add basic mmu tests

Some simple tests for diffrent mmu. Basicly add some tlb entries, enable the mmu try to read from virtual address The aarm64 test was provided by imre-kis-arm in #1718
2022-10-06 15:53:25 +02:00
parent f2eb1f4711
commit 7f1eb4532d
3 changed files with 298 additions and 0 deletions
--- a/tests/unit/test_x86.c
+++ b/tests/unit/test_x86.c
@@ -1259,6 +1259,131 @@ static void test_x86_16_incorrect_ip(void)
    OK(uc_close(uc));
 }

+static void test_x86_mmu_prepare_tlb(uc_engine *uc, uint64_t vaddr, uint64_t tlb_base)
+{
+    uint64_t cr0;
+    uint64_t cr4;
+    uc_x86_msr msr = {.rid = 0x0c0000080, .value = 0};
+    uint64_t pml4o = ((vaddr & 0x00ff8000000000) >> 39)*8;
+    uint64_t pdpo  = ((vaddr & 0x00007fc0000000) >> 30)*8;
+    uint64_t pdo   = ((vaddr & 0x0000003fe00000) >> 21)*8;
+    uint64_t pml4e = (tlb_base + 0x1000) | 1 | (1 << 2);
+    uint64_t pdpe  = (tlb_base + 0x2000) | 1 | (1 << 2);
+    uint64_t pde   = (tlb_base + 0x3000) | 1 | (1 << 2);
+    OK(uc_mem_write(uc, tlb_base + pml4o, &pml4e, sizeof(pml4o)));
+    OK(uc_mem_write(uc, tlb_base + 0x1000 + pdpo, &pdpe, sizeof(pdpe)));
+    OK(uc_mem_write(uc, tlb_base + 0x2000 + pdo, &pde, sizeof(pde)));
+    OK(uc_reg_write(uc, UC_X86_REG_CR3, &tlb_base));
+    OK(uc_reg_read(uc, UC_X86_REG_CR0, &cr0));
+    OK(uc_reg_read(uc, UC_X86_REG_CR4, &cr4));
+    OK(uc_reg_read(uc, UC_X86_REG_MSR, &msr));
+    cr0 |= 1;
+    cr0 |= 1l << 31;
+    cr4 |= 1l << 5;
+    msr.value |= 1l << 8;
+    OK(uc_reg_write(uc, UC_X86_REG_CR0, &cr0));
+    OK(uc_reg_write(uc, UC_X86_REG_CR4, &cr4));
+    OK(uc_reg_write(uc, UC_X86_REG_MSR, &msr));
+}
+
+static void test_x86_mmu_pt_set(uc_engine *uc, uint64_t vaddr, uint64_t paddr, uint64_t tlb_base)
+{
+    uint64_t pto   = ((vaddr & 0x000000001ff000) >> 12)*8;
+    uint32_t pte   = (paddr) | 1 | (1 << 2);
+    uc_mem_write(uc, tlb_base + 0x3000 + pto, &pte, sizeof(pte));
+}
+
+static void test_x86_mmu_callback(uc_engine *uc, void *userdata)
+{
+    bool *parrent_done = userdata;
+    uint64_t rax;
+    OK(uc_reg_read(uc, UC_X86_REG_RAX, &rax));
+    switch (rax) {
+    case 57:
+        /* fork */
+        break;
+    case 60:
+        /* exit */
+        uc_emu_stop(uc);
+        return;
+    default:
+        TEST_CHECK(false);
+    }
+
+    if (!(*parrent_done)) {
+        *parrent_done = true;
+        rax = 27;
+        OK(uc_reg_write(uc, UC_X86_REG_RAX, &rax));
+        uc_emu_stop(uc);
+    }
+}
+
+static void test_x86_mmu(void)
+{
+    bool parrent_done = false;
+    uint64_t tlb_base = 0x3000;
+    uint64_t parrent, child;
+    uint64_t rax, rip;
+    uc_context *context;
+    uc_engine *uc;
+    uc_hook h1;
+
+    /*
+     * mov rax, 57
+     * syscall
+     * test rax, rax
+     * jz child
+     * xor rax, rax
+     * mov rax, 60
+     * mov [0x4000], rax
+     * syscall
+     *
+     * child:
+     * xor rcx, rcx
+     * mov rcx, 42
+     * mov [0x4000], rcx
+     * mov rax, 60
+     * syscall
+     */
+    char code[] = "\xB8\x39\x00\x00\x00\x0F\x05\x48\x85\xC0\x74\x0F\xB8\x3C\x00\x00\x00\x48\x89\x04\x25\x00\x40\x00\x00\x0F\x05\xB9\x2A\x00\x00\x00\x48\x89\x0C\x25\x00\x40\x00\x00\xB8\x3C\x00\x00\x00\x0F\x05";
+
+    OK(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
+    OK(uc_hook_add(uc, &h1, UC_HOOK_INSN, &test_x86_mmu_callback, &parrent_done, 1, 0, UC_X86_INS_SYSCALL));
+    OK(uc_context_alloc(uc, &context));
+
+    OK(uc_mem_map(uc, 0x0, 0x1000, UC_PROT_ALL)); //Code
+    OK(uc_mem_write(uc, 0x0, code, sizeof(code) - 1));
+    OK(uc_mem_map(uc, 0x1000, 0x1000, UC_PROT_ALL)); //Parrent
+    OK(uc_mem_map(uc, 0x2000, 0x1000, UC_PROT_ALL)); //Child
+    OK(uc_mem_map(uc, tlb_base, 0x4000, UC_PROT_ALL)); //TLB
+
+    test_x86_mmu_prepare_tlb(uc, 0x0, tlb_base);
+    test_x86_mmu_pt_set(uc, 0x2000, 0x0, tlb_base);
+    test_x86_mmu_pt_set(uc, 0x4000, 0x1000, tlb_base);
+
+    OK(uc_ctl_flush_tlb(uc));
+    OK(uc_emu_start(uc, 0x2000, 0x0, 0, 0));
+
+    OK(uc_context_save(uc, context));
+    OK(uc_reg_read(uc, UC_X86_REG_RIP, &rip));
+
+    OK(uc_emu_start(uc, rip, 0x0, 0, 0));
+
+    /* restore for child */
+    OK(uc_context_restore(uc, context));
+    test_x86_mmu_prepare_tlb(uc, 0x0, tlb_base);
+    test_x86_mmu_pt_set(uc, 0x4000, 0x2000, tlb_base);
+    rax = 0;
+    OK(uc_reg_write(uc, UC_X86_REG_RAX, &rax));
+    OK(uc_ctl_flush_tlb(uc));
+
+    OK(uc_emu_start(uc, rip, 0x0, 0, 0));
+    OK(uc_mem_read(uc, 0x1000, &parrent, sizeof(parrent)));
+    OK(uc_mem_read(uc, 0x2000, &child, sizeof(child)));
+    TEST_CHECK(parrent == 60);
+    TEST_CHECK(child == 42);
+}
+
 TEST_LIST = {
    {"test_x86_in", test_x86_in},
    {"test_x86_out", test_x86_out},
@@ -1302,4 +1427,5 @@ TEST_LIST = {
 #endif
    {"test_x86_lazy_mapping", test_x86_lazy_mapping},
    {"test_x86_16_incorrect_ip", test_x86_16_incorrect_ip},
+    {"test_x86_mmu", test_x86_mmu},
    {NULL, NULL}};