1 #include <asm/debugreg.h> 2 3 #include "ioram.h" 4 #include "vm.h" 5 #include "libcflat.h" 6 #include "desc.h" 7 #include "types.h" 8 #include "processor.h" 9 #include "vmalloc.h" 10 #include "alloc_page.h" 11 #include "usermode.h" 12 13 #define TESTDEV_IO_PORT 0xe0 14 15 static int exceptions; 16 17 #ifdef __x86_64__ 18 #include "emulator64.c" 19 #endif 20 21 static char st1[] = "abcdefghijklmnop"; 22 23 static void test_stringio(void) 24 { 25 unsigned char r = 0; 26 asm volatile("cld \n\t" 27 "movw %0, %%dx \n\t" 28 "rep outsb \n\t" 29 : : "i"((short)TESTDEV_IO_PORT), 30 "S"(st1), "c"(sizeof(st1) - 1)); 31 asm volatile("inb %1, %0\n\t" : "=a"(r) : "i"((short)TESTDEV_IO_PORT)); 32 report(r == st1[sizeof(st1) - 2], "outsb up"); /* last char */ 33 34 asm volatile("std \n\t" 35 "movw %0, %%dx \n\t" 36 "rep outsb \n\t" 37 : : "i"((short)TESTDEV_IO_PORT), 38 "S"(st1 + sizeof(st1) - 2), "c"(sizeof(st1) - 1)); 39 asm volatile("cld \n\t" : : ); 40 asm volatile("in %1, %0\n\t" : "=a"(r) : "i"((short)TESTDEV_IO_PORT)); 41 report(r == st1[0], "outsb down"); 42 } 43 44 static void test_cmps_one(unsigned char *m1, unsigned char *m3) 45 { 46 void *rsi, *rdi; 47 long rcx, tmp; 48 49 rsi = m1; rdi = m3; rcx = 30; 50 asm volatile("xor %[tmp], %[tmp] \n\t" 51 "repe cmpsb" 52 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 53 : : "cc"); 54 report(rcx == 0 && rsi == m1 + 30 && rdi == m3 + 30, "repe/cmpsb (1)"); 55 56 rsi = m1; rdi = m3; rcx = 30; 57 asm volatile("or $1, %[tmp]\n\t" // clear ZF 58 "repe cmpsb" 59 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 60 : : "cc"); 61 report(rcx == 0 && rsi == m1 + 30 && rdi == m3 + 30, 62 "repe cmpsb (1.zf)"); 63 64 rsi = m1; rdi = m3; rcx = 15; 65 asm volatile("xor %[tmp], %[tmp] \n\t" 66 "repe cmpsw" 67 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 68 : : "cc"); 69 report(rcx == 0 && rsi == m1 + 30 && rdi == m3 + 30, "repe cmpsw (1)"); 70 71 rsi = m1; rdi = m3; rcx = 7; 72 asm volatile("xor %[tmp], %[tmp] \n\t" 73 "repe cmpsl" 74 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 75 : : "cc"); 76 report(rcx == 0 && rsi == m1 + 28 && rdi == m3 + 28, "repe cmpll (1)"); 77 78 #ifdef __x86_64__ 79 rsi = m1; rdi = m3; rcx = 4; 80 asm volatile("xor %[tmp], %[tmp] \n\t" 81 "repe cmpsq" 82 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 83 : : "cc"); 84 report(rcx == 0 && rsi == m1 + 32 && rdi == m3 + 32, "repe cmpsq (1)"); 85 #endif 86 87 rsi = m1; rdi = m3; rcx = 130; 88 asm volatile("xor %[tmp], %[tmp] \n\t" 89 "repe cmpsb" 90 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 91 : : "cc"); 92 report(rcx == 29 && rsi == m1 + 101 && rdi == m3 + 101, 93 "repe cmpsb (2)"); 94 95 rsi = m1; rdi = m3; rcx = 65; 96 asm volatile("xor %[tmp], %[tmp] \n\t" 97 "repe cmpsw" 98 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 99 : : "cc"); 100 report(rcx == 14 && rsi == m1 + 102 && rdi == m3 + 102, 101 "repe cmpsw (2)"); 102 103 rsi = m1; rdi = m3; rcx = 32; 104 asm volatile("xor %[tmp], %[tmp] \n\t" 105 "repe cmpsl" 106 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 107 : : "cc"); 108 report(rcx == 6 && rsi == m1 + 104 && rdi == m3 + 104, 109 "repe cmpll (2)"); 110 111 #ifdef __x86_64__ 112 rsi = m1; rdi = m3; rcx = 16; 113 asm volatile("xor %[tmp], %[tmp] \n\t" 114 "repe cmpsq" 115 : "+S"(rsi), "+D"(rdi), "+c"(rcx), [tmp]"=&r"(tmp) 116 : : "cc"); 117 report(rcx == 3 && rsi == m1 + 104 && rdi == m3 + 104, 118 "repe cmpsq (2)"); 119 #endif 120 } 121 122 static void test_cmps(void *mem) 123 { 124 unsigned char *m1 = mem, *m2 = mem + 1024; 125 unsigned char m3[1024]; 126 127 for (int i = 0; i < 100; ++i) 128 m1[i] = m2[i] = m3[i] = i; 129 for (int i = 100; i < 200; ++i) 130 m1[i] = (m3[i] = m2[i] = i) + 1; 131 test_cmps_one(m1, m3); 132 test_cmps_one(m1, m2); 133 } 134 135 static void test_scas(void *mem) 136 { 137 bool z; 138 void *di; 139 140 *(uint64_t *)mem = 0x77665544332211; 141 142 di = mem; 143 asm ("scasb; setz %0" : "=rm"(z), "+D"(di) : "a"(0xff11)); 144 report(di == mem + 1 && z, "scasb match"); 145 146 di = mem; 147 asm ("scasb; setz %0" : "=rm"(z), "+D"(di) : "a"(0xff54)); 148 report(di == mem + 1 && !z, "scasb mismatch"); 149 150 di = mem; 151 asm ("scasw; setz %0" : "=rm"(z), "+D"(di) : "a"(0xff2211)); 152 report(di == mem + 2 && z, "scasw match"); 153 154 di = mem; 155 asm ("scasw; setz %0" : "=rm"(z), "+D"(di) : "a"(0xffdd11)); 156 report(di == mem + 2 && !z, "scasw mismatch"); 157 158 di = mem; 159 asm ("scasl; setz %0" : "=rm"(z), "+D"(di) : "a"((ulong)0xff44332211ul)); 160 report(di == mem + 4 && z, "scasd match"); 161 162 di = mem; 163 asm ("scasl; setz %0" : "=rm"(z), "+D"(di) : "a"(0x45332211)); 164 report(di == mem + 4 && !z, "scasd mismatch"); 165 166 #ifdef __x86_64__ 167 di = mem; 168 asm ("scasq; setz %0" : "=rm"(z), "+D"(di) : "a"(0x77665544332211ul)); 169 report(di == mem + 8 && z, "scasq match"); 170 171 di = mem; 172 asm ("scasq; setz %0" : "=rm"(z), "+D"(di) : "a"(3)); 173 report(di == mem + 8 && !z, "scasq mismatch"); 174 #endif 175 } 176 177 static void test_incdecnotneg(void *mem) 178 { 179 unsigned long *m = mem, v = 1234; 180 unsigned char *mb = mem, vb = 66; 181 182 *m = 0; 183 184 asm volatile ("incl %0":"+m"(*m)); 185 report(*m == 1, "incl"); 186 asm volatile ("decl %0":"+m"(*m)); 187 report(*m == 0, "decl"); 188 asm volatile ("incb %0":"+m"(*m)); 189 report(*m == 1, "incb"); 190 asm volatile ("decb %0":"+m"(*m)); 191 report(*m == 0, "decb"); 192 193 asm volatile ("lock incl %0":"+m"(*m)); 194 report(*m == 1, "lock incl"); 195 asm volatile ("lock decl %0":"+m"(*m)); 196 report(*m == 0, "lock decl"); 197 asm volatile ("lock incb %0":"+m"(*m)); 198 report(*m == 1, "lock incb"); 199 asm volatile ("lock decb %0":"+m"(*m)); 200 report(*m == 0, "lock decb"); 201 202 *m = v; 203 204 #ifdef __x86_64__ 205 asm ("lock negq %0" : "+m"(*m)); v = -v; 206 report(*m == v, "lock negl"); 207 asm ("lock notq %0" : "+m"(*m)); v = ~v; 208 report(*m == v, "lock notl"); 209 #endif 210 211 *mb = vb; 212 213 asm ("lock negb %0" : "+m"(*mb)); vb = -vb; 214 report(*mb == vb, "lock negb"); 215 asm ("lock notb %0" : "+m"(*mb)); vb = ~vb; 216 report(*mb == vb, "lock notb"); 217 } 218 219 static void test_smsw(unsigned long *h_mem) 220 { 221 char mem[16]; 222 unsigned short msw, msw_orig, *pmsw; 223 int i, zero; 224 225 msw_orig = read_cr0(); 226 227 asm("smsw %0" : "=r"(msw)); 228 report(msw == msw_orig, "smsw (1)"); 229 230 memset(mem, 0, 16); 231 pmsw = (void *)mem; 232 asm("smsw %0" : "=m"(pmsw[4])); 233 zero = 1; 234 for (i = 0; i < 8; ++i) 235 if (i != 4 && pmsw[i]) 236 zero = 0; 237 report(msw == pmsw[4] && zero, "smsw (2)"); 238 239 /* Trigger exit on smsw */ 240 *h_mem = -1ul; 241 asm volatile("smsw %0" : "+m"(*h_mem)); 242 report(msw == (unsigned short)*h_mem && 243 (*h_mem & ~0xfffful) == (-1ul & ~0xfffful), "smsw (3)"); 244 } 245 246 static void test_lmsw(void) 247 { 248 char mem[16]; 249 unsigned short msw, *pmsw; 250 unsigned long cr0; 251 252 cr0 = read_cr0(); 253 254 msw = cr0 ^ 8; 255 asm("lmsw %0" : : "r"(msw)); 256 printf("before %lx after %lx\n", cr0, read_cr0()); 257 report((cr0 ^ read_cr0()) == 8, "lmsw (1)"); 258 259 pmsw = (void *)mem; 260 *pmsw = cr0; 261 asm("lmsw %0" : : "m"(*pmsw)); 262 printf("before %lx after %lx\n", cr0, read_cr0()); 263 report(cr0 == read_cr0(), "lmsw (2)"); 264 265 /* lmsw can't clear cr0.pe */ 266 msw = (cr0 & ~1ul) ^ 4; /* change EM to force trap */ 267 asm("lmsw %0" : : "r"(msw)); 268 report((cr0 ^ read_cr0()) == 4 && (cr0 & 1), "lmsw (3)"); 269 270 /* back to normal */ 271 msw = cr0; 272 asm("lmsw %0" : : "r"(msw)); 273 } 274 275 static void test_btc(void *mem) 276 { 277 unsigned int *a = mem; 278 279 memset(mem, 0, 4 * sizeof(unsigned int)); 280 281 asm ("btcl $32, %0" :: "m"(a[0]) : "memory"); 282 asm ("btcl $1, %0" :: "m"(a[1]) : "memory"); 283 asm ("btcl %1, %0" :: "m"(a[0]), "r"(66) : "memory"); 284 report(a[0] == 1 && a[1] == 2 && a[2] == 4, "btcl imm8, r/m"); 285 286 asm ("btcl %1, %0" :: "m"(a[3]), "r"(-1) : "memory"); 287 report(a[0] == 1 && a[1] == 2 && a[2] == 0x80000004, "btcl reg, r/m"); 288 289 #ifdef __x86_64__ 290 asm ("btcq %1, %0" : : "m"(a[2]), "r"(-1l) : "memory"); 291 report(a[0] == 1 && a[1] == 0x80000002 && a[2] == 0x80000004 && a[3] == 0, 292 "btcq reg, r/m"); 293 #endif 294 } 295 296 static void test_bsfbsr(void *mem) 297 { 298 unsigned eax, *meml = mem; 299 unsigned short ax, *memw = mem; 300 #ifdef __x86_64__ 301 unsigned long rax, *memq = mem; 302 unsigned char z; 303 #endif 304 305 *memw = 0xc000; 306 asm("bsfw %[mem], %[a]" : [a]"=a"(ax) : [mem]"m"(*memw)); 307 report(ax == 14, "bsfw r/m, reg"); 308 309 *meml = 0xc0000000; 310 asm("bsfl %[mem], %[a]" : [a]"=a"(eax) : [mem]"m"(*meml)); 311 report(eax == 30, "bsfl r/m, reg"); 312 313 #ifdef __x86_64__ 314 *memq = 0xc00000000000; 315 asm("bsfq %[mem], %[a]" : [a]"=a"(rax) : [mem]"m"(*memq)); 316 report(rax == 46, "bsfq r/m, reg"); 317 318 *memq = 0; 319 asm("bsfq %[mem], %[a]; setz %[z]" 320 : [a]"=a"(rax), [z]"=rm"(z) : [mem]"m"(*memq)); 321 report(z == 1, "bsfq r/m, reg"); 322 #endif 323 324 *memw = 0xc000; 325 asm("bsrw %[mem], %[a]" : [a]"=a"(ax) : [mem]"m"(*memw)); 326 report(ax == 15, "bsrw r/m, reg"); 327 328 *meml = 0xc0000000; 329 asm("bsrl %[mem], %[a]" : [a]"=a"(eax) : [mem]"m"(*meml)); 330 report(eax == 31, "bsrl r/m, reg"); 331 332 #ifdef __x86_64__ 333 *memq = 0xc00000000000; 334 asm("bsrq %[mem], %[a]" : [a]"=a"(rax) : [mem]"m"(*memq)); 335 report(rax == 47, "bsrq r/m, reg"); 336 337 *memq = 0; 338 asm("bsrq %[mem], %[a]; setz %[z]" 339 : [a]"=a"(rax), [z]"=rm"(z) : [mem]"m"(*memq)); 340 report(z == 1, "bsrq r/m, reg"); 341 #endif 342 } 343 344 static void test_imul(uint64_t *mem) 345 { 346 ulong a; 347 348 *mem = 51; a = 0x1234567812345678ULL & -1ul;; 349 asm ("imulw %1, %%ax" : "+a"(a) : "m"(*mem)); 350 report(a == (0x12345678123439e8ULL & -1ul), "imul ax, mem"); 351 352 *mem = 51; a = 0x1234567812345678ULL & -1ul;; 353 asm ("imull %1, %%eax" : "+a"(a) : "m"(*mem)); 354 report(a == 0xa06d39e8, "imul eax, mem"); 355 356 *mem = 0x1234567812345678ULL; a = 0x8765432187654321ULL & -1ul; 357 asm ("imulw $51, %1, %%ax" : "+a"(a) : "m"(*mem)); 358 report(a == (0x87654321876539e8ULL & -1ul), "imul ax, mem, imm8"); 359 360 *mem = 0x1234567812345678ULL; 361 asm ("imull $51, %1, %%eax" : "+a"(a) : "m"(*mem)); 362 report(a == 0xa06d39e8, "imul eax, mem, imm8"); 363 364 *mem = 0x1234567812345678ULL; a = 0x8765432187654321ULL & -1ul; 365 asm ("imulw $311, %1, %%ax" : "+a"(a) : "m"(*mem)); 366 report(a == (0x8765432187650bc8ULL & -1ul), "imul ax, mem, imm"); 367 368 *mem = 0x1234567812345678ULL; 369 asm ("imull $311, %1, %%eax" : "+a"(a) : "m"(*mem)); 370 report(a == 0x1d950bc8, "imul eax, mem, imm"); 371 372 #ifdef __x86_64__ 373 *mem = 51; a = 0x1234567812345678UL; 374 asm ("imulq %1, %%rax" : "+a"(a) : "m"(*mem)); 375 report(a == 0xA06D39EBA06D39E8UL, "imul rax, mem"); 376 377 *mem = 0x1234567812345678UL; 378 asm ("imulq $51, %1, %%rax" : "+a"(a) : "m"(*mem)); 379 report(a == 0xA06D39EBA06D39E8UL, "imul rax, mem, imm8"); 380 381 *mem = 0x1234567812345678UL; 382 asm ("imulq $311, %1, %%rax" : "+a"(a) : "m"(*mem)); 383 report(a == 0x1D950BDE1D950BC8L, "imul rax, mem, imm"); 384 #endif 385 } 386 typedef unsigned __attribute__((vector_size(16))) sse128; 387 388 static bool sseeq(uint32_t *v1, uint32_t *v2) 389 { 390 bool ok = true; 391 int i; 392 393 for (i = 0; i < 4; ++i) { 394 ok &= v1[i] == v2[i]; 395 } 396 397 return ok; 398 } 399 400 static __attribute__((target("sse2"))) void test_sse(uint32_t *mem) 401 { 402 sse128 vv; 403 uint32_t *v = (uint32_t *)&vv; 404 405 write_cr0(read_cr0() & ~6); /* EM, TS */ 406 write_cr4(read_cr4() | 0x200); /* OSFXSR */ 407 memset(&vv, 0, sizeof(vv)); 408 409 #define TEST_RW_SSE(insn) do { \ 410 v[0] = 1; v[1] = 2; v[2] = 3; v[3] = 4; \ 411 asm(insn " %1, %0" : "=m"(*mem) : "x"(vv) : "memory"); \ 412 report(sseeq(v, mem), insn " (read)"); \ 413 mem[0] = 5; mem[1] = 6; mem[2] = 7; mem[3] = 8; \ 414 asm(insn " %1, %0" : "=x"(vv) : "m"(*mem) : "memory"); \ 415 report(sseeq(v, mem), insn " (write)"); \ 416 } while (0) 417 418 TEST_RW_SSE("movdqu"); 419 TEST_RW_SSE("movaps"); 420 TEST_RW_SSE("movapd"); 421 TEST_RW_SSE("movups"); 422 TEST_RW_SSE("movupd"); 423 #undef TEST_RW_SSE 424 } 425 426 static void unaligned_movaps_handler(struct ex_regs *regs) 427 { 428 extern char unaligned_movaps_cont; 429 430 ++exceptions; 431 regs->rip = (ulong)&unaligned_movaps_cont; 432 } 433 434 static void cross_movups_handler(struct ex_regs *regs) 435 { 436 extern char cross_movups_cont; 437 438 ++exceptions; 439 regs->rip = (ulong)&cross_movups_cont; 440 } 441 442 static __attribute__((target("sse2"))) void test_sse_exceptions(void *cross_mem) 443 { 444 sse128 vv; 445 uint32_t *v = (uint32_t *)&vv; 446 uint32_t *mem; 447 uint8_t *bytes = cross_mem; // aligned on PAGE_SIZE*2 448 void *page2 = (void *)(&bytes[4096]); 449 struct pte_search search; 450 pteval_t orig_pte; 451 handler old; 452 453 // setup memory for unaligned access 454 mem = (uint32_t *)(&bytes[8]); 455 456 // test unaligned access for movups, movupd and movaps 457 v[0] = 1; v[1] = 2; v[2] = 3; v[3] = 4; 458 mem[0] = 5; mem[1] = 6; mem[2] = 8; mem[3] = 9; 459 asm("movups %1, %0" : "=m"(*mem) : "x"(vv) : "memory"); 460 report(sseeq(v, mem), "movups unaligned"); 461 462 v[0] = 1; v[1] = 2; v[2] = 3; v[3] = 4; 463 mem[0] = 5; mem[1] = 6; mem[2] = 7; mem[3] = 8; 464 asm("movupd %1, %0" : "=m"(*mem) : "x"(vv) : "memory"); 465 report(sseeq(v, mem), "movupd unaligned"); 466 exceptions = 0; 467 old = handle_exception(GP_VECTOR, unaligned_movaps_handler); 468 asm("movaps %1, %0\n\t unaligned_movaps_cont:" 469 : "=m"(*mem) : "x"(vv)); 470 handle_exception(GP_VECTOR, old); 471 report(exceptions == 1, "unaligned movaps exception"); 472 473 // setup memory for cross page access 474 mem = (uint32_t *)(&bytes[4096-8]); 475 v[0] = 1; v[1] = 2; v[2] = 3; v[3] = 4; 476 mem[0] = 5; mem[1] = 6; mem[2] = 7; mem[3] = 8; 477 478 asm("movups %1, %0" : "=m"(*mem) : "x"(vv) : "memory"); 479 report(sseeq(v, mem), "movups unaligned crosspage"); 480 481 // invalidate second page 482 search = find_pte_level(current_page_table(), page2, 1); 483 orig_pte = *search.pte; 484 install_pte(current_page_table(), 1, page2, 0, NULL); 485 invlpg(page2); 486 487 exceptions = 0; 488 old = handle_exception(PF_VECTOR, cross_movups_handler); 489 asm("movups %1, %0\n\t cross_movups_cont:" : "=m"(*mem) : "x"(vv) : 490 "memory"); 491 handle_exception(PF_VECTOR, old); 492 report(exceptions == 1, "movups crosspage exception"); 493 494 // restore invalidated page 495 install_pte(current_page_table(), 1, page2, orig_pte, NULL); 496 } 497 498 static void test_shld_shrd(u32 *mem) 499 { 500 *mem = 0x12345678; 501 asm("shld %2, %1, %0" : "+m"(*mem) : "r"(0xaaaaaaaaU), "c"((u8)3)); 502 report(*mem == ((0x12345678 << 3) | 5), "shld (cl)"); 503 *mem = 0x12345678; 504 asm("shrd %2, %1, %0" : "+m"(*mem) : "r"(0x55555555U), "c"((u8)3)); 505 report(*mem == ((0x12345678 >> 3) | (5u << 29)), "shrd (cl)"); 506 } 507 508 static void test_smsw_reg(uint64_t *mem) 509 { 510 unsigned long cr0 = read_cr0(); 511 unsigned long rax; 512 const unsigned long in_rax = 0x1234567890abcdefull & -1ul; 513 514 asm(KVM_FEP "smsww %w0\n\t" : "=a" (rax) : "0" (in_rax)); 515 report((u16)rax == (u16)cr0 && rax >> 16 == in_rax >> 16, 516 "16-bit smsw reg"); 517 518 asm(KVM_FEP "smswl %k0\n\t" : "=a" (rax) : "0" (in_rax)); 519 report(rax == (u32)cr0, "32-bit smsw reg"); 520 521 #ifdef __x86_64__ 522 asm(KVM_FEP "smswq %q0\n\t" : "=a" (rax) : "0" (in_rax)); 523 report(rax == cr0, "64-bit smsw reg"); 524 #endif 525 } 526 527 static void test_nop(uint64_t *mem) 528 { 529 unsigned long rax; 530 const unsigned long in_rax = 0x12345678ul; 531 asm(KVM_FEP "nop\n\t" : "=a" (rax) : "0" (in_rax)); 532 report(rax == in_rax, "nop"); 533 } 534 535 static void test_mov_dr(uint64_t *mem) 536 { 537 unsigned long rax; 538 539 asm(KVM_FEP "mov %0, %%dr6\n\t" 540 KVM_FEP "mov %%dr6, %0\n\t" : "=a" (rax) : "a" (0)); 541 542 if (this_cpu_has(X86_FEATURE_RTM)) 543 report(rax == (DR6_ACTIVE_LOW & ~DR6_RTM), "mov_dr6"); 544 else 545 report(rax == DR6_ACTIVE_LOW, "mov_dr6"); 546 } 547 548 static void test_illegal_lea(void) 549 { 550 unsigned int vector; 551 552 asm volatile (ASM_TRY_FEP("1f") 553 ".byte 0x8d; .byte 0xc0\n\t" 554 "1:" 555 : : : "memory", "eax"); 556 557 vector = exception_vector(); 558 report(vector == UD_VECTOR, 559 "Wanted #UD on LEA with /reg, got vector = %u", vector); 560 } 561 562 static void test_crosspage_mmio(volatile uint8_t *mem) 563 { 564 volatile uint16_t w, *pw; 565 566 pw = (volatile uint16_t *)&mem[4095]; 567 mem[4095] = 0x99; 568 mem[4096] = 0x77; 569 asm volatile("mov %1, %0" : "=r"(w) : "m"(*pw) : "memory"); 570 report(w == 0x7799, "cross-page mmio read"); 571 asm volatile("mov %1, %0" : "=m"(*pw) : "r"((uint16_t)0x88aa)); 572 report(mem[4095] == 0xaa && mem[4096] == 0x88, "cross-page mmio write"); 573 } 574 575 static void test_string_io_mmio(volatile uint8_t *mem) 576 { 577 /* Cross MMIO pages.*/ 578 volatile uint8_t *mmio = mem + 4032; 579 580 asm volatile("outw %%ax, %%dx \n\t" : : "a"(0x9999), "d"(TESTDEV_IO_PORT)); 581 582 asm volatile ("cld; rep insb" : : "d" (TESTDEV_IO_PORT), "D" (mmio), "c" (1024)); 583 584 report(mmio[1023] == 0x99, "string_io_mmio"); 585 } 586 587 /* kvm doesn't allow lidt/lgdt from mmio, so the test is disabled */ 588 #if 0 589 static void test_lgdt_lidt(volatile uint8_t *mem) 590 { 591 struct descriptor_table_ptr orig, fresh = {}; 592 593 sgdt(&orig); 594 *(struct descriptor_table_ptr *)mem = (struct descriptor_table_ptr) { 595 .limit = 0xf234, 596 .base = 0x12345678abcd, 597 }; 598 cli(); 599 asm volatile("lgdt %0" : : "m"(*(struct descriptor_table_ptr *)mem)); 600 sgdt(&fresh); 601 lgdt(&orig); 602 sti(); 603 report(orig.limit == fresh.limit && orig.base == fresh.base, 604 "lgdt (long address)"); 605 606 sidt(&orig); 607 *(struct descriptor_table_ptr *)mem = (struct descriptor_table_ptr) { 608 .limit = 0x432f, 609 .base = 0xdbca87654321, 610 }; 611 cli(); 612 asm volatile("lidt %0" : : "m"(*(struct descriptor_table_ptr *)mem)); 613 sidt(&fresh); 614 lidt(&orig); 615 sti(); 616 report(orig.limit == fresh.limit && orig.base == fresh.base, 617 "lidt (long address)"); 618 } 619 #endif 620 621 /* Broken emulation causes triple fault, which skips the other tests. */ 622 #if 0 623 static void test_lldt(volatile uint16_t *mem) 624 { 625 u64 gdt[] = { 0, /* null descriptor */ 626 #ifdef __X86_64__ 627 0, /* ldt descriptor is 16 bytes in long mode */ 628 #endif 629 0x0000f82000000ffffull /* ldt descriptor */ }; 630 struct descriptor_table_ptr gdt_ptr = { .limit = sizeof(gdt) - 1, 631 .base = (ulong)&gdt }; 632 struct descriptor_table_ptr orig_gdt; 633 634 cli(); 635 sgdt(&orig_gdt); 636 lgdt(&gdt_ptr); 637 *mem = 0x8; 638 asm volatile("lldt %0" : : "m"(*mem)); 639 lgdt(&orig_gdt); 640 sti(); 641 report(sldt() == *mem, "lldt"); 642 } 643 #endif 644 645 static void test_ltr(volatile uint16_t *mem) 646 { 647 struct descriptor_table_ptr gdt_ptr; 648 uint64_t *gdt, *trp; 649 uint16_t tr = str(); 650 uint64_t busy_mask = (uint64_t)1 << 41; 651 652 sgdt(&gdt_ptr); 653 gdt = (uint64_t *)gdt_ptr.base; 654 trp = &gdt[tr >> 3]; 655 *trp &= ~busy_mask; 656 *mem = tr; 657 asm volatile("ltr %0" : : "m"(*mem) : "memory"); 658 report(str() == tr && (*trp & busy_mask), "ltr"); 659 } 660 661 static void test_mov(void *mem) 662 { 663 unsigned long t1, t2; 664 665 // test mov reg, r/m and mov r/m, reg 666 t1 = 0x123456789abcdefull & -1ul; 667 asm volatile("mov %[t1], (%[mem]) \n\t" 668 "mov (%[mem]), %[t2]" 669 : [t2]"=r"(t2) 670 : [t1]"r"(t1), [mem]"r"(mem) 671 : "memory"); 672 report(t2 == (0x123456789abcdefull & -1ul), "mov reg, r/m (1)"); 673 } 674 675 static void test_simplealu(u32 *mem) 676 { 677 *mem = 0x1234; 678 asm("or %1, %0" : "+m"(*mem) : "r"(0x8001)); 679 report(*mem == 0x9235, "or"); 680 asm("add %1, %0" : "+m"(*mem) : "r"(2)); 681 report(*mem == 0x9237, "add"); 682 asm("xor %1, %0" : "+m"(*mem) : "r"(0x1111)); 683 report(*mem == 0x8326, "xor"); 684 asm("sub %1, %0" : "+m"(*mem) : "r"(0x26)); 685 report(*mem == 0x8300, "sub"); 686 asm("clc; adc %1, %0" : "+m"(*mem) : "r"(0x100)); 687 report(*mem == 0x8400, "adc(0)"); 688 asm("stc; adc %1, %0" : "+m"(*mem) : "r"(0x100)); 689 report(*mem == 0x8501, "adc(0)"); 690 asm("clc; sbb %1, %0" : "+m"(*mem) : "r"(0)); 691 report(*mem == 0x8501, "sbb(0)"); 692 asm("stc; sbb %1, %0" : "+m"(*mem) : "r"(0)); 693 report(*mem == 0x8500, "sbb(1)"); 694 asm("and %1, %0" : "+m"(*mem) : "r"(0xfe77)); 695 report(*mem == 0x8400, "and"); 696 asm("test %1, %0" : "+m"(*mem) : "r"(0xf000)); 697 report(*mem == 0x8400, "test"); 698 } 699 700 static void test_illegal_movbe(void) 701 { 702 unsigned int vector; 703 704 if (!this_cpu_has(X86_FEATURE_MOVBE)) { 705 report_skip("MOVBE unsupported by CPU"); 706 return; 707 } 708 709 asm volatile(ASM_TRY("1f") 710 ".byte 0x0f; .byte 0x38; .byte 0xf0; .byte 0xc0;\n\t" 711 "1:" 712 : : : "memory", "rax"); 713 714 vector = exception_vector(); 715 report(vector == UD_VECTOR, 716 "Wanted #UD on MOVBE with /reg, got vector = %u", vector); 717 } 718 719 int main(void) 720 { 721 void *mem; 722 void *cross_mem; 723 724 if (!is_fep_available()) 725 report_skip("Skipping tests the require forced emulation, " 726 "use kvm.force_emulation_prefix=1 to enable"); 727 728 setup_vm(); 729 730 mem = alloc_vpages(2); 731 install_page((void *)read_cr3(), IORAM_BASE_PHYS, mem); 732 // install the page twice to test cross-page mmio 733 install_page((void *)read_cr3(), IORAM_BASE_PHYS, mem + 4096); 734 cross_mem = vmap(virt_to_phys(alloc_pages(2)), 2 * PAGE_SIZE); 735 736 test_mov(mem); 737 test_simplealu(mem); 738 test_cmps(mem); 739 test_scas(mem); 740 test_smsw(mem); 741 test_lmsw(); 742 test_stringio(); 743 test_incdecnotneg(mem); 744 test_btc(mem); 745 test_bsfbsr(mem); 746 test_imul(mem); 747 test_sse(mem); 748 test_sse_exceptions(cross_mem); 749 test_shld_shrd(mem); 750 //test_lgdt_lidt(mem); 751 //test_lldt(mem); 752 test_ltr(mem); 753 754 if (is_fep_available()) { 755 test_smsw_reg(mem); 756 test_nop(mem); 757 test_mov_dr(mem); 758 test_illegal_lea(); 759 } 760 761 test_crosspage_mmio(mem); 762 763 test_string_io_mmio(mem); 764 test_illegal_movbe(); 765 766 #ifdef __x86_64__ 767 test_emulator_64(mem); 768 #endif 769 return report_summary(); 770 } 771