1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
* iopl.c - Test case for a Linux on Xen 64-bit bug
* Copyright (c) 2015 Andrew Lutomirski
*/
#define _GNU_SOURCE
#include <err.h>
#include <stdio.h>
#include <stdint.h>
#include <signal.h>
#include <setjmp.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <stdbool.h>
#include <sched.h>
#include <sys/io.h>
static int nerrs = 0;
static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
int flags)
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_sigaction = handler;
sa.sa_flags = SA_SIGINFO | flags;
sigemptyset(&sa.sa_mask);
if (sigaction(sig, &sa, 0))
err(1, "sigaction");
}
static jmp_buf jmpbuf;
static void sigsegv(int sig, siginfo_t *si, void *ctx_void)
{
siglongjmp(jmpbuf, 1);
}
int main(void)
{
cpu_set_t cpuset;
CPU_ZERO(&cpuset);
CPU_SET(0, &cpuset);
if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0)
err(1, "sched_setaffinity to CPU 0");
/* Probe for iopl support. Note that iopl(0) works even as nonroot. */
if (iopl(3) != 0) {
printf("[OK]\tiopl(3) failed (%d) -- try running as root\n",
errno);
return 0;
}
/* Restore our original state prior to starting the test. */
if (iopl(0) != 0)
err(1, "iopl(0)");
pid_t child = fork();
if (child == -1)
err(1, "fork");
if (child == 0) {
printf("\tchild: set IOPL to 3\n");
if (iopl(3) != 0)
err(1, "iopl");
printf("[RUN]\tchild: write to 0x80\n");
asm volatile ("outb %%al, $0x80" : : "a" (0));
return 0;
} else {
int status;
if (waitpid(child, &status, 0) != child ||
!WIFEXITED(status)) {
printf("[FAIL]\tChild died\n");
nerrs++;
} else if (WEXITSTATUS(status) != 0) {
printf("[FAIL]\tChild failed\n");
nerrs++;
} else {
printf("[OK]\tChild succeeded\n");
}
}
printf("[RUN]\tparent: write to 0x80 (should fail)\n");
sethandler(SIGSEGV, sigsegv, 0);
if (sigsetjmp(jmpbuf, 1) != 0) {
printf("[OK]\twrite was denied\n");
} else {
asm volatile ("outb %%al, $0x80" : : "a" (0));
printf("[FAIL]\twrite was allowed\n");
nerrs++;
}
/* Test the capability checks. */
printf("\tiopl(3)\n");
if (iopl(3) != 0)
err(1, "iopl(3)");
printf("\tDrop privileges\n");
if (setresuid(1, 1, 1) != 0) {
printf("[WARN]\tDropping privileges failed\n");
goto done;
}
printf("[RUN]\tiopl(3) unprivileged but with IOPL==3\n");
if (iopl(3) != 0) {
printf("[FAIL]\tiopl(3) should work if iopl is already 3 even if unprivileged\n");
nerrs++;
}
printf("[RUN]\tiopl(0) unprivileged\n");
if (iopl(0) != 0) {
printf("[FAIL]\tiopl(0) should work if iopl is already 3 even if unprivileged\n");
nerrs++;
}
printf("[RUN]\tiopl(3) unprivileged\n");
if (iopl(3) == 0) {
printf("[FAIL]\tiopl(3) should fail if when unprivileged if iopl==0\n");
nerrs++;
} else {
printf("[OK]\tFailed as expected\n");
}
done:
return nerrs ? 1 : 0;
}
|