Re: [PATCH v1 20/28] tests/tcg/aarch64: userspace system register test

["Philippe Mathieu-Daudé" <philmd@redhat.com>]

On 3/17/20 12:03 PM, Alex Bennée wrote:
> 
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> 
>> On 3/16/20 6:21 PM, Alex Bennée wrote:
>>> This tests a bunch of registers that the kernel allows userspace to
>>> read including the CPUID registers. We need a SVE aware compiler as we
>>> are testing the id_aa64zfr0_el1 register in the set.
>>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>>> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
>>> Message-Id: <20190205190224.2198-7-alex.bennee@linaro.org>
>>> ---
>>> vgdbstub
>>>     - don't build unless using docker or CROSS_CC_HAS_SVE
>>> ---
>>>    tests/tcg/aarch64/sysregs.c       | 172 ++++++++++++++++++++++++++++++
>>>    tests/tcg/aarch64/Makefile.target |   6 ++
>>>    2 files changed, 178 insertions(+)
>>>    create mode 100644 tests/tcg/aarch64/sysregs.c
>>> diff --git a/tests/tcg/aarch64/sysregs.c
>>> b/tests/tcg/aarch64/sysregs.c
>>> new file mode 100644
>>> index 00000000000..40cf8d2877e
>>> --- /dev/null
>>> +++ b/tests/tcg/aarch64/sysregs.c
>>> @@ -0,0 +1,172 @@
>>> +/*
>>> + * Check emulated system register access for linux-user mode.
>>> + *
>>> + * See: https://www.kernel.org/doc/Documentation/arm64/cpu-feature-registers.txt
>>> + *
>>> + * Copyright (c) 2019 Linaro
>>> + *
>>> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
>>> + * See the COPYING file in the top-level directory.
>>> + *
>>> + * SPDX-License-Identifier: GPL-2.0-or-later
>>> + */
>>> +
>>> +#include <asm/hwcap.h>
>>> +#include <stdio.h>
>>> +#include <sys/auxv.h>
>>> +#include <signal.h>
>>> +#include <string.h>
>>> +#include <stdbool.h>
>>> +
>>> +#ifndef HWCAP_CPUID
>>> +#define HWCAP_CPUID (1 << 11)
>>> +#endif
>>> +
>>> +int failed_bit_count;
>>> +
>>> +/* Read and print system register `id' value */
>>> +#define get_cpu_reg(id) ({                                      \
>>> +            unsigned long __val = 0xdeadbeef;                   \
>>> +            asm("mrs %0, "#id : "=r" (__val));                  \
>>> +            printf("%-20s: 0x%016lx\n", #id, __val);            \
>>> +            __val;                                               \
>>> +        })
>>> +
>>> +/* As above but also check no bits outside of `mask' are set*/
>>> +#define get_cpu_reg_check_mask(id, mask) ({                     \
>>> +            unsigned long __cval = get_cpu_reg(id);             \
>>> +            unsigned long __extra = __cval & ~mask;             \
>>> +            if (__extra) {                                      \
>>> +                printf("%-20s: 0x%016lx\n", "  !!extra bits!!", __extra);   \
>>> +                failed_bit_count++;                            \
>>> +            }                                                   \
>>> +})
>>> +
>>> +/* As above but check RAZ */
>>> +#define get_cpu_reg_check_zero(id) ({                           \
>>> +            unsigned long __val = 0xdeadbeef;                   \
>>> +            asm("mrs %0, "#id : "=r" (__val));                  \
>>> +            if (__val) {                                        \
>>> +                printf("%-20s: 0x%016lx (not RAZ!)\n", #id, __val);        \
>>> +                failed_bit_count++;                            \
>>> +            }                                                   \
>>> +})
>>> +
>>> +/* Chunk up mask into 63:48, 47:32, 31:16, 15:0 to ease counting */
>>> +#define _m(a, b, c, d) (0x ## a ## b ## c ## d ##ULL)
>>> +
>>> +bool should_fail;
>>> +int should_fail_count;
>>> +int should_not_fail_count;
>>> +uintptr_t failed_pc[10];
>>> +
>>> +void sigill_handler(int signo, siginfo_t *si, void *data)
>>> +{
>>> +    ucontext_t *uc = (ucontext_t *)data;
>>> +
>>> +    if (should_fail) {
>>> +        should_fail_count++;
>>> +    } else {
>>> +        uintptr_t pc = (uintptr_t) uc->uc_mcontext.pc;
>>> +        failed_pc[should_not_fail_count++] =  pc;
>>> +    }
>>> +    uc->uc_mcontext.pc += 4;
>>> +}
>>> +
>>> +int main(void)
>>> +{
>>> +    struct sigaction sa;
>>> +
>>> +    /* Hook in a SIGILL handler */
>>> +    memset(&sa, 0, sizeof(struct sigaction));
>>> +    sa.sa_flags = SA_SIGINFO;
>>> +    sa.sa_sigaction = &sigill_handler;
>>> +    sigemptyset(&sa.sa_mask);
>>> +
>>> +    if (sigaction(SIGILL, &sa, 0) != 0) {
>>> +        perror("sigaction");
>>> +        return 1;
>>> +    }
>>> +
>>> +    /* Counter values have been exposed since Linux 4.12 */
>>> +    printf("Checking Counter registers\n");
>>> +
>>> +    get_cpu_reg(ctr_el0);
>>> +    get_cpu_reg(cntvct_el0);
>>> +    get_cpu_reg(cntfrq_el0);
>>> +
>>> +    /* HWCAP_CPUID indicates we can read feature registers, since Linux 4.11 */
>>> +    if (!(getauxval(AT_HWCAP) & HWCAP_CPUID)) {
>>> +        printf("CPUID registers unavailable\n");
>>> +        return 1;
>>> +    } else {
>>> +        printf("Checking CPUID registers\n");
>>> +    }
>>> +
>>> +    /*
>>> +     * Some registers only expose some bits to user-space. Anything
>>> +     * that is IMPDEF is exported as 0 to user-space. The _mask checks
>>> +     * assert no extra bits are set.
>>> +     *
>>> +     * This check is *not* comprehensive as some fields are set to
>>> +     * minimum valid fields - for the purposes of this check allowed
>>> +     * to have non-zero values.
>>> +     */
>>> +    get_cpu_reg_check_mask(id_aa64isar0_el1, _m(00ff,ffff,f0ff,fff0));
>>> +    get_cpu_reg_check_mask(id_aa64isar1_el1, _m(0000,00f0,ffff,ffff));
>>> +    /* TGran4 & TGran64 as pegged to -1 */
>>> +    get_cpu_reg_check_mask(id_aa64mmfr0_el1, _m(0000,0000,ff00,0000));
>>> +    get_cpu_reg_check_zero(id_aa64mmfr1_el1);
>>> +    /* EL1/EL0 reported as AA64 only */
>>> +    get_cpu_reg_check_mask(id_aa64pfr0_el1,  _m(000f,000f,00ff,0011));
>>> +    get_cpu_reg_check_mask(id_aa64pfr1_el1,  _m(0000,0000,0000,00f0));
>>> +    /* all hidden, DebugVer fixed to 0x6 (ARMv8 debug architecture) */
>>> +    get_cpu_reg_check_mask(id_aa64dfr0_el1,  _m(0000,0000,0000,0006));
>>> +    get_cpu_reg_check_zero(id_aa64dfr1_el1);
>>> +    get_cpu_reg_check_zero(id_aa64zfr0_el1);
>>> +
>>> +    get_cpu_reg_check_zero(id_aa64afr0_el1);
>>> +    get_cpu_reg_check_zero(id_aa64afr1_el1);
>>> +
>>> +    get_cpu_reg_check_mask(midr_el1,         _m(0000,0000,ffff,ffff));
>>> +    /* mpidr sets bit 31, everything else hidden */
>>> +    get_cpu_reg_check_mask(mpidr_el1,        _m(0000,0000,8000,0000));
>>> +    /* REVIDR is all IMPDEF so should be all zeros to user-space */
>>> +    get_cpu_reg_check_zero(revidr_el1);
>>> +
>>> +    /*
>>> +     * There are a block of more registers that are RAZ in the rest of
>>> +     * the Op0=3, Op1=0, CRn=0, CRm=0,4,5,6,7 space. However for
>>> +     * brevity we don't check stuff that is currently un-allocated
>>> +     * here. Feel free to add them ;-)
>>> +     */
>>> +
>>> +    printf("Remaining registers should fail\n");
>>> +    should_fail = true;
>>> +
>>> +    /* Unexposed register access causes SIGILL */
>>> +    get_cpu_reg(id_mmfr0_el1);
>>> +    get_cpu_reg(id_mmfr1_el1);
>>> +    get_cpu_reg(id_mmfr2_el1);
>>> +    get_cpu_reg(id_mmfr3_el1);
>>> +
>>> +    get_cpu_reg(mvfr0_el1);
>>> +    get_cpu_reg(mvfr1_el1);
>>> +
>>> +    if (should_not_fail_count > 0) {
>>> +        int i;
>>> +        for (i = 0; i < should_not_fail_count; i++) {
>>> +            uintptr_t pc = failed_pc[i];
>>> +            uint32_t insn = *(uint32_t *) pc;
>>> +            printf("insn %#x @ %#lx unexpected FAIL\n", insn, pc);
>>> +        }
>>> +        return 1;
>>> +    }
>>> +
>>> +    if (failed_bit_count > 0) {
>>> +        printf("Extra information leaked to user-space!\n");
>>> +        return 1;
>>> +    }
>>> +
>>> +    return should_fail_count == 6 ? 0 : 1;
>>> +}
>>> diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
>>> index 8ed477d0d51..a25afc071cc 100644
>>> --- a/tests/tcg/aarch64/Makefile.target
>>> +++ b/tests/tcg/aarch64/Makefile.target
>>> @@ -42,4 +42,10 @@ run-semiconsole: semiconsole
>>>    run-plugin-semiconsole-with-%:
>>>    	$(call skip-test, $<, "MANUAL ONLY")
>>>    +ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_SVE),)
>>> +# System Registers Tests
>>> +AARCH64_TESTS += sysregs
>>> +sysregs: CFLAGS+=-march=armv8.1-a+sve
>>> +endif
>>> +
>>>    TESTS += $(AARCH64_TESTS)
>>>
>>
>> warning: while parsing target description (at line 47): Vector
>> "vq128hf" references undefined type "ieee_half"
>> warning: Could not load XML target description; ignoring
>> *** stack smashing detected ***: <unknown> terminated
> 
> How? That test doesn't even use the gdbstub.

This is a bug in my gdb :/

GNU gdb (GDB) Fedora 8.3-7.fc30
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from sysregs...
Remote debugging using localhost:1234
warning: while parsing target description (at line 47): Vector "vq128hf" 
references undefined type "ieee_half"
warning: Could not load XML target description; ignoring
0x0000000000400498 in _start ()
PASS: connected to aarch64
x0             0x0                 0
x1             0x0                 0
x2             0x0                 0
x3             0x0                 0
x4             0x0                 0
x5             0x0                 0
x6             0x0                 0
x7             0x0                 0
x8             0x0                 0
x9             0x0                 0
x10            0x0                 0
x11            0x0                 0
x12            0x0                 0
x13            0x0                 0
x14            0x0                 0
x15            0x0                 0
x16            0x0                 0
x17            0x0                 0
x18            0x0                 0
x19            0x0                 0
x20            0x0                 0
x21            0x0                 0
x22            0x0                 0
x23            0x0                 0
x24            0x0                 0
x25            0x0                 0
x26            0x0                 0
x27            0x0                 0
x28            0x0                 0
x29            0x0                 0
x30            0x0                 0
sp             0x40007ff0d0        0x40007ff0d0
pc             0x400498            0x400498 <_start>
cpsr           0x40000000          [ EL=0 Z ]
fpsr           0x0                 0
fpcr           0x0                 0
PASS: info registers
*** stack smashing detected ***: <unknown> terminated
Aborted (core dumped)

(gdb) bt
#0  0x00007f9036e02e35 in raise () from /lib64/libc.so.6
#1  0x00007f9036ded895 in abort () from /lib64/libc.so.6
#2  0x00007f9036e4608f in __libc_message () from /lib64/libc.so.6
#3  0x00007f9036ed6ce5 in __fortify_fail_abort () from /lib64/libc.so.6
#4  0x00007f9036ed6c98 in __stack_chk_fail () from /lib64/libc.so.6
#5  0x0000562619e27191 in remote_target::fetch_register_using_p 
(this=<optimized out>, regcache=0x56261ab84430, reg=0x56261ab09140) at 
../../gdb/remote.c:7959
#6  0x0000000000000000 in ?? ()

> 
>>
>> (GCC 9.2.1, Fedora 30)
> 
>