xref: /freebsd/tools/test/popss/popss.c (revision 02e9120893770924227138ba49df1edb3896112a)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2018 The FreeBSD Foundation
5  * All rights reserved.
6  *
7  * This software was developed by Konstantin Belousov <kib@FreeBSD.org>
8  * under sponsorship from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $Id: popss.c,v 1.28 2018/05/09 21:35:29 kostik Exp kostik $
32  *
33  * cc -m32 -Wall -Wextra -O2 -g -o popss popss.c
34  * Use as "popss <instruction>", where instruction is one of
35  * bound, into, int1, int3, int80, syscall, sysenter.
36  */
37 
38 #include <sys/param.h>
39 #include <sys/ptrace.h>
40 #include <sys/wait.h>
41 #include <err.h>
42 #include <signal.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <unistd.h>
47 #include <machine/reg.h>
48 
49 static u_long *stk;
50 
51 #define	ITERATIONS	4
52 
53 static void
54 setup(pid_t child)
55 {
56 	struct reg r;
57 	struct dbreg dbr;
58 	int error, i, status;
59 
60 	error = waitpid(child, &status, WTRAPPED | WEXITED);
61 	if (error == -1)
62 		err(1, "waitpid 1");
63 	error = ptrace(PT_GETREGS, child, (caddr_t)&r, 0);
64 	if (error == -1)
65 		err(1, "ptrace PT_GETREGS");
66 	printf("child %d stopped eip %#x esp %#x\n", child, r.r_eip, r.r_esp);
67 
68 	error = ptrace(PT_GETDBREGS, child, (caddr_t)&dbr, 0);
69 	if (error != 0)
70 		err(1, "ptrace PT_GETDBREGS");
71 	dbr.dr[7] &= ~DBREG_DR7_MASK(0);
72 	dbr.dr[7] |= DBREG_DR7_SET(0, DBREG_DR7_LEN_4, DBREG_DR7_RDWR,
73 	    DBREG_DR7_LOCAL_ENABLE | DBREG_DR7_GLOBAL_ENABLE);
74 	dbr.dr[0] = (uintptr_t)stk;
75 	error = ptrace(PT_SETDBREGS, child, (caddr_t)&dbr, 0);
76 	if (error != 0)
77 		err(1, "ptrace PT_SETDBREGS");
78 	error = ptrace(PT_CONTINUE, child, (caddr_t)1, 0);
79 	if (error != 0)
80 		err(1, "ptrace PT_CONTINUE fire");
81 
82 	for (i = 0; i < ITERATIONS; i++) {
83 		error = waitpid(child, &status, WTRAPPED | WEXITED);
84 		if (error == -1)
85 			err(1, "waitpid 2");
86 		if (WIFEXITED(status))
87 			break;
88 		error = ptrace(PT_GETREGS, child, (caddr_t)&r, 0);
89 		if (error == -1)
90 			err(1, "ptrace PT_GETREGS");
91 		error = ptrace(PT_GETDBREGS, child, (caddr_t)&dbr, 0);
92 		if (error != 0)
93 			err(1, "ptrace PT_GETDBREGS");
94 		printf("child %d stopped eip %#x esp %#x dr0 %#x "
95 		    "dr6 %#x dr7 %#x\n", child, r.r_eip, r.r_esp,
96 		    dbr.dr[0], dbr.dr[6], dbr.dr[7]);
97 		error = ptrace(PT_CONTINUE, child, (caddr_t)1, 0);
98 		if (error == -1)
99 			err(1, "ptrace PT_CONTINUE tail");
100 	}
101 	if (i == ITERATIONS) {
102 		kill(child, SIGKILL);
103 		ptrace(PT_DETACH, child, NULL, 0);
104 	}
105 }
106 
107 static u_long tmpstk[1024 * 128];
108 
109 static u_int
110 read_ss(void)
111 {
112 	u_int res;
113 
114 	__asm volatile("movl\t%%ss,%0" : "=r" (res));
115 	return (res);
116 }
117 
118 #define	PROLOGUE	"int3;movl\t%0,%%esp;popl\t%%ss;"
119 
120 static void
121 act(const char *cmd)
122 {
123 	int error;
124 	static const int boundx[2] = {0, 1};
125 
126 	printf("child pid %d, stk at %p\n", getpid(), stk);
127 	*stk = read_ss();
128 
129 	error = ptrace(PT_TRACE_ME, 0, NULL, 0);
130 	if (error != 0)
131 		err(1, "ptrace PT_TRACE_ME");
132 
133 	if (strcmp(cmd, "bound") == 0) {
134 		/* XXX BOUND args order clang ias bug */
135 		__asm volatile("int3;movl\t$11,%%eax;"
136 		    "movl\t%0,%%esp;popl\t%%ss;bound\t%1,%%eax"
137 		    : : "r" (stk), "m" (boundx) : "memory");
138 	} else if (strcmp(cmd, "int1") == 0) {
139 		__asm volatile(PROLOGUE ".byte 0xf1"
140 		    : : "r" (stk) : "memory");
141 	} else if (strcmp(cmd, "int3") == 0) {
142 		__asm volatile(PROLOGUE "int3"
143 		    : : "r" (stk) : "memory");
144 	} else if (strcmp(cmd, "into") == 0) {
145 		__asm volatile("int3;movl\t$0x80000000,%%eax;"
146 		    "addl\t%%eax,%%eax;movl\t%0,%%esp;popl\t%%ss;into"
147 		    : : "r" (stk) : "memory");
148 	} else if (strcmp(cmd, "int80") == 0) {
149 		__asm volatile(PROLOGUE "int\t$0x80"
150 		    : : "r" (stk) : "memory");
151 	} else if (strcmp(cmd, "syscall") == 0) {
152 		__asm volatile(PROLOGUE "syscall"
153 		    : : "r" (stk) : "memory");
154 	} else if (strcmp(cmd, "sysenter") == 0) {
155 		__asm volatile(PROLOGUE "sysenter"
156 		    : : "r" (stk) : "memory");
157 	} else {
158 		fprintf(stderr, "unknown instruction\n");
159 		exit(1);
160 	}
161 	printf("ho\n");
162 }
163 
164 int
165 main(int argc, char *argv[])
166 {
167 	int child;
168 
169 	if (argc != 2) {
170 		printf(
171 	    "Usage: popss [bound|int1|int3|into|int80|syscall|sysenter]\n");
172 		exit(1);
173 	}
174 	stk = &tmpstk[nitems(tmpstk) - 1];
175 	child = fork();
176 	if (child == -1)
177 		err(1, "fork");
178 	if (child == 0)
179 		act(argv[1]);
180 	else
181 		setup(child);
182 }
183