VirtualBox

Browse Source

Changeset 36862 in vbox for trunk/src/VBox/VMM

Timestamp:

Apr 27, 2011 6:32:31 PM (14 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

71439

Message:

tstX86-1: Testing invalid lock prefix decoding order.

Location:

trunk/src/VBox/VMM/testcase

Files:

: 3 edited

Makefile.kmk (modified) (1 diff)
tstX86-1.cpp (modified) (5 diffs)
tstX86-1A.asm (modified) (12 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/VMM/testcase/Makefile.kmk

r36858	r36862
44	44	tstVMMR0CallHost-1 \
45	45	tstVMMR0CallHost-2
46		ifn1of ($(KBUILD_TARGET).$(KBUILD_TARGET_ARCH), darwin.amd64 ~~linux.amd64~~ solaris.x86 solaris.amd64 win.amd64 ) ## TODO: Fix the code.
	46	ifn1of ($(KBUILD_TARGET).$(KBUILD_TARGET_ARCH), darwin.amd64 solaris.x86 solaris.amd64 win.amd64 ) ## TODO: Fix the code.
47	47	PROGRAMS += tstX86-1
48	48	endif

trunk/src/VBox/VMM/testcase/tstX86-1.cpp

-              r36791
+              r36862
 #include <iprt/test.h>
 #include <iprt/param.h>
+#include <iprt/mem.h>
+#include <iprt/err.h>
+#include <iprt/assert.h>
 #ifdef RT_OS_WINDOWS
 …
 RT_C_DECLS_BEGIN
 uint8_t *g_pbEfPage = NULL;
+uint8_t *g_pbEfExecPage = NULL;
 extern TRAPINFO g_aTrapInfo[];
 RT_C_DECLS_END
 …
 static PCTRAPINFO findTrapInfo(uintptr_t uTrapPC)
+static PCTRAPINFO findTrapInfo(uintptr_t uTrapPC, uintptr_t uTrapSP)
+{
+    /* Search by trap program counter. */
     for (unsigned i = 0; g_aTrapInfo[i].uTrapPC; i++)
         if (g_aTrapInfo[i].uTrapPC == uTrapPC)
+            return &g_aTrapInfo[i];
+    /* Search by return address. */
+    uintptr_t uReturn = *(uintptr_t *)uTrapSP;
+    for (unsigned i = 0; g_aTrapInfo[i].uTrapPC; i++)
+        if (g_aTrapInfo[i].uTrapPC + g_aTrapInfo[i].cbInstr == uReturn)
             return &g_aTrapInfo[i];
 …
+{
     ucontext_t *pCtx = (ucontext_t *)pvSigCtx;
 # if defined(RT_ARCH_AMD64) && defined(RT_OS_DARWIN)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext->__ss.__rip;
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext->__ss.__rip;
+    uintptr_t   uSP     = pCtx->uc_mcontext->__ss.__rsp;
+    uintptr_t   uTrapNo = ~(uintptr_t)0;
+    uintptr_t   uErr    = ~(uintptr_t)0;
 # elif defined(RT_ARCH_AMD64) && defined(RT_OS_FREEBSD)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext.mc_rip;
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext.mc_rip;
+    uintptr_t   uSP     = pCtx->uc_mcontext.mc_rsp;
+    uintptr_t   uTrapNo = ~(uintptr_t)0;
+    uintptr_t   uErr    = ~(uintptr_t)0;
 # elif defined(RT_ARCH_AMD64)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext.gregs[REG_RIP];
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext.gregs[REG_RIP];
+    uintptr_t   uSP     = pCtx->uc_mcontext.gregs[REG_RSP];
+    uintptr_t   uTrapNo = pCtx->uc_mcontext.gregs[REG_TRAPNO];
+    uintptr_t   uErr    = pCtx->uc_mcontext.gregs[REG_ERR];
 # elif defined(RT_ARCH_X86) && defined(RT_OS_DARWIN)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext->__ss.__eip;
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext->__ss.__eip;
+    uintptr_t   uSP     = pCtx->uc_mcontext->__ss.__esp;
+    uintptr_t   uTrapNo = ~(uintptr_t)0;
+    uintptr_t   uErr    = ~(uintptr_t)0;
 # elif defined(RT_ARCH_X86) && defined(RT_OS_FREEBSD)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext.mc_eip;
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext.mc_eip;
+    uintptr_t   uSP     = pCtx->uc_mcontext.mc_esp;
+    uintptr_t   uTrapNo = ~(uintptr_t)0;
+    uintptr_t   uErr    = ~(uintptr_t)0;
 # elif defined(RT_ARCH_X86)
+    uintptr_t  *puPC = (uintptr_t *)&pCtx->uc_mcontext.gregs[REG_EIP];
+    uintptr_t  *puPC    = (uintptr_t *)&pCtx->uc_mcontext.gregs[REG_EIP];
+    uintptr_t   uSP     = pCtx->uc_mcontext.gregs[REG_ESP];
+    uintptr_t   uTrapNo = pCtx->uc_mcontext.gregs[REG_TRAPNO];
+    uintptr_t   uErr    = pCtx->uc_mcontext.gregs[REG_ERR];
 # else
+    uintptr_t  *puPC = NULL;
+    uintptr_t  *puPC    = NULL;
+    uintptr_t   uTrapNo = ~(uintptr_t)0;
+    uintptr_t   uErr    = ~(uintptr_t)0;
 # endif
+    RTAssertMsg2("tstX86-1: Trap #%#04x err=%#06x at %p\n", uTrapNo, uErr, *puPC);
     PCTRAPINFO  pTrapInfo = findTrapInfo(*puPC);
+    PCTRAPINFO  pTrapInfo = findTrapInfo(*puPC, uSP);
     if (pTrapInfo)
+    {
 …
     if (rcExit != RTEXITCODE_SUCCESS)
         return rcExit;
+    RTTestBanner(hTest);
     g_pbEfPage = (uint8_t *)RTTestGuardedAllocTail(hTest, PAGE_SIZE);
     RTTESTI_CHECK(g_pbEfPage != NULL);
+    g_pbEfExecPage = (uint8_t *)RTMemExecAlloc(PAGE_SIZE*2);
+    RTTESTI_CHECK(g_pbEfExecPage != NULL);
+    RTTESTI_CHECK(!((uintptr_t)g_pbEfExecPage & PAGE_OFFSET_MASK));
+    RTTESTI_CHECK_RC(RTMemProtect(g_pbEfExecPage + PAGE_SIZE, PAGE_SIZE, RTMEM_PROT_NONE), VINF_SUCCESS);
 #ifdef USE_SIGNAL
     static int const s_aiSigs[] = { SIGBUS, SIGSEGV, SIGFPE };
+    static int const s_aiSigs[] = { SIGBUS, SIGSEGV, SIGFPE, SIGILL };
     for (unsigned i = 0; i < RT_ELEMENTS(s_aiSigs); i++)
+    {

trunk/src/VBox/VMM/testcase/tstX86-1A.asm

-              r36838
+              r36862
 BEGINDATA
 extern NAME(g_pbEfPage)
+extern NAME(g_pbEfExecPage)
 g_szAlpha:
 …
 ;   Defined Constants And Macros                                              ;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+%define X86_XCPT_UD 6
 %define X86_XCPT_GP 13
 %define X86_XCPT_PF 14
+;; Reference a global variable
+%ifdef RT_ARCH_AMD64
+ %define REF_GLOBAL(a_Name)     [NAME(a_Name) wrt rip]
+%else
+ %define REF_GLOBAL(a_Name)     [NAME(a_Name)]
+%endif
 ;;
 …
 ; @param        2+      The instruction which should trap.
 %macro ShouldTrap 2+
 ..trap:
+%%trap:
         %2
 ..trap_end:
+%%trap_end:
         mov     eax, __LINE__
         jmp     .failed
 BEGINDATA
 ..trapinfo: istruc TRAPINFO
         at TRAPINFO.uTrapPC,    RTCCPTR_DEF     ..trap
         at TRAPINFO.uResumePC,  RTCCPTR_DEF     ..resume
+%%trapinfo: istruc TRAPINFO
+        at TRAPINFO.uTrapPC,    RTCCPTR_DEF     %%trap
+        at TRAPINFO.uResumePC,  RTCCPTR_DEF     %%resume
         at TRAPINFO.u8TrapNo,   db              %1
         at TRAPINFO.cbInstr,    db              (..trap_end - ..trap)
+        at TRAPINFO.cbInstr,    db              (%%trap_end - %%trap)
 iend
 BEGINCODE
 ..resume:
+%%resume:
 %endmacro
 …
         ; Loading is always a word access.
         mov     eax, __LINE__
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         lea     xDI, [xDI + 0x1000 - 2]
         mov     xDX, es
 …
         ; Saving is always a word access.
         mov     eax, __LINE__
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         mov     dword [xDI + 0x1000 - 4], -1
         mov     [xDI + 0x1000 - 2], ss ; Should not crash.
 …
         call    x861_ClearRegisters
         mov     eax, __LINE__
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         mov     dword [xDI + 0x1000 - 4], -1
         db 04ah
 …
         mov     dx, ds
         mov     es, dx
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         xor     eax, eax
         mov     ecx, 01000h
         rep stosb
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         mov     ecx, 4
         mov     eax, 0ffh
 …
         jne     .failed
         mov     eax, __LINE__
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         cmp     dword [xDI], 0ffffffffh
         jne     .failed
 …
         jne     .failed
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         mov     ecx, 4
         mov     eax, 0feh
 …
         jne     .failed
         mov     eax, __LINE__
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         cmp     dword [xDI], 0fefefefeh
         jne     .failed
 …
         mov     dx, ds
         mov     es, dx
         mov     xDI, [NAME(g_pbEfPage)]
+        mov     xDI, REF_GLOBAL(g_pbEfPage)
         xor     xCX, xCX
         rep stosb                       ; no trap
 …
         jz      .failed
+        ;
+        ; Will the CPU decode the whole r/m+sib stuff before signalling a lock
+        ; prefix error?  Use the EF exec page and a LOCK ADD CL,[rDI + disp32]
+        ; instruction at the very end of it.
+        ;
+        mov     eax, __LINE__
+        mov     xDI, REF_GLOBAL(g_pbEfExecPage)
+        add     xDI, 1000h - 4h
+        mov     byte [xDI+0], 0f0h
+        mov     byte [xDI+1], 002h
+        mov     byte [xDI+2], 08Fh
+        mov     byte [xDI+3], 000h
+        ShouldTrap X86_XCPT_PF, call xDI
+        mov     eax, __LINE__
+        mov     xDI, REF_GLOBAL(g_pbEfExecPage)
+        add     xDI, 1000h - 7h
+        mov     byte [xDI+0], 0f0h
+        mov     byte [xDI+1], 002h
+        mov     byte [xDI+2], 08Fh
+        mov     dword [xDI+3], 000000000h
+        ShouldTrap X86_XCPT_UD, call xDI

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette