How to use pciAddrPort method of x86 Package

Best Syzkaller code snippet using x86.pciAddrPort

pseudo.go

Source:pseudo.go Github

copy

Full Screen

...41 Priv: true,42 Pseudo: true,43 generator: func(cfg *iset.Config, r *rand.Rand) []byte {44 gen := makeGen(cfg, r)45 addr, port, size := pciAddrPort(r)46 gen.out32(0xcf8, addr)47 gen.in(port, size)48 return gen.text49 },50 },51 {52 Name: "PSEUDO_PCI_WRITE",53 Mode: 1<<iset.ModeLast - 1,54 Priv: true,55 Pseudo: true,56 generator: func(cfg *iset.Config, r *rand.Rand) []byte {57 gen := makeGen(cfg, r)58 addr, port, size := pciAddrPort(r)59 val := iset.GenerateInt(cfg, r, 4)60 gen.out32(0xcf8, addr)61 gen.out(port, uint32(val), size)62 return gen.text63 },64 },65 {66 Name: "PSEUDO_PORT_READ",67 Mode: 1<<iset.ModeLast - 1,68 Priv: true,69 Pseudo: true,70 generator: func(cfg *iset.Config, r *rand.Rand) []byte {71 gen := makeGen(cfg, r)72 port := ports[r.Intn(len(ports))]73 gen.in(port, r.Intn(3))74 return gen.text75 },76 },77 {78 Name: "PSEUDO_PORT_WRITE",79 Mode: 1<<iset.ModeLast - 1,80 Priv: true,81 Pseudo: true,82 generator: func(cfg *iset.Config, r *rand.Rand) []byte {83 gen := makeGen(cfg, r)84 port := ports[r.Intn(len(ports))]85 val := iset.GenerateInt(cfg, r, 4)86 gen.out(port, uint32(val), r.Intn(3))87 return gen.text88 },89 },90 {91 Name: "PSEUDO_XOR_CR",92 Mode: 1<<iset.ModeLast - 1,93 Priv: true,94 Pseudo: true,95 generator: func(cfg *iset.Config, r *rand.Rand) []byte {96 gen := makeGen(cfg, r)97 cr := controlRegisters[r.Intn(len(controlRegisters))]98 var v uint3299 if cr == 8 {100 v = uint32(r.Intn(15) + 1)101 } else {102 bit := controlRegistersBits[cr][r.Intn(len(controlRegistersBits[cr]))]103 v = 1 << bit104 }105 gen.readCR(cr)106 gen.xor32(regEAX, v)107 gen.writeCR(cr)108 return gen.text109 },110 },111 {112 Name: "PSEUDO_XOR_EFER",113 Mode: 1<<iset.ModeLast - 1,114 Priv: true,115 Pseudo: true,116 generator: func(cfg *iset.Config, r *rand.Rand) []byte {117 gen := makeGen(cfg, r)118 gen.mov32(regECX, eferMSR)119 gen.byte(0x0f, 0x32) // rdmsr120 bit := eferBits[r.Intn(len(eferBits))]121 gen.xor32(regEAX, 1<<bit)122 gen.byte(0x0f, 0x30) // wrmsr123 return gen.text124 },125 },126 {127 Name: "PSEUDO_SET_BREAK",128 Mode: 1<<iset.ModeLast - 1,129 Priv: true,130 Pseudo: true,131 generator: func(cfg *iset.Config, r *rand.Rand) []byte {132 gen := makeGen(cfg, r)133 br := uint8(r.Intn(4))134 loc := uint32(r.Intn(4))135 typ := uint32(r.Intn(16))136 addr := iset.GenerateInt(cfg, r, 8)137 if cfg.Mode == iset.ModeLong64 {138 gen.mov64(regRAX, addr)139 } else {140 gen.mov32(regEAX, uint32(addr))141 }142 gen.writeDR(br)143 gen.readDR(7)144 gen.xor32(regEAX, loc<<(br*2)|typ<<(16+br*4))145 gen.writeDR(7)146 return gen.text147 },148 },149 {150 Name: "PSEUDO_LOAD_SEG",151 Mode: 1<<iset.ModeLast - 1,152 Priv: true,153 Pseudo: true,154 generator: func(cfg *iset.Config, r *rand.Rand) []byte {155 gen := makeGen(cfg, r)156 sel := randSelector(r)157 if cfg.Mode == iset.ModeReal16 {158 sel = uint16(iset.GenerateInt(cfg, r, 8)) >> 4159 }160 reg := uint8(r.Intn(6))161 gen.mov16(regAX, sel)162 gen.byte(0x8e, 0xc0|(reg<<3)) // MOV %ax, %seg163 return gen.text164 },165 },166 {167 Name: "PSEUDO_FAR_JMP",168 Mode: 1<<iset.ModeLong64 | 1<<iset.ModeProt32 | 1<<iset.ModeProt16,169 Priv: true,170 Pseudo: true,171 generator: func(cfg *iset.Config, r *rand.Rand) []byte {172 gen := makeGen(cfg, r)173 sel := randSelector(r)174 off := iset.GenerateInt(cfg, r, 4)175 if cfg.Mode == iset.ModeLong64 {176 gen.mov32toSPaddr(uint32(sel), 0)177 gen.mov32toSPaddr(uint32(off), 2)178 if r.Intn(2) == 0 {179 gen.byte(0xff, 0x2c, 0x24) // ljmp (%rsp)180 } else {181 gen.byte(0xff, 0x1c, 0x24) // lcall (%rsp)182 }183 } else {184 if r.Intn(2) == 0 {185 gen.byte(0xea) // ljmp $imm16, $imm16/32186 } else {187 gen.byte(0x9a) // lcall $imm16, $imm16/32188 }189 if cfg.Mode == iset.ModeProt16 {190 gen.imm16(uint16(off))191 } else {192 gen.imm32(uint32(off))193 }194 gen.imm16(sel)195 }196 return gen.text197 },198 },199 {200 Name: "PSEUDO_LTR_LLDT",201 Mode: 1<<iset.ModeLong64 | 1<<iset.ModeProt32 | 1<<iset.ModeProt16,202 Priv: true,203 Pseudo: true,204 generator: func(cfg *iset.Config, r *rand.Rand) []byte {205 gen := makeGen(cfg, r)206 sel := randSelector(r)207 gen.mov16(regAX, sel)208 if r.Intn(2) == 0 {209 gen.byte(0x0f, 0x00, 0xd8) // ltr %ax210 } else {211 gen.byte(0x0f, 0x00, 0xd0) // lldt %ax212 }213 return gen.text214 },215 },216 {217 Name: "PSEUDO_LGIDT",218 Mode: 1<<iset.ModeLong64 | 1<<iset.ModeProt32 | 1<<iset.ModeProt16,219 Priv: true,220 Pseudo: true,221 generator: func(cfg *iset.Config, r *rand.Rand) []byte {222 gen := makeGen(cfg, r)223 limit := uint32(iset.GenerateInt(cfg, r, 2))224 base := uint32(iset.GenerateInt(cfg, r, 4))225 gen.mov32toSPaddr(limit, 0)226 gen.mov32toSPaddr(base, 2)227 gen.mov32toSPaddr(0, 6)228 gen.addr32()229 if r.Intn(2) == 0 {230 gen.byte(0x0f, 0x01, 0x14, 0x24) // lgdt (%rsp)231 } else {232 gen.byte(0x0f, 0x01, 0x1c, 0x24) // lidt (%rsp)233 }234 return gen.text235 },236 },237 {238 Name: "PSEUDO_HYPERCALL",239 Mode: 1<<iset.ModeLong64 | 1<<iset.ModeProt32 | 1<<iset.ModeProt16,240 Priv: true,241 Pseudo: true,242 generator: func(cfg *iset.Config, r *rand.Rand) []byte {243 gen := makeGen(cfg, r)244 switch r.Intn(2) {245 case 0:246 gen.mov32(regEAX, 1) // KVM_HC_VAPIC_POLL_IRQ247 case 1:248 gen.mov32(regEAX, 5) // KVM_HC_KICK_CPU249 gen.mov32(regECX, uint32(iset.GenerateInt(cfg, r, 4))) // APIC ID250 default:251 panic("bad")252 }253 if r.Intn(2) == 0 {254 gen.byte(0x0f, 0x01, 0xd9) // vmmcall255 } else {256 gen.byte(0x0f, 0x01, 0xc1) // vmcall257 }258 return gen.text259 },260 },261}262const (263 regAL = iota264 regAX265 regEAX266 regRAX267 regCL268 regCX269 regECX270 regRCX271 regDL272 regDX273 regEDX274 regRDX275)276type generator struct {277 mode iset.Mode278 r *rand.Rand279 text []byte280}281func makeGen(cfg *iset.Config, r *rand.Rand) *generator {282 return &generator{283 mode: cfg.Mode,284 r: r,285 }286}287func (gen *generator) byte(v ...uint8) {288 gen.text = append(gen.text, v...)289}290func (gen *generator) imm16(v uint16) {291 gen.byte(byte(v>>0), byte(v>>8))292}293func (gen *generator) imm32(v uint32) {294 gen.byte(byte(v>>0), byte(v>>8), byte(v>>16), byte(v>>24))295}296func (gen *generator) imm64(v uint64) {297 gen.byte(byte(v>>0), byte(v>>8), byte(v>>16), byte(v>>24),298 byte(v>>32), byte(v>>40), byte(v>>48), byte(v>>56))299}300func (gen *generator) operand16() {301 switch gen.mode {302 case iset.ModeLong64, iset.ModeProt32:303 gen.byte(0x66)304 case iset.ModeProt16, iset.ModeReal16:305 default:306 panic("bad mode")307 }308}309func (gen *generator) operand32() {310 switch gen.mode {311 case iset.ModeLong64, iset.ModeProt32:312 case iset.ModeProt16, iset.ModeReal16:313 gen.byte(0x66)314 default:315 panic("bad mode")316 }317}318func (gen *generator) addr32() {319 switch gen.mode {320 case iset.ModeLong64, iset.ModeProt32:321 case iset.ModeProt16, iset.ModeReal16:322 gen.byte(0x67)323 default:324 panic("bad mode")325 }326}327func (gen *generator) mov8(reg int, v uint8) {328 switch reg {329 case regAL:330 gen.byte(0xb0)331 case regCL:332 gen.byte(0xb1)333 case regDL:334 gen.byte(0xb2)335 default:336 panic("unknown register")337 }338 gen.byte(v)339}340func (gen *generator) mov16(reg int, v uint16) {341 gen.operand16()342 switch reg {343 case regAX:344 gen.byte(0xb8)345 case regCX:346 gen.byte(0xb9)347 case regDX:348 gen.byte(0xba)349 default:350 panic("unknown register")351 }352 gen.imm16(v)353}354func (gen *generator) mov32(reg int, v uint32) {355 gen.operand32()356 switch reg {357 case regEAX:358 gen.byte(0xb8)359 case regECX:360 gen.byte(0xb9)361 case regEDX:362 gen.byte(0xba)363 default:364 panic("unknown register")365 }366 gen.imm32(v)367}368func (gen *generator) mov64(reg int, v uint64) {369 if gen.mode != iset.ModeLong64 {370 panic("bad mode")371 }372 gen.byte(0x48)373 switch reg {374 case regRAX:375 gen.byte(0xb8)376 case regRCX:377 gen.byte(0xb9)378 case regRDX:379 gen.byte(0xba)380 default:381 panic("unknown register")382 }383 gen.imm64(v)384}385// movl $v, off(%rsp).386func (gen *generator) mov32toSPaddr(v uint32, off uint8) {387 gen.addr32()388 gen.operand32()389 gen.byte(0xc7, 0x44, 0x24, off)390 gen.imm32(v)391}392func (gen *generator) xor32(reg int, v uint32) {393 gen.operand32()394 switch reg {395 case regEAX:396 gen.byte(0x35)397 default:398 panic("unknown register")399 }400 gen.imm32(v)401}402func (gen *generator) readCR(cr uint8) {403 if cr < 8 {404 // MOV %crN, %eax/%rax405 gen.byte(0x0f, 0x20, 0xc0|cr<<3)406 } else if cr < 16 {407 // MOV %crN, %eax/%rax408 gen.byte(0x44, 0x0f, 0x20, 0xc0|(cr-8)<<3)409 } else {410 panic("bad cr")411 }412}413func (gen *generator) writeCR(cr uint8) {414 if cr < 8 {415 // MOV %eax/%rax, %crN416 gen.byte(0x0f, 0x22, 0xc0|cr<<3)417 } else if cr < 16 {418 // MOV %eax/%rax, %crN419 gen.byte(0x44, 0x0f, 0x22, 0xc0|(cr-8)<<3)420 } else {421 panic("bad cr")422 }423}424func (gen *generator) readDR(dr uint8) {425 if dr >= 8 {426 panic("bad dr")427 }428 // MOV %drN, %eax/%rax429 gen.byte(0x0f, 0x21, 0xc0|dr<<3)430}431func (gen *generator) writeDR(dr uint8) {432 if dr >= 8 {433 panic("bad dr")434 }435 // MOV %eax/%rax, %drN436 gen.byte(0x0f, 0x23, 0xc0|dr<<3)437}438func (gen *generator) in8(port uint16) {439 gen.mov16(regDX, port)440 gen.byte(0xec) // in %al, %dx441}442func (gen *generator) in16(port uint16) {443 gen.mov16(regDX, port)444 gen.operand16()445 gen.byte(0xed) // in %ax, %dx446}447func (gen *generator) in32(port uint16) {448 gen.mov16(regDX, port)449 gen.operand32()450 gen.byte(0xed) // in %eax, %dx451}452func (gen *generator) in(port uint16, size int) {453 switch size {454 case 0:455 gen.in8(port)456 case 1:457 gen.in16(port)458 case 2:459 gen.in32(port)460 default:461 panic("bad size")462 }463}464func (gen *generator) out8(port uint16, v uint8) {465 gen.mov16(regDX, port)466 gen.mov8(regAL, v)467 gen.byte(0xee) // out %dx, %al468}469func (gen *generator) out16(port, v uint16) {470 gen.mov16(regDX, port)471 gen.mov16(regAX, v)472 gen.operand16()473 gen.byte(0xef) // out %dx, %ax474}475func (gen *generator) out32(port uint16, v uint32) {476 gen.mov16(regDX, port)477 gen.mov32(regEAX, v)478 gen.operand32()479 gen.byte(0xef) // out %dx, %eax480}481func (gen *generator) out(port uint16, v uint32, size int) {482 switch size {483 case 0:484 gen.out8(port, uint8(v))485 case 1:486 gen.out16(port, uint16(v))487 case 2:488 gen.out32(port, v)489 default:490 panic("bad size")491 }492}493func randSelector(r *rand.Rand) uint16 {494 seg := uint16(r.Intn(40))495 dpl := uint16(r.Intn(4))496 ldt := uint16(r.Intn(2))497 return seg<<3 | ldt<<2 | dpl498}499func pciAddrPort(r *rand.Rand) (addr uint32, port uint16, size int) {500 bus := uint32(r.Intn(256))501 dev := uint32(r.Intn(32))502 fn := uint32(r.Intn(8))503 reghi := uint32(r.Intn(16))504 reglo := uint32(r.Intn(64)) << 2505 port = 0xcfc506 switch size = r.Intn(3); size {507 case 0:508 port += uint16(reglo & 3)509 reglo += uint32(r.Intn(4))510 case 1:511 port += uint16(reglo & 2)512 reglo += uint32(r.Intn(2) * 2)513 case 2:...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful