xref: /kvm-unit-tests/x86/taskswitch2.c (revision b01c882353a20133a3a9ad9bc2fa6fcce3b17471) 
1 #include "libcflat.h"
2 #include "desc.h"
3 #include "apic-defs.h"
4 #include "apic.h"
5 #include "processor.h"
6 #include "vm.h"
7 
8 #define FREE_GDT_INDEX 6
9 #define MAIN_TSS_INDEX (FREE_GDT_INDEX + 0)
10 #define VM86_TSS_INDEX (FREE_GDT_INDEX + 1)
11 
12 #define xstr(s) str(s)
13 #define str(s) #s
14 
15 static volatile int test_count;
16 static volatile unsigned int test_divider;
17 
18 static char *fault_addr;
19 static ulong fault_phys;
20 
21 static int g_fail;
22 static int g_tests;
23 
24 static inline void io_delay(void)
25 {
26 }
27 
28 static void report(const char *msg, int pass)
29 {
30     ++g_tests;
31     printf("%s: %s\n", msg, (pass ? "PASS" : "FAIL"));
32     if (!pass)
33         ++g_fail;
34 }
35 
36 static void nmi_tss(void)
37 {
38 start:
39 	printf("NMI task is running\n");
40 	print_current_tss_info();
41 	test_count++;
42 	asm volatile ("iret");
43 	goto start;
44 }
45 
46 static void de_tss(void)
47 {
48 start:
49 	printf("DE task is running\n");
50 	print_current_tss_info();
51 	test_divider = 10;
52 	test_count++;
53 	asm volatile ("iret");
54 	goto start;
55 }
56 
57 static void of_tss(void)
58 {
59 start:
60 	printf("OF task is running\n");
61 	print_current_tss_info();
62 	test_count++;
63 	asm volatile ("iret");
64 	goto start;
65 }
66 
67 static void bp_tss(void)
68 {
69 start:
70 	printf("BP task is running\n");
71 	print_current_tss_info();
72 	test_count++;
73 	asm volatile ("iret");
74 	goto start;
75 }
76 
77 void do_pf_tss(ulong *error_code)
78 {
79 	printf("PF task is running %x %x\n", error_code, *(ulong*)error_code);
80 	print_current_tss_info();
81 	if (*(ulong*)error_code == 0x2) /* write access, not present */
82 		test_count++;
83 	install_pte(phys_to_virt(read_cr3()), 1, fault_addr,
84 		    fault_phys | PTE_PRESENT | PTE_WRITE, 0);
85 }
86 
87 extern void pf_tss(void);
88 
89 asm (
90 	"pf_tss: \n\t"
91 	"push %esp \n\t"
92 	"call do_pf_tss \n\t"
93 	"add $4, %esp \n\t"
94 	"iret\n\t"
95 	"jmp pf_tss\n\t"
96     );
97 
98 static void jmp_tss(void)
99 {
100 start:
101 	printf("JMP to task succeeded\n");
102 	print_current_tss_info();
103 	test_count++;
104 	asm volatile ("ljmp $" xstr(TSS_MAIN) ", $0");
105 	goto start;
106 }
107 
108 static void irq_tss(void)
109 {
110 start:
111 	printf("IRQ task is running\n");
112 	print_current_tss_info();
113 	test_count++;
114 	asm volatile ("iret");
115 	test_count++;
116 	printf("IRQ task restarts after iret.\n");
117 	goto start;
118 }
119 
120 void test_kernel_mode_int()
121 {
122 	unsigned int res;
123 
124 	/* test that int $2 triggers task gate */
125 	test_count = 0;
126 	set_intr_task_gate(2, nmi_tss);
127 	printf("Triggering nmi 2\n");
128 	asm volatile ("int $2");
129 	printf("Return from nmi %d\n", test_count);
130 	report("NMI int $2", test_count == 1);
131 
132 	/* test that external NMI triggers task gate */
133 	test_count = 0;
134 	set_intr_task_gate(2, nmi_tss);
135 	printf("Triggering nmi through APIC\n");
136 	apic_icr_write(APIC_DEST_PHYSICAL | APIC_DM_NMI | APIC_INT_ASSERT, 0);
137 	io_delay();
138 	printf("Return from APIC nmi\n");
139 	report("NMI external", test_count == 1);
140 
141 	/* test that external interrupt triggesr task gate */
142 	test_count = 0;
143 	printf("Trigger IRQ from APIC\n");
144 	set_intr_task_gate(0xf0, irq_tss);
145 	irq_enable();
146 	apic_icr_write(APIC_DEST_SELF | APIC_DEST_PHYSICAL | APIC_DM_FIXED | APIC_INT_ASSERT | 0xf0, 0);
147 	io_delay();
148 	irq_disable();
149 	printf("Return from APIC IRQ\n");
150 	report("IRQ external", test_count == 1);
151 
152 	/* test that HW exception triggesr task gate */
153 	set_intr_task_gate(0, de_tss);
154 	printf("Try to devide by 0\n");
155 	asm volatile ("divl %3": "=a"(res)
156 		      : "d"(0), "a"(1500), "m"(test_divider));
157 	printf("Result is %d\n", res);
158 	report("DE exeption", res == 150);
159 
160 	/* test if call HW exeption DE by int $0 triggers task gate */
161 	test_count = 0;
162 	set_intr_task_gate(0, de_tss);
163 	printf("Call int 0\n");
164 	asm volatile ("int $0");
165 	printf("Return from int 0\n");
166 	report("int $0", test_count == 1);
167 
168 	/* test if HW exception OF triggers task gate */
169 	test_count = 0;
170 	set_intr_task_gate(4, of_tss);
171 	printf("Call into\n");
172 	asm volatile ("addb $127, %b0\ninto"::"a"(127));
173 	printf("Return from into\n");
174 	report("OF exeption", test_count);
175 
176 	/* test if HW exception BP triggers task gate */
177 	test_count = 0;
178 	set_intr_task_gate(3, bp_tss);
179 	printf("Call int 3\n");
180 	asm volatile ("int $3");
181 	printf("Return from int 3\n");
182 	report("BP exeption", test_count == 1);
183 
184 	/*
185 	 * test that PF triggers task gate and error code is placed on
186 	 * exception task's stack
187 	 */
188 	fault_addr = alloc_vpage();
189 	fault_phys = (ulong)virt_to_phys(alloc_page());
190 	test_count = 0;
191 	set_intr_task_gate(14, pf_tss);
192 	printf("Access unmapped page\n");
193 	*fault_addr = 0;
194 	printf("Return from pf tss\n");
195 	report("PF exeption", test_count == 1);
196 
197 	/* test that calling a task by lcall works */
198 	test_count = 0;
199 	set_intr_task_gate(0, irq_tss);
200 	printf("Calling task by lcall\n");
201 	/* hlt opcode is 0xf4 I use destination IP 0xf4f4f4f4 to catch
202 	   incorrect instruction length calculation */
203 	asm volatile("lcall $" xstr(TSS_INTR) ", $0xf4f4f4f4");
204 	printf("Return from call\n");
205 	report("lcall", test_count == 1);
206 
207 	/* call the same task again and check that it restarted after iret */
208 	test_count = 0;
209 	asm volatile("lcall $" xstr(TSS_INTR) ", $0xf4f4f4f4");
210 	report("lcall2", test_count == 2);
211 
212 	/* test that calling a task by ljmp works */
213 	test_count = 0;
214 	set_intr_task_gate(0, jmp_tss);
215 	printf("Jumping to a task by ljmp\n");
216 	asm volatile ("ljmp $" xstr(TSS_INTR) ", $0xf4f4f4f4");
217 	printf("Jump back succeeded\n");
218 	report("ljmp", test_count == 1);
219 }
220 
221 void test_vm86_switch(void)
222 {
223     static tss32_t main_tss;
224     static tss32_t vm86_tss;
225 
226     u8 *vm86_start;
227 
228     /* Write a 'ud2' instruction somewhere below 1 MB */
229     vm86_start = (void*) 0x42000;
230     vm86_start[0] = 0x0f;
231     vm86_start[1] = 0x0b;
232 
233     /* Main TSS */
234     set_gdt_entry(MAIN_TSS_INDEX, (u32)&main_tss, sizeof(tss32_t) - 1, 0x89, 0);
235     ltr(MAIN_TSS_INDEX << 3);
236     main_tss = (tss32_t) {
237         .prev   = VM86_TSS_INDEX << 3,
238         .cr3    = read_cr3(),
239     };
240 
241     /* VM86 TSS (marked as busy, so we can iret to it) */
242     set_gdt_entry(VM86_TSS_INDEX, (u32)&vm86_tss, sizeof(tss32_t) - 1, 0x8b, 0);
243     vm86_tss = (tss32_t) {
244         .eflags = 0x20002,
245         .cr3    = read_cr3(),
246         .eip    = (u32) vm86_start & 0x0f,
247         .cs     = (u32) vm86_start >> 4,
248         .ds     = 0x1234,
249         .es     = 0x2345,
250     };
251 
252     /* Setup task gate to main TSS for #UD */
253     set_idt_task_gate(6, MAIN_TSS_INDEX << 3);
254 
255     /* Jump into VM86 task with iret, #UD lets it come back immediately */
256     printf("Switch to VM86 task and back\n");
257     asm volatile(
258         "pushf\n"
259         "orw $0x4000, (%esp)\n"
260         "popf\n"
261         "iret\n"
262     );
263     report("VM86", 1);
264 }
265 
266 int main()
267 {
268 	setup_vm();
269 	setup_idt();
270 	setup_gdt();
271 	setup_tss32();
272 
273 	test_kernel_mode_int();
274 	test_vm86_switch();
275 
276 	printf("\nsummary: %d tests, %d failures\n", g_tests, g_fail);
277 
278 	return g_fail != 0;
279 }
280