xnu-6153.81.5.tar.gz

[apple/xnu.git] / tests / ldt_code32.s

/*
 * Copyright (c) 2019 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

.code64
.globl _compat_mode_trampoline
_compat_mode_trampoline:
        /*
         * %rdi => address of far_call_t (64-bit offset, then 16-bit selector)
         * %rsi => lowmem stack
         * %rdx => argument to 32-bit function
         * %rcx => address of long mode callback
         * %r8  => 64-bit address of _thunk64
         */
        movq    %rsp, %rax
        movq    %rsi, %rsp
        pushq   %rax            /* Save 64-bit stack pointer */
        leaq    1f(%rip), %rax
        movq    %rdx, %r9
        xorq    %rdx, %rdx
        movw    %cs, %dx
        shlq    $32, %rdx
        orq     %rdx, %rax
        movq    %r9, %rdx
        /*
         * Save all callee-saved regs before calling down to compat mode,
         * as there's no guarantee that the top 32 bits are preserved
         * across compat mode/long mode switches.
         */
        pushq   %rbp
        pushq   %rbx
        pushq   %r12
        pushq   %r13
        pushq   %r14
        pushq   %r15

        pushq   %r8             /* Push the absolute address of _thunk64 below */
        pushq   %rcx            /* Push the 64-bit fn ptr that compat mode will call */
        pushq   %rdx            /* Push arg to 32-bit code */
        pushq   %rax            /* Push the return offset + segment onto the stack */

        ljmpq   *(%rdi)
1:
        /*
         * lretl from compat mode pops off the first 8 bytes,
         * so manually reclaim the remaining 24 bytes
         */
        addq    $0x18, %rsp

        /* Restore callee-saved registers */
        popq    %r15
        popq    %r14
        popq    %r13
        popq    %r12
        popq    %rbx
        popq    %rbp

        popq    %rsp
        retq


.code32
.globl _code_32
.align 12
_code_32:
        /*
         * After the standard stack frame is established, the stack layout is as follows:
         *
         *     (%esp) -> old %ebp
         *    4(%ebp) -> return %eip
         *    8(%ebp) -> return %cs
         *  0xc(%ebp) -> function arg (value to increment and return)
         * 0x14(%ebp) -> 8-byte long mode function pointer to call via trampoline (with 0 args)
         * 0x1c(%ebp) -> absolute (32-bit) base address of the 64-bit thunk
         *               (Note that the caller pushed a 64-bit value here, so the 4 bytes
         *               at 0x20(%ebp) are zeroes.)
         */
        pushl   %ebp
        movl    %esp, %ebp
        pushl   %ebx
        call    1f
1:
        popl    %ebx            /* save EIP for use in PIC calculation below */
        subl    $8, %esp

        movl    0x1c(%ebp), %eax

        /* Populate the far call descriptor: */
        movl    %eax, -8(%ebp)
        movl    8(%ebp), %eax   /* The long-mode %cs from whence we came */
        movl    %eax, -4(%ebp)

        pushl   $0      /* number of arguments */
        pushl   0x18(%ebp)      /* high 32-bits of long mode funcptr */
        pushl   0x14(%ebp)      /* low 32-bits of long mode funcptr */

        /*
         * The next 2 instructions are necessary because clang cannot deal with
         * a "leal offset(index_reg), dest_reg" construct despite the fact that
         * this code is marked .code32 (because the target is 64-bit and cannot
         * process this uniquely-32-bit construct.)
         */
        leal    2f - 1b, %eax
        addl    %ebx, %eax

        pushl   $0
        pushl   %cs
        pushl   $0
        pushl   %eax

        /*
         * Note that the long-mode-based function that is called will need
         * to restore GSbase before calling into any frameworks that might
         * access %gs-relative data.
         */
        ljmpl   *-8(%ebp)       /* far call to the long mode trampoline */
2:
        /*
         * lretq from long mode pops 16 bytes, so reclaim the remaining 12
         */
        addl    $12, %esp

        /*
         * Do a division-by-zero so the exception handler can catch it and
         * restore execution right after.  If a signal handler is used,
         * it must restore GSbase first if it intends to call into any
         * frameworks / APIs that access %gs-relative data.
         */
        xorl    %eax, %eax
        div     %eax

.globl _first_invalid_opcode
_first_invalid_opcode:
        /*
         * Next, try to perform a sysenter syscall -- which should result in
         * a #UD.
         */
        leal    3f - 1b, %edx
        addl    %ebx, %edx              /* return address is expected in %edx */
        pushl   %ecx
        movl    %esp, %ecx              /* stack ptr is expected in %ecx */
        sysenter
3:
        popl    %ecx

        /*
         * Do the same with each of the old-style INT syscalls.
         */
        int $0x80
        int $0x81
.globl _last_invalid_opcode
_last_invalid_opcode:
        int $0x82

        /*
         * discard the return value from the trampolined function and
         * increment the value passed in as this function's first argument
         * then return that value + 1 so caller can verify a successful
         * thunk.
         */
        movl    0xc(%ebp), %eax
        incl    %eax
        addl    $8, %esp
        popl    %ebx
        popl    %ebp
        lret

.code64

.globl _thunk64
_thunk64:
        /*
         * The thunk is a very simple code fragment that uses an
         * absolute address modified at setup time to call into
         * the long mode trampoline.far call data passed on the stack to jump to long mode
         * code (where %rip-relative addressing will work properly.)
         *
         */
.globl _thunk64_movabs
_thunk64_movabs:
        movabs  $0xdeadbeeffeedface, %rax
        jmpq    *%rax


.globl _compat_mode_trampoline_len
_compat_mode_trampoline_len:
        .long   (. - _compat_mode_trampoline)


.globl _long_mode_trampoline
_long_mode_trampoline:
        /*
         * After creating a standard stack frame, the stack layout is:
         *
         *    8(%rbp) => %eip of far return to compat mode
         * 0x10(%rbp) => %cs of far return to compat mode
         * 0x18(%rbp) => low 32-bits of function pointer
         * 0x1C(%rbp) => high 32-bits of function pointer
         * 0x20(%rbp) => number of parameters (0..4)
         * 0x24(%rbp) => first argument [low 32-bits] (if needed)
         * 0x28(%rbp) => first argument [high 32-bits] (if needed)
         * 0x2c(%rbp) => second argument [low 32-bits] (if needed)
         * 0x30(%rbp) => second argument [high 32-bits] (if needed)
         * 0x34(%rbp) => third argument [low 32-bits] (if needed)
         * 0x38(%rbp) => third argument [high 32-bits] (if needed)
         * 0x3c(%rbp) => fourth argument [low 32-bits] (if needed)
         * 0x40(%rbp) => fourth argument [high 32-bits] (if needed)
         *
         * Note that we continue to use the existing (<4G) stack
         * after the call into long mode.
         */
        pushq   %rbp
        movq    %rsp, %rbp
        pushq   %rdi
        pushq   %rsi
        pushq   %rcx
        movl    0x20(%rbp), %eax

        testl   %eax, %eax
        jz      5f

        movq    0x24(%rbp), %rdi
        decl    %eax

2:
        testl   %eax, %eax
        jz      5f

        movq    0x2c(%rbp), %rsi
        decl    %eax

3:
        testl   %eax, %eax
        jz      5f

        movq    0x34(%rbp), %rdx
        decl    %eax

4:
        testl   %eax, %eax
        jnz     1f                      /* too many arguments specified -- bail out and return */

        movq    0x3c(%rbp), %rcx

5:      /* Call passed-in function */
        /* Note that the stack MUST be 16-byte aligned before we call into frameworks in long mode */   

        pushq   %rbx
        movq    %rsp, %rbx
        subq    $0x10, %rsp
        andq    $0xffffffffffffffe0, %rsp

        callq   *0x18(%rbp)
        movq    %rbx, %rsp
        popq    %rbx
1:
        popq    %rcx
        popq    %rsi
        popq    %rdi
        popq    %rbp
        lretq