From patchwork Thu Mar 3 01:09:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Feiner X-Patchwork-Id: 8487071 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 23D99C0553 for ; Thu, 3 Mar 2016 01:10:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 37067201FE for ; Thu, 3 Mar 2016 01:10:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 70EA92034E for ; Thu, 3 Mar 2016 01:10:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754943AbcCCBJy (ORCPT ); Wed, 2 Mar 2016 20:09:54 -0500 Received: from mail-pa0-f49.google.com ([209.85.220.49]:35470 "EHLO mail-pa0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753077AbcCCBJw (ORCPT ); Wed, 2 Mar 2016 20:09:52 -0500 Received: by mail-pa0-f49.google.com with SMTP id bj10so4195669pad.2 for ; Wed, 02 Mar 2016 17:09:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nY8WTHSYP/4VFdwpMXBBXb4Sb3fYFpatVeIuJ1uuNR8=; b=U33EyVs7/niFXRYong/L6m5zt2nYsJmF5Upg+1pHLmUcF7K3TPuKQxq9GiJkz0RNPH gx0LCvEO1Gk4Fmf8keAIYG05m1+UkjR2BFtYbY6z9/tp/JCDw6rlxOEg1/rpZpNDpySx GzU1n01Y/xBGCgqe+meBmlH9k2yROnPNo9lRMgaaXQxo42cMmnjTZ/axXSes0HjjTKBU WM9THjfb37QleReDIeKjpc/uyJvHpVmRb9d1iWaj+Gn1CEtsiKbJaO7JmQdxaxjJMRcA p5sQv+7ACtOKavahVsnGuY5cB2Dl7AVseSuNfjpFIDD18RUDcJRWRVoF6NlS7eVjW9LM rjXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nY8WTHSYP/4VFdwpMXBBXb4Sb3fYFpatVeIuJ1uuNR8=; b=mC1DteiXdPG/OcX1yrsGBtBcgyL6GuhvGVlsNdxeCff8pD2KahUD4RWcLsJdAp03l6 x9VatieCqtaymLejg8HMlYg/PJTayn6vs9e2yFQNz2kCnO+cBoqjNhoAIXEwoj4166Rc wjvk9M6ird3VQ8n9eklw4jbW0Woxb3iF2I3jxUSH+dub1U8vnbj0q/OjoQsQipYIXw70 Z7ZsWSvXoQ1jN0ZXkyrja27MDjH+OVX9WV+5t8ouWMjbbiTLssaoL+BwPkZf9EO21GaG ZQSO0/yTaVuG+Wdic///kRO+cPuQOcoj873PH4JVCTaoDN0sM0GrfFbPliCLcrMwkoGP 4ivw== X-Gm-Message-State: AD7BkJKhiyTiZ4ngJZqAk266vqGjtT3CoxnNUKz9tlsG3VWTUn2wvg/0ZVtYtIS0+zKiWJ/9 X-Received: by 10.66.141.42 with SMTP id rl10mr20442242pab.48.1456967391247; Wed, 02 Mar 2016 17:09:51 -0800 (PST) Received: from localhost ([2620:0:1009:3:10b2:1b3a:febc:1b15]) by smtp.gmail.com with ESMTPSA id dw2sm27930061pab.14.2016.03.02.17.09.49 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Wed, 02 Mar 2016 17:09:50 -0800 (PST) From: Peter Feiner To: kvm@vger.kernel.org, drjones@redhat.com, pbonzini@redhat.com Cc: pfeiner@google.com Subject: [kvm-unit-tests v2 3/8] x86: realmode: fix test_sgdt_sidt overflow Date: Wed, 2 Mar 2016 17:09:33 -0800 Message-Id: <1456967378-6367-4-git-send-email-pfeiner@google.com> X-Mailer: git-send-email 2.7.0.rc3.207.g0ac5344 In-Reply-To: <1456967378-6367-1-git-send-email-pfeiner@google.com> References: <1456867658-10937-1-git-send-email-pfeiner@google.com> <1456967378-6367-1-git-send-email-pfeiner@google.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In real mode, both sgdt and sidt write 6 bytes to the given memory address: 2 byte limit, 3 byte address, 1 zero byte. However, the test was only allocating 4 bytes. Given an inopportune stack layout, the output was being overwritten and the assertion failed. I discovered this problem when compiling with -fno-omit-stack-pointer. Signed-off-by: Peter Feiner --- x86/realmode.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/x86/realmode.c b/x86/realmode.c index 09e6aa7..6411654 100644 --- a/x86/realmode.c +++ b/x86/realmode.c @@ -116,16 +116,18 @@ struct regs { u32 eip, eflags; }; +struct table_descr { + u16 limit; + void *base; +} __attribute__((packed)); + static u64 gdt[] = { 0, 0x00cf9b000000ffffull, // flat 32-bit code segment 0x00cf93000000ffffull, // flat 32-bit data segment }; -static struct { - u16 limit; - void *base; -} __attribute__((packed)) gdt_descr = { +static struct table_descr gdt_descr = { sizeof(gdt) - 1, gdt, }; @@ -1417,21 +1419,23 @@ static void test_ss_base_for_esp_ebp(void) report("ss relative addressing (2)", R_AX | R_BX, outregs.ebx == 0x87654321); } +extern unsigned long long r_gdt[]; + static void test_sgdt_sidt(void) { MK_INSN(sgdt, "sgdtw (%eax)"); MK_INSN(sidt, "sidtw (%eax)"); - unsigned x, y; + struct table_descr x, y; inregs.eax = (unsigned)&y; asm volatile("sgdtw %0" : "=m"(x)); exec_in_big_real_mode(&insn_sgdt); - report("sgdt", 0, x == y); + report("sgdt", 0, x.limit == y.limit && x.base == y.base); inregs.eax = (unsigned)&y; asm volatile("sidtw %0" : "=m"(x)); exec_in_big_real_mode(&insn_sidt); - report("sidt", 0, x == y); + report("sidt", 0, x.limit == y.limit && x.base == y.base); } static void test_sahf(void) @@ -1734,10 +1738,7 @@ void realmode_start(void) unsigned long long r_gdt[] = { 0, 0x9b000000ffff, 0x93000000ffff }; -struct __attribute__((packed)) { - unsigned short limit; - void *base; -} r_gdt_descr = { sizeof(r_gdt) - 1, &r_gdt }; +struct table_descr r_gdt_descr = { sizeof(r_gdt) - 1, &r_gdt }; asm( ".section .init \n\t"