Re: I/O port permission bit inheritance between threads

[Stephen Hemminger <stephen@networkplumber.org>]

On Tue, 21 May 2013 13:01:18 +0300
Gleb Natapov <gleb@redhat.com> wrote:

> On Tue, May 21, 2013 at 11:50:30AM +0200, Joerg Roedel wrote:
> > Hey Stephen,
> > 
> > On Mon, May 20, 2013 at 02:24:31PM -0700, Stephen Hemminger wrote:
> > > ioperm() inheritance across threads is different in KVM then when run
> > > on physical hardware.  The following program runs on physical hardware
> > > but get SEGV under KVM.
> > > 
> > > It appears that the I/O permission bits are not shared between threads
> > > in the same way.
> > 
> > Is this specific to SVM or do you see it on VMX too? My first guess
> > would be that the KVM instruction emulator does not check to
> > IO-permissions correctly, but that would affect VMX and SVM.
> > 
> The program segfaults on physical hardware:
> # ./a.out 
> joining
> waiting
> beeping
> Segmentation fault
> 
> --
> 			Gleb.

The program had timing races, changing it slightly shows that.
# ./beep
beeping
done
oo
# ./beep --pre
joining
beeping
Segmentation fault
# ./beep --post
beeping
joining
done
oo
# 

/* Original Copyright 2011, Kees Cook <kees@outflux.net>, License: GPLv2 */
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <pthread.h>
#include <sys/io.h>

enum { NOFORK, BEFORE, AFTER } cases = NOFORK;
pthread_mutex_t mut = PTHREAD_MUTEX_INITIALIZER;

static void *beep(void *arg)
{
	unsigned char bits;

	pthread_mutex_lock(&mut);
	fprintf(stderr, "beeping\n");
	/* turn on speaker */
	bits = inb(0x61);
	bits |= 3;
	outb(bits, 0x61);

	/* set 1000 Hz frequency */
	bits = 0xA9;
	outb(bits, 0x42);
	bits = 0x04;
	outb(bits, 0x42);

	/* listen to the beep */
	sleep(4);
	fprintf(stderr, "done\n");
	pthread_mutex_unlock(&mut);

	return NULL;
}

int main(int argc, char **argv) {
	pthread_t tid;
	unsigned char orig;

	if (argc > 1) {
		if (!strcmp(argv[1], "--pre")) cases = BEFORE;
		if (!strcmp(argv[1], "--post")) cases = AFTER;
	}


	pthread_mutex_lock(&mut);
	if (cases == BEFORE && pthread_create(&tid, NULL, &beep, NULL)) {
		perror("pthread");
		return 1;
	}

	/* gain access to speaker control port */
	if (ioperm(0x61, 0x61, 1) < 0) {
		perror("0x61");
		return 1;
	}

	/* record original value */
	orig = inb(0x61);

	/* gain access to speaker frequency port */
	if (ioperm(0x42, 0x42, 1) < 0) {
		perror("0x42");
		return 2;
	}
	pthread_mutex_unlock(&mut);

	if (cases == AFTER && pthread_create(&tid, NULL, &beep, NULL)) {
		perror("pthread");
		return 1;
	}

	if (cases == NOFORK)
		beep(NULL);
	else {
		fprintf(stderr, "joining\n");
		pthread_join(tid, NULL);
	}
	
	/* restore speaker bits to turn off speaker */
	outb(orig, 0x61);
	fprintf(stderr, "oo\n");
	return 0;
}