[PATCH 1/3] emulator: fix confused param list

[PATCH 1/3] emulator: fix confused param list

[Arthur Chunqi Li]

Fix param list of test_mmx_movq_mf and test_movabs. The previous
version uses "insn_page" and "insn_ram" which are not used afterwards.
There are also two variants named "insn_page" and "insn_ram", which
has no relation with these two functions.

Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
---
 x86/emulator.c |   10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)
 mode change 100644 => 100755 x86/emulator.c

diff --git a/x86/emulator.c b/x86/emulator.c
old mode 100644
new mode 100755
index 68d2b93..6972334
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -786,8 +786,7 @@ static void advance_rip_by_3_and_note_exception(struct ex_regs *regs)
     regs->rip += 3;
 }
 
-static void test_mmx_movq_mf(uint64_t *mem, uint8_t *insn_page,
-			     uint8_t *alt_insn_page, void *insn_ram)
+static void test_mmx_movq_mf(uint64_t *mem, uint8_t *alt_insn_page)
 {
     uint16_t fcw = 0;  /* all exceptions unmasked */
     /* movq %mm0, (%rax) */
@@ -808,8 +807,7 @@ static void test_mmx_movq_mf(uint64_t *mem, uint8_t *insn_page,
     handle_exception(MF_VECTOR, 0);
 }
 
-static void test_movabs(uint64_t *mem, uint8_t *insn_page,
-		       uint8_t *alt_insn_page, void *insn_ram)
+static void test_movabs(uint64_t *mem, uint8_t *alt_insn_page)
 {
     /* mov $0x9090909090909090, %rcx */
     MK_INSN(movabs, "mov $0x9090909090909090, %rcx\n\t");
@@ -1012,8 +1010,8 @@ int main()
 	test_lldt(mem);
 	test_ltr(mem);
 
-	test_mmx_movq_mf(mem, insn_page, alt_insn_page, insn_ram);
-	test_movabs(mem, insn_page, alt_insn_page, insn_ram);
+	test_mmx_movq_mf(mem, alt_insn_page);
+	test_movabs(mem, alt_insn_page);
 
 	test_crosspage_mmio(mem);
 
-- 
1.7.9.5

[PATCH 2/3] emulator: Add multibyte nopl test case

[Arthur Chunqi Li]

Test multiple byte nopl (from 1-byte nopl to 9-byte nopl) in
64-bit mode.

Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
---
 x86/emulator.c |   25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/x86/emulator.c b/x86/emulator.c
index 6972334..bd02d5c 100755
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -816,6 +816,30 @@ static void test_movabs(uint64_t *mem, uint8_t *alt_insn_page)
     report("64-bit mov imm2", outregs.rcx == 0x9090909090909090);
 }
 
+static void test_nopl(uint64_t *mem, void *alt_insn_page)
+{
+    MK_INSN(nopl1, ".byte 0x90\n\r"); /* 1 byte nop */
+    MK_INSN(nopl2, ".byte 0x66, 0x90\n\r"); /* 2 byte nop */
+    MK_INSN(nopl3, ".byte 0x0f, 0x1f, 0x00\n\r"); /* 3 byte nop */
+    MK_INSN(nopl4, ".byte 0x0f, 0x1f, 0x40, 0x00\n\r"); /* 4 byte nop */
+    MK_INSN(nopl5, ".byte 0x0f, 0x1f, 0x44, 0x00, 0x00\n\r"); /* 5 byte nop */
+    MK_INSN(nopl6, ".byte 0x66, 0x0f, 0x1f, 0x44, 0x00, 0x00\n\r"); /* 6 byte nop */
+    MK_INSN(nopl7, ".byte 0x0f, 0x1f, 0x80, 0x00, 0x00, 0x00, 0x00\n\r"); /* 7 byte nop */
+    MK_INSN(nopl8, ".byte 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00\n\r"); /* 8 byte nop */
+    MK_INSN(nopl9, ".byte 0x66, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00\n\r"); /* 9 byte nop */
+
+    trap_emulator(mem, alt_insn_page, &insn_nopl1);
+    trap_emulator(mem, alt_insn_page, &insn_nopl2);
+    trap_emulator(mem, alt_insn_page, &insn_nopl3);
+    trap_emulator(mem, alt_insn_page, &insn_nopl4);
+    trap_emulator(mem, alt_insn_page, &insn_nopl5);
+    trap_emulator(mem, alt_insn_page, &insn_nopl6);
+    trap_emulator(mem, alt_insn_page, &insn_nopl7);
+    trap_emulator(mem, alt_insn_page, &insn_nopl8);
+    trap_emulator(mem, alt_insn_page, &insn_nopl9);
+    report("nopl", 1);
+}
+
 static void test_crosspage_mmio(volatile uint8_t *mem)
 {
     volatile uint16_t w, *pw;
@@ -1012,6 +1036,7 @@ int main()
 
 	test_mmx_movq_mf(mem, alt_insn_page);
 	test_movabs(mem, alt_insn_page);
+	test_nopl(mem, alt_insn_page);
 
 	test_crosspage_mmio(mem);
 
-- 
1.7.9.5

[PATCH 3/3] emulator: Add spl/bpl/sil/dil access via modrm

[Arthur Chunqi Li]

Add test case of accessing spl/bpl/sil/dil via modrm in emulator.

Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
---
 x86/emulator.c |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/x86/emulator.c b/x86/emulator.c
index bd02d5c..bea9513 100755
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -840,6 +840,31 @@ static void test_nopl(uint64_t *mem, void *alt_insn_page)
     report("nopl", 1);
 }
 
+static void test_modrm(uint64_t *mem, void *alt_insn_page)
+{
+    
+    MK_INSN(modrm_spl,"mov %al, %spl\n\t");
+    MK_INSN(modrm_bpl,"mov %cl, %bpl\n\t");
+    MK_INSN(modrm_sil,"mov %dl, %sil\n\t");
+    MK_INSN(modrm_dil,"mov %bl, %dil\n\t");
+
+    inregs = (struct regs){ .rax = 0x1234 };
+    trap_emulator(mem, alt_insn_page, &insn_modrm_spl);
+    report("access spl via modr/m", outregs.rax == 0x1234);
+
+    inregs = (struct regs){ .rcx = 0x1234 };
+    trap_emulator(mem, alt_insn_page, &insn_modrm_bpl);
+    report("access bpl via modr/m", outregs.rcx == 0x1234);
+
+    inregs = (struct regs){ .rdx = 0x1234 };
+    trap_emulator(mem, alt_insn_page, &insn_modrm_sil);
+    report("access sil via modr/m", outregs.rdx == 0x1234);
+
+    inregs = (struct regs){ .rbx = 0x1234 };
+    trap_emulator(mem, alt_insn_page, &insn_modrm_dil);
+    report("access dil via modr/m", outregs.rbx == 0x1234);
+}
+
 static void test_crosspage_mmio(volatile uint8_t *mem)
 {
     volatile uint16_t w, *pw;
@@ -1037,6 +1062,7 @@ int main()
 	test_mmx_movq_mf(mem, alt_insn_page);
 	test_movabs(mem, alt_insn_page);
 	test_nopl(mem, alt_insn_page);
+	test_modrm(mem, alt_insn_page);
 
 	test_crosspage_mmio(mem);
 
-- 
1.7.9.5

Re: [PATCH 1/3] emulator: fix confused param list

[Arthur Chunqi Li]

These patches are some unfinished work and bug fixes related to
Paolo's exercise. I think I'd better finish these simple jobs.

Arthur

On Tue, Jun 25, 2013 at 4:51 PM, Arthur Chunqi Li <yzt356@gmail.com> wrote:
> Fix param list of test_mmx_movq_mf and test_movabs. The previous
> version uses "insn_page" and "insn_ram" which are not used afterwards.
> There are also two variants named "insn_page" and "insn_ram", which
> has no relation with these two functions.
>
> Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
> ---
>  x86/emulator.c |   10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>  mode change 100644 => 100755 x86/emulator.c
>
> diff --git a/x86/emulator.c b/x86/emulator.c
> old mode 100644
> new mode 100755
> index 68d2b93..6972334
> --- a/x86/emulator.c
> +++ b/x86/emulator.c
> @@ -786,8 +786,7 @@ static void advance_rip_by_3_and_note_exception(struct ex_regs *regs)
>      regs->rip += 3;
>  }
>
> -static void test_mmx_movq_mf(uint64_t *mem, uint8_t *insn_page,
> -                            uint8_t *alt_insn_page, void *insn_ram)
> +static void test_mmx_movq_mf(uint64_t *mem, uint8_t *alt_insn_page)
>  {
>      uint16_t fcw = 0;  /* all exceptions unmasked */
>      /* movq %mm0, (%rax) */
> @@ -808,8 +807,7 @@ static void test_mmx_movq_mf(uint64_t *mem, uint8_t *insn_page,
>      handle_exception(MF_VECTOR, 0);
>  }
>
> -static void test_movabs(uint64_t *mem, uint8_t *insn_page,
> -                      uint8_t *alt_insn_page, void *insn_ram)
> +static void test_movabs(uint64_t *mem, uint8_t *alt_insn_page)
>  {
>      /* mov $0x9090909090909090, %rcx */
>      MK_INSN(movabs, "mov $0x9090909090909090, %rcx\n\t");
> @@ -1012,8 +1010,8 @@ int main()
>         test_lldt(mem);
>         test_ltr(mem);
>
> -       test_mmx_movq_mf(mem, insn_page, alt_insn_page, insn_ram);
> -       test_movabs(mem, insn_page, alt_insn_page, insn_ram);
> +       test_mmx_movq_mf(mem, alt_insn_page);
> +       test_movabs(mem, alt_insn_page);
>
>         test_crosspage_mmio(mem);
>
> --
> 1.7.9.5
>



-- 
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China

Re: [PATCH 3/3] emulator: Add spl/bpl/sil/dil access via modrm

[Gleb Natapov]

On Tue, Jun 25, 2013 at 04:51:31PM +0800, Arthur Chunqi Li wrote:
> Add test case of accessing spl/bpl/sil/dil via modrm in emulator.
> 
> Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
> ---
>  x86/emulator.c |   26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/x86/emulator.c b/x86/emulator.c
> index bd02d5c..bea9513 100755
> --- a/x86/emulator.c
> +++ b/x86/emulator.c
> @@ -840,6 +840,31 @@ static void test_nopl(uint64_t *mem, void *alt_insn_page)
>      report("nopl", 1);
>  }
>  
> +static void test_modrm(uint64_t *mem, void *alt_insn_page)
> +{
> +    
> +    MK_INSN(modrm_spl,"mov %al, %spl\n\t");
> +    MK_INSN(modrm_bpl,"mov %cl, %bpl\n\t");
> +    MK_INSN(modrm_sil,"mov %dl, %sil\n\t");
> +    MK_INSN(modrm_dil,"mov %bl, %dil\n\t");
> +
The test can be compiled for 64 bit only so we need to put it in an
#ifdef. Previous patches that introduced testing infrastructure are
64 bit specific too, so now emulator.c can be compiled for 64bit only,
we should fix that one day.

> +    inregs = (struct regs){ .rax = 0x1234 };
> +    trap_emulator(mem, alt_insn_page, &insn_modrm_spl);
> +    report("access spl via modr/m", outregs.rax == 0x1234);
I'd prefer to write report variant like the one in realmode.c that
checks all registers for consistency. Then the report would be like
that:
report("access spl via modr/m", R_SP, outregs.rsp  == 0x34);

> +
> +    inregs = (struct regs){ .rcx = 0x1234 };
> +    trap_emulator(mem, alt_insn_page, &insn_modrm_bpl);
> +    report("access bpl via modr/m", outregs.rcx == 0x1234);
> +
> +    inregs = (struct regs){ .rdx = 0x1234 };
> +    trap_emulator(mem, alt_insn_page, &insn_modrm_sil);
> +    report("access sil via modr/m", outregs.rdx == 0x1234);
> +
> +    inregs = (struct regs){ .rbx = 0x1234 };
> +    trap_emulator(mem, alt_insn_page, &insn_modrm_dil);
> +    report("access dil via modr/m", outregs.rbx == 0x1234);
> +}
> +
>  static void test_crosspage_mmio(volatile uint8_t *mem)
>  {
>      volatile uint16_t w, *pw;
> @@ -1037,6 +1062,7 @@ int main()
>  	test_mmx_movq_mf(mem, alt_insn_page);
>  	test_movabs(mem, alt_insn_page);
>  	test_nopl(mem, alt_insn_page);
> +	test_modrm(mem, alt_insn_page);
>  
>  	test_crosspage_mmio(mem);
>  
> -- 
> 1.7.9.5

--
			Gleb.