~(unsigned long)bounds[i*2+1],
 886                        (unsigned long)bounds[i*2+1]);
 887        }
 888
 889        eprintf("cpcfg: %jx  cpstatus: %jx\n", cfg[0], cfg[1]);
 890}
 891#define print_context(x) __print_context(x, __LINE__)
 892#ifdef DEBUG
 893#define dprint_context(x) print_context(x)
 894#else
 895#define dprint_context(x) do{}while(0)
 896#endif
 897
 898void init()
 899{
 900        int i;
 901
 902        srand((unsigned int)time(NULL));
 903
 904        for (i = 0; i < 4; i++) {
 905                shadow_plb[i][0] = 0;
 906                shadow_plb[i][1] = ~(unsigned long)0;
 907        }
 908}
 909
 910long int __mpx_random(int line)
 911{
 912#ifdef NOT_SO_RANDOM
 913        static long fake = 722122311;
 914        fake += 563792075;
 915        return fakse;
 916#else
 917        return random();
 918#endif
 919}
 920#define mpx_random() __mpx_random(__LINE__)
 921
 922uint8_t *get_random_addr()
 923{
 924        uint8_t*addr = (uint8_t *)(unsigned long)(rand() % MAX_ADDR_TESTED);
 925        return (addr - (unsigned long)addr % sizeof(uint8_t *));
 926}
 927
 928static inline bool compare_context(void *__xsave_buffer)
 929{
 930        uint64_t *bounds = (uint64_t *)(__xsave_buffer + MPX_BOUNDS_OFFSET);
 931
 932        int i;
 933        for (i = 0; i < 4; i++) {
 934                dprintf3("shadow[%d]{%016lx/%016lx}\nbounds[%d]{%016lx/%016lx}\n",
 935                       i, (unsigned long)shadow_plb[i][0], (unsigned long)shadow_plb[i][1],
 936                       i, (unsigned long)bounds[i*2],     ~(unsigned long)bounds[i*2+1]);
 937                if ((shadow_plb[i][0] != bounds[i*2]) ||
 938                    (shadow_plb[i][1] != ~(unsigned long)bounds[i*2+1])) {
 939                        eprintf("ERROR comparing shadow to real bound register %d\n", i);
 940                        eprintf("shadow{0x%016lx/0x%016lx}\nbounds{0x%016lx/0x%016lx}\n",
 941                               (unsigned long)shadow_plb[i][0], (unsigned long)shadow_plb[i][1],
 942                               (unsigned long)bounds[i*2], (unsigned long)bounds[i*2+1]);
 943                        return false;
 944                }
 945        }
 946
 947        return true;
 948}
 949
 950void mkbnd_shadow(uint8_t *ptr, int index, long offset)
 951{
 952        uint64_t *lower = (uint64_t *)&(shadow_plb[index][0]);
 953        uint64_t *upper = (uint64_t *)&(shadow_plb[index][1]);
 954        *lower = (unsigned long)ptr;
 955        *upper = (unsigned long)ptr + offset - 1;
 956}
 957
 958void check_lowerbound_shadow(uint8_t *ptr, int index)
 959{
 960        uint64_t *lower = (uint64_t *)&(shadow_plb[index][0]);
 961        if (*lower > (uint64_t)(unsigned long)ptr)
 962                num_lower_brs++;
 963        else
 964                dprintf1("LowerBoundChk passed:%p\n", ptr);
 965}
 966
 967void check_upperbound_shadow(uint8_t *ptr, int index)
 968{
 969        uint64_t upper = *(uint64_t *)&(shadow_plb[index][1]);
 970        if (upper < (uint64_t)(unsigned long)ptr)
 971                num_upper_brs++;
 972        else
 973                dprintf1("UpperBoundChk passed:%p\n", ptr);
 974}
 975
 976__always_inline void movbndreg_shadow(int src, int dest)
 977{
 978        shadow_plb[dest][0] = shadow_plb[src][0];
 979        shadow_plb[dest][1] = shadow_plb[src][1];
 980}
 981
 982__always_inline void movbnd2mem_shadow(int src, unsigned long *dest)
 983{
 984        unsigned long *lower = (unsigned long *)&(shadow_plb[src][0]);
 985        unsigned long *upper = (unsigned long *)&(shadow_plb[src][1]);
 986        *dest = *lower;
 987        *(dest+1) = *upper;
 988}
 989
 990__always_inline void movbnd_from_mem_shadow(unsigned long *src, int dest)
 991{
 992        unsigned long *lower = (unsigned long *)&(shadow_plb[dest][0]);
 993        unsigned long *upper = (unsigned long *)&(shadow_plb[dest][1]);
 994        *lower = *src;
 995        *upper = *(src+1);
 996}
 997
 998__always_inline void stdsc_shadow(int index, uint8_t *ptr, uint8_t *ptr_val)
 999{
1000        shadow_map[0] = (unsigned long)shadow_plb[index][0];

1001        shadow_map[1] = (unsigned long)shadow_plb[index][1];
1002        shadow_map[2] = (unsigned long)ptr_val;
1003        dprintf3("%s(%d, %p, %p) set shadow map[2]: %p\n", __func__,
1004                        index, ptr, ptr_val, ptr_val);
1005        /*ptr ignored */
1006}
1007
1008void lddsc_shadow(int index, uint8_t *ptr, uint8_t *ptr_val)
1009{
1010        uint64_t lower = shadow_map[0];
1011        uint64_t upper = shadow_map[1];
1012        uint8_t *value = (uint8_t *)shadow_map[2];
1013
1014        if (value != ptr_val) {
1015                dprintf2("%s(%d, %p, %p) init shadow bounds[%d] "
1016                         "because %p != %p\n", __func__, index, ptr,
1017                         ptr_val, index, value, ptr_val);
1018                shadow_plb[index][0] = 0;
1019                shadow_plb[index][1] = ~(unsigned long)0;
1020        } else {
1021                shadow_plb[index][0] = lower;
1022                shadow_plb[index][1] = upper;
1023        }
1024        /* ptr ignored */
1025}
1026
1027static __always_inline void mpx_test_helper0(uint8_t *buf, uint8_t *ptr)
1028{
1029        mpx_make_bound_helper((unsigned long)ptr, 0x1800);
1030}
1031
1032static __always_inline void mpx_test_helper0_shadow(uint8_t *buf, uint8_t *ptr)
1033{
1034        mkbnd_shadow(ptr, 0, 0x1800);
1035}
1036
1037static __always_inline void mpx_test_helper1(uint8_t *buf, uint8_t *ptr)
1038{
1039        /* these are hard-coded to check bnd0 */
1040        expected_bnd_index = 0;
1041        mpx_check_lowerbound_helper((unsigned long)(ptr-1));
1042        mpx_check_upperbound_helper((unsigned long)(ptr+0x1800));
1043        /* reset this since we do not expect any more bounds exceptions */
1044        expected_bnd_index = -1;
1045}
1046
1047static __always_inline void mpx_test_helper1_shadow(uint8_t *buf, uint8_t *ptr)
1048{
1049        check_lowerbound_shadow(ptr-1, 0);
1050        check_upperbound_shadow(ptr+0x1800, 0);
1051}
1052
1053static __always_inline void mpx_test_helper2(uint8_t *buf, uint8_t *ptr)
1054{
1055        mpx_make_bound_helper((unsigned long)ptr, 0x1800);
1056        mpx_movbndreg_helper();
1057        mpx_movbnd2mem_helper(buf);
1058        mpx_make_bound_helper((unsigned long)(ptr+0x12), 0x1800);
1059}
1060
1061static __always_inline void mpx_test_helper2_shadow(uint8_t *buf, uint8_t *ptr)
1062{
1063        mkbnd_shadow(ptr, 0, 0x1800);
1064        movbndreg_shadow(0, 2);
1065        movbnd2mem_shadow(0, (unsigned long *)buf);
1066        mkbnd_shadow(ptr+0x12, 0, 0x1800);
1067}
1068
1069static __always_inline void mpx_test_helper3(uint8_t *buf, uint8_t *ptr)
1070{
1071        mpx_movbnd_from_mem_helper(buf);
1072}
1073
1074static __always_inline void mpx_test_helper3_shadow(uint8_t *buf, uint8_t *ptr)
1075{
1076        movbnd_from_mem_shadow((unsigned long *)buf, 0);
1077}
1078
1079static __always_inline void mpx_test_helper4(uint8_t *buf, uint8_t *ptr)
1080{
1081        mpx_store_dsc_helper((unsigned long)buf, (unsigned long)ptr);
1082        mpx_make_bound_helper((unsigned long)(ptr+0x12), 0x1800);
1083}
1084
1085static __always_inline void mpx_test_helper4_shadow(uint8_t *buf, uint8_t *ptr)
1086{
1087        stdsc_shadow(0, buf, ptr);
1088        mkbnd_shadow(ptr+0x12, 0, 0x1800);
1089}
1090
1091static __always_inline void mpx_test_helper5(uint8_t *buf, uint8_t *ptr)
1092{
1093        mpx_load_dsc_helper((unsigned long)buf, (unsigned long)ptr);
1094}
1095
1096static __always_inline void mpx_test_helper5_shadow(uint8_t *buf, uint8_t *ptr)
1097{
1098        lddsc_shadow(0, buf, ptr);
1099}
1100
1101#define NR_MPX_TEST_FUNCTIONS 6
1102
1103/*
1104 * For compatibility reasons, MPX will clear the bounds registers
1105 * when you make function calls (among other things).  We have to
1106 * preserve the registers in between calls to the "helpers" since
1107 * they build on each other.
1108 *
1109 * Be very careful not to make any function calls inside the
1110 * helpers, or anywhere else beween the xrstor and xsave.
1111 */
1112#define run_helper(helper_nr, buf, buf_shadow, ptr)     do {    \
1113        xrstor_state(xsave_test_buf, flags);                    \
1114        mpx_test_helper##helper_nr(buf, ptr);                   \
1115        xsave_state(xsave_test_buf, flags);                     \
1116        mpx_test_helper##helper_nr##_shadow(buf_shadow, ptr);   \
1117} while (0)
1118
1119static void run_helpers(int nr, uint8_t *buf, uint8_t *buf_shadow, uint8_t *ptr)
1120{
1121        uint64_t flags = 0x18;
1122
1123        dprint_context(xsave_test_buf);
1124        switch (nr) {
1125        case 0:
1126                run_helper(0, buf, buf_shadow, ptr);
1127                break;
1128        case 1:
1129                run_helper(1, buf, buf_shadow, ptr);
1130                break;
1131        case 2:
1132                run_helper(2, buf, buf_shadow, ptr);
1133                break;
1134        case 3:
1135                run_helper(3, buf, buf_shadow, ptr);
1136                break;
1137        case 4:
1138                run_helper(4, buf, buf_shadow, ptr);
1139                break;
1140        case 5:
1141                run_helper(5, buf, buf_shadow, ptr);
1142                break;
1143        default:
1144                test_failed();
1145                break;
1146        }
1147        dprint_context(xsave_test_buf);
1148}
1149
1150unsigned long buf_shadow[1024]; /* used to check load / store descriptors */
1151extern long inspect_me(struct mpx_bounds_dir *bounds_dir);
1152
1153long cover_buf_with_bt_entries(void *buf, long buf_len)
1154{
1155        int i;
1156        long nr_to_fill;
1157        int ratio = 1000;
1158        unsigned long buf_len_in_ptrs;
1159
1160        /* Fill about 1/100 of the space with bt entries */
1161        nr_to_fill = buf_len / (sizeof(unsigned long) * ratio);
1162
1163        if (!nr_to_fill)
1164                dprintf3("%s() nr_to_fill: %ld\n", __func__, nr_to_fill);
1165
1166        /* Align the buffer to pointer size */
1167        while (((unsigned long)buf) % sizeof(void *)) {
1168                buf++;
1169                buf_len--;
1170        }
1171        /* We are storing pointers, so make */
1172        buf_len_in_ptrs = buf_len / sizeof(void *);
1173
1174        for (i = 0; i < nr_to_fill; i++) {
1175                long index = (mpx_random() % buf_len_in_ptrs);
1176                void *ptr = buf + index * sizeof(unsigned long);
1177                unsigned long ptr_addr = (unsigned long)ptr;
1178
1179                /* ptr and size can be anything */
1180                mpx_make_bound_helper((unsigned long)ptr, 8);
1181
1182                /*
1183                 * take bnd0 and put it in to bounds tables "buf + index" is an
1184                 * address inside the buffer where we are pretending that we
1185                 * are going to put a pointer We do not, though because we will
1186                 * never load entries from the table, so it doesn't matter.
1187                 */
1188                mpx_store_dsc_helper(ptr_addr, (unsigned long)ptr);
1189                dprintf4("storing bound table entry for %lx (buf start @ %p)\n",
1190                                ptr_addr, buf);
1191        }
1192        return nr_to_fill;
1193}
1194
1195unsigned long align_down(unsigned long alignme, unsigned long align_to)
1196{
1197        return alignme & ~(align_to-1);
1198}
1199
1200unsigned long align_up(unsigned long alignme, unsigned long align_to)
1201{
1202        return (alignme + align_to - 1) & ~(align_to-1);
1203}
1204
1205/*
1206 * Using 1MB alignment guarantees that each no allocation
1207 * will overlap with another's bounds tables.
1208 *
1209 * We have to cook our own allocator here.  malloc() can
1210 * mix other allocation with ours which means that even
1211 * if we free all of our allocations, there might still
1212 * be bounds tables for the *areas* since there is other
1213 * valid memory there.
1214 *
1215 * We also can't use malloc() because a free() of an area
1216 * might not free it back to the kernel.  We want it
1217 * completely unmapped an malloc() does not guarantee
1218 * that.
1219 */
1220#ifdef __i386__
1221long alignment = 4096;
1222long sz_alignment = 4096;
1223#else
1224long alignment = 1 * MB;
1225long sz_alignment = 1 * MB;
1226#endif
1227void *mpx_mini_alloc(unsigned long sz)
1228{
1229        unsigned long long tries = 0;
1230        static void *last;
1231        void *ptr;
1232        void *try_at;
1233
1234        sz = align_up(sz, sz_alignment);
1235
1236        try_at = last + alignment;
1237        while (1) {
1238                ptr = mmap(try_at, sz, PROT_READ|PROT_WRITE,
1239                                MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
1240                if (ptr == (void *)-1)
1241                        return NULL;
1242                if (ptr == try_at)
1243                        break;
1244
1245                munmap(ptr, sz);
1246                try_at += alignment;
1247#ifdef __i386__
1248                /*
1249                 * This isn't quite correct for 32-bit binaries
1250                 * on 64-bit kernels since they can use the
1251                 * entire 32-bit address space, but it's close
1252                 * enough.
1253                 */
1254                if (try_at > (void *)0xC0000000)
1255#else
1256                if (try_at > (void *)0x0000800000000000)
1257#endif
1258                        try_at = (void *)0x0;
1259                if (!(++tries % 10000))
1260                        dprintf1("stuck in %s(), tries: %lld\n", __func__, tries);
1261                continue;
1262        }
1263        last = ptr;
1264        dprintf3("mpx_mini_alloc(0x%lx) returning: %p\n", sz, ptr);
1265        return ptr;
1266}
1267void mpx_mini_free(void *ptr, long sz)
1268{
1269        dprintf2("%s() ptr: %p\n", __func__, ptr);
1270        if ((unsigned long)ptr > 0x100000000000) {
1271                dprintf1("uh oh !!!!!!!!!!!!!!! pointer too high: %p\n", ptr);
1272                test_failed();
1273        }
1274        sz = align_up(sz, sz_alignment);
1275        dprintf3("%s() ptr: %p before munmap\n", __func__, ptr);
1276        munmap(ptr, sz);
1277        dprintf3("%s() ptr: %p DONE\n", __func__, ptr);
1278}
1279
1280#define NR_MALLOCS 100
1281struct one_malloc {
1282        char *ptr;
1283        int nr_filled_btes;
1284        unsigned long size;
1285};
1286struct one_malloc mallocs[NR_MALLOCS];
1287
1288void free_one_malloc(int index)
1289{
1290        unsigned long free_ptr;
1291        unsigned long mask;
1292
1293        if (!mallocs[index].ptr)
1294                return;
1295
1296        mpx_mini_free(mallocs[index].ptr, mallocs[index].size);
1297        dprintf4("freed[%d]:  %p\n", index, mallocs[index].ptr);
1298
1299        free_ptr = (unsigned long)mallocs[index].ptr;
1300        mask = alignment-1;
1301        dprintf4("lowerbits: %lx / %lx mask: %lx\n", free_ptr,
1302                        (free_ptr & mask), mask);
1303        assert((free_ptr & mask) == 0);
1304
1305        mallocs[index].ptr = NULL;
1306}
1307
1308#ifdef __i386__
1309#define MPX_BOUNDS_TABLE_COVERS 4096
1310#else
1311#define MPX_BOUNDS_TABLE_COVERS (1 * MB)
1312#endif
1313void zap_everything(void)
1314{
1315        long after_zap;
1316        long before_zap;
1317        int i;
1318
1319        before_zap = inspect_me(bounds_dir_ptr);
1320        dprintf1("zapping everything start: %ld\n", before_zap);
1321        for (i = 0; i < NR_MALLOCS; i++)
1322                free_one_malloc(i);
1323
1324        after_zap = inspect_me(bounds_dir_ptr);
1325        dprintf1("zapping everything done: %ld\n", after_zap);
1326        /*
1327         * We only guarantee to empty the thing out if our allocations are
1328         * exactly aligned on the boundaries of a boudns table.
1329         */
1330        if ((alignment >= MPX_BOUNDS_TABLE_COVERS) &&
1331            (sz_alignment >= MPX_BOUNDS_TABLE_COVERS)) {
1332                if (after_zap != 0)
1333                        test_failed();
1334
1335                assert(after_zap == 0);
1336        }
1337}
1338
1339void do_one_malloc(void)
1340{
1341        static int malloc_counter;
1342        long sz;
1343        int rand_index = (mpx_random() % NR_MALLOCS);
1344        void *ptr = mallocs[rand_index].ptr;
1345
1346        dprintf3("%s() enter\n", __func__);
1347
1348        if (ptr) {
1349                dprintf3("freeing one malloc at index: %d\n", rand_index);
1350                free_one_malloc(rand_index);
1351                if (mpx_random() % (NR_MALLOCS*3) == 3) {
1352                        int i;
1353                        dprintf3("zapping some more\n");
1354                        for (i = rand_index; i < NR_MALLOCS; i++)
1355                                free_one_malloc(i);
1356                }
1357                if ((mpx_random() % zap_all_every_this_many_mallocs) == 4)
1358                        zap_everything();
1359        }
1360
1361        /* 1->~1M */
1362        sz = (1 + mpx_random() % 1000) * 1000;
1363        ptr = mpx_mini_alloc(sz);
1364        if (!ptr) {
1365                /*
1366                 * If we are failing allocations, just assume we
1367                 * are out of memory and zap everything.
1368                 */
1369                dprintf3("zapping everything because out of memory\n");
1370                zap_everything();
1371                goto out;
1372        }
1373
1374        dprintf3("malloc: %p size: 0x%lx\n", ptr, sz);
1375        mallocs[rand_index].nr_filled_btes = cover_buf_with_bt_entries(ptr, sz);
1376        mallocs[rand_index].ptr = ptr;
1377        mallocs[rand_index].size = sz;
1378out:
1379        if ((++malloc_counter) % inspect_every_this_many_mallocs == 0)
1380                inspect_me(bounds_dir_ptr);
1381}
1382
1383void run_timed_test(void (*test_func)(void))
1384{
1385        int done = 0;
1386        long iteration = 0;
1387        static time_t last_print;
1388        time_t now;
1389        time_t start;
1390
1391        time(&start);
1392        while (!done) {
1393                time(&now);
1394                if ((now - start) > TEST_DURATION_SECS)
1395                        done = 1;
1396
1397                test_func();
1398                iteration++;
1399
1400                if ((now - last_print > 1) || done) {
1401                        printf("iteration %ld complete, OK so far\n", iteration);
1402                        last_print = now;
1403                }
1404        }
1405}
1406
1407void check_bounds_table_frees(void)
1408{
1409        printf("executing unmaptest\n");
1410        inspect_me(bounds_dir_ptr);
1411        run_timed_test(&do_one_malloc);
1412        printf("done with malloc() fun\n");
1413}
1414
1415void insn_test_failed(int test_nr, int test_round, void *buf,
1416                void *buf_shadow, void *ptr)
1417{
1418        print_context(xsave_test_buf);
1419        eprintf("ERROR: test %d round %d failed\n", test_nr, test_round);
1420        while (test_nr == 5) {
1421                struct mpx_bt_entry *bte;
1422                struct mpx_bounds_dir *bd = (void *)bounds_dir_ptr;
1423                struct mpx_bd_entry *bde = mpx_vaddr_to_bd_entry(buf, bd);
1424
1425                printf("  bd: %p\n", bd);
1426                printf("&bde: %p\n", bde);
1427                printf("*bde: %lx\n", *(unsigned long *)bde);
1428                if (!bd_entry_valid(bde))
1429                        break;
1430
1431                bte = mpx_vaddr_to_bt_entry(buf, bd);
1432                printf(" te: %p\n", bte);
1433                printf("bte[0]: %lx\n", bte->contents[0]);
1434                printf("bte[1]: %lx\n", bte->contents[1]);
1435                printf("bte[2]: %lx\n", bte->contents[2]);
1436                printf("bte[3]: %lx\n", bte->contents[3]);
1437                break;
1438        }
1439        test_failed();
1440}
1441
1442void check_mpx_insns_and_tables(void)
1443{
1444        int successes = 0;
1445        int failures  = 0;
1446        int buf_size = (1024*1024);
1447        unsigned long *buf = malloc(buf_size);
1448        const int total_nr_tests = NR_MPX_TEST_FUNCTIONS * TEST_ROUNDS;
1449        int i, j;
1450
1451        memset(buf, 0, buf_size);
1452        memset(buf_shadow, 0, sizeof(buf_shadow));
1453
1454        for (i = 0; i < TEST_ROUNDS; i++) {
1455                uint8_t *ptr = get_random_addr() + 8;
1456
1457                for (j = 0; j < NR_MPX_TEST_FUNCTIONS; j++) {
1458                        if (0 && j != 5) {
1459                                successes++;
1460                                continue;
1461                        }
1462                        dprintf2("starting test %d round %d\n", j, i);
1463                        dprint_context(xsave_test_buf);
1464                        /*
1465                         * test5 loads an address from the bounds tables.
1466                         * The load will only complete if 'ptr' matches
1467                         * the load and the store, so with random addrs,
1468                         * the odds of this are very small.  Make it
1469                         * higher by only moving 'ptr' 1/10 times.
1470                         */
1471                        if (random() % 10 <= 0)
1472                                ptr = get_random_addr() + 8;
1473                        dprintf3("random ptr{%p}\n", ptr);
1474                        dprint_context(xsave_test_buf);
1475                        run_helpers(j, (void *)buf, (void *)buf_shadow, ptr);
1476                        dprint_context(xsave_test_buf);
1477                        if (!compare_context(xsave_test_buf)) {
1478                                insn_test_failed(j, i, buf, buf_shadow, ptr);
1479                                failures++;
1480                                goto exit;
1481                        }
1482                        successes++;
1483                        dprint_context(xsave_test_buf);
1484                        dprintf2("finished test %d round %d\n", j, i);
1485                        dprintf3("\n");
1486                        dprint_context(xsave_test_buf);
1487                }
1488        }
1489
1490exit:
1491        dprintf2("\nabout to free:\n");
1492        free(buf);
1493        dprintf1("successes: %d\n", successes);
1494        dprintf1(" failures: %d\n", failures);
1495        dprintf1("    tests: %d\n", total_nr_tests);
1496        dprintf1(" expected: %jd #BRs\n", num_upper_brs + num_lower_brs);
1497        dprintf1("      saw: %d #BRs\n", br_count);
1498        if (failures) {
1499                eprintf("ERROR: non-zero number of failures\n");
1500                exit(20);
1501        }
1502        if (successes != total_nr_tests) {
1503                eprintf("ERROR: succeeded fewer than number of tries (%d != %d)\n",
1504                                successes, total_nr_tests);
1505                exit(21);
1506        }
1507        if (num_upper_brs + num_lower_brs != br_count) {
1508                eprintf("ERROR: unexpected number of #BRs: %jd %jd %d\n",
1509                                num_upper_brs, num_lower_brs, br_count);
1510                eprintf("successes: %d\n", successes);
1511                eprintf(" failures: %d\n", failures);
1512                eprintf("    tests: %d\n", total_nr_tests);
1513                eprintf(" expected: %jd #BRs\n", num_upper_brs + num_lower_brs);
1514                eprintf("      saw: %d #BRs\n", br_count);
1515                exit(22);
1516        }
1517}
1518
1519/*
1520 * This is supposed to SIGSEGV nicely once the kernel
1521 * can no longer allocate vaddr space.
1522 */
1523void exhaust_vaddr_space(void)
1524{
1525        unsigned long ptr;
1526        /* Try to make sure there is no room for a bounds table anywhere */
1527        unsigned long skip = MPX_BOUNDS_TABLE_SIZE_BYTES - PAGE_SIZE;
1528#ifdef __i386__
1529        unsigned long max_vaddr = 0xf7788000UL;
1530#else
1531        unsigned long max_vaddr = 0x800000000000UL;
1532#endif
1533
1534        dprintf1("%s() start\n", __func__);
1535        /* do not start at 0, we aren't allowed to map there */
1536        for (ptr = PAGE_SIZE; ptr < max_vaddr; ptr += skip) {
1537                void *ptr_ret;
1538                int ret = madvise((void *)ptr, PAGE_SIZE, MADV_NORMAL);
1539
1540                if (!ret) {
1541                        dprintf1("madvise() %lx ret: %d\n", ptr, ret);
1542                        continue;
1543                }
1544                ptr_ret = mmap((void *)ptr, PAGE_SIZE, PROT_READ|PROT_WRITE,
1545                                MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
1546                if (ptr_ret != (void *)ptr) {
1547                        perror("mmap");
1548                        dprintf1("mmap(%lx) ret: %p\n", ptr, ptr_ret);
1549                        break;
1550                }
1551                if (!(ptr & 0xffffff))
1552                        dprintf1("mmap(%lx) ret: %p\n", ptr, ptr_ret);
1553        }
1554        for (ptr = PAGE_SIZE; ptr < max_vaddr; ptr += skip) {
1555                dprintf2("covering 0x%lx with bounds table entries\n", ptr);
1556                cover_buf_with_bt_entries((void *)ptr, PAGE_SIZE);
1557        }
1558        dprintf1("%s() end\n", __func__);
1559        printf("done with vaddr space fun\n");
1560}
1561
1562void mpx_table_test(void)
1563{
1564        printf("starting mpx bounds table test\n");
1565        run_timed_test(check_mpx_insns_and_tables);
1566        printf("done with mpx bounds table test\n");
1567}
1568
1569int main(int argc, char **argv)
1570{
1571        int unmaptest = 0;
1572        int vaddrexhaust = 0;
1573        int tabletest = 0;
1574        int i;
1575
1576        check_mpx_support();
1577        mpx_prepare();
1578        srandom(11179);
1579
1580        bd_incore();
1581        init();
1582        bd_incore();
1583
1584        trace_me();
1585
1586        xsave_state((void *)xsave_test_buf, 0x1f);
1587        if (!compare_context(xsave_test_buf))
1588                printf("Init failed\n");
1589
1590        for (i = 1; i < argc; i++) {
1591                if (!strcmp(argv[i], "unmaptest"))
1592                        unmaptest = 1;
1593                if (!strcmp(argv[i], "vaddrexhaust"))
1594                        vaddrexhaust = 1;
1595                if (!strcmp(argv[i], "tabletest"))
1596                        tabletest = 1;
1597        }
1598        if (!(unmaptest || vaddrexhaust || tabletest)) {
1599                unmaptest = 1;
1600                /* vaddrexhaust = 1; */
1601                tabletest = 1;
1602        }
1603        if (unmaptest)
1604                check_bounds_table_frees();
1605        if (tabletest)
1606                mpx_table_test();
1607        if (vaddrexhaust)
1608                exhaust_vaddr_space();
1609        printf("%s completed successfully\n", argv[0]);
1610        exit(0);
1611}
1612
1613#include "mpx-dig.c"
1614