rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
[qemu/ar7.git] / tests / fdc-test.c
blob416394fc770965b94dccbf456c8b6cbda7c89f4a
1 /*
2 * Floppy test cases.
4 * Copyright (c) 2012 Kevin Wolf <kwolf@redhat.com>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
25 #include <stdint.h>
26 #include <string.h>
27 #include <stdio.h>
29 #include <glib.h>
31 #include "libqtest.h"
32 #include "qemu-common.h"
34 #define TEST_IMAGE_SIZE 1440 * 1024
36 #define FLOPPY_BASE 0x3f0
37 #define FLOPPY_IRQ 6
39 enum {
40 reg_sra = 0x0,
41 reg_srb = 0x1,
42 reg_dor = 0x2,
43 reg_msr = 0x4,
44 reg_dsr = 0x4,
45 reg_fifo = 0x5,
46 reg_dir = 0x7,
49 enum {
50 CMD_SENSE_INT = 0x08,
51 CMD_READ_ID = 0x0a,
52 CMD_SEEK = 0x0f,
53 CMD_VERIFY = 0x16,
54 CMD_READ = 0xe6,
55 CMD_RELATIVE_SEEK_OUT = 0x8f,
56 CMD_RELATIVE_SEEK_IN = 0xcf,
59 enum {
60 BUSY = 0x10,
61 NONDMA = 0x20,
62 RQM = 0x80,
63 DIO = 0x40,
65 DSKCHG = 0x80,
68 static char test_image[] = "/tmp/qtest.XXXXXX";
70 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
71 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
73 static uint8_t base = 0x70;
75 enum {
76 CMOS_FLOPPY = 0x10,
79 static void floppy_send(uint8_t byte)
81 uint8_t msr;
83 msr = inb(FLOPPY_BASE + reg_msr);
84 assert_bit_set(msr, RQM);
85 assert_bit_clear(msr, DIO);
87 outb(FLOPPY_BASE + reg_fifo, byte);
90 static uint8_t floppy_recv(void)
92 uint8_t msr;
94 msr = inb(FLOPPY_BASE + reg_msr);
95 assert_bit_set(msr, RQM | DIO);
97 return inb(FLOPPY_BASE + reg_fifo);
100 /* pcn: Present Cylinder Number */
101 static void ack_irq(uint8_t *pcn)
103 uint8_t ret;
105 g_assert(get_irq(FLOPPY_IRQ));
106 floppy_send(CMD_SENSE_INT);
107 floppy_recv();
109 ret = floppy_recv();
110 if (pcn != NULL) {
111 *pcn = ret;
114 g_assert(!get_irq(FLOPPY_IRQ));
117 static uint8_t send_read_command(uint8_t cmd)
119 uint8_t drive = 0;
120 uint8_t head = 0;
121 uint8_t cyl = 0;
122 uint8_t sect_addr = 1;
123 uint8_t sect_size = 2;
124 uint8_t eot = 1;
125 uint8_t gap = 0x1b;
126 uint8_t gpl = 0xff;
128 uint8_t msr = 0;
129 uint8_t st0;
131 uint8_t ret = 0;
133 floppy_send(cmd);
134 floppy_send(head << 2 | drive);
135 g_assert(!get_irq(FLOPPY_IRQ));
136 floppy_send(cyl);
137 floppy_send(head);
138 floppy_send(sect_addr);
139 floppy_send(sect_size);
140 floppy_send(eot);
141 floppy_send(gap);
142 floppy_send(gpl);
144 uint8_t i = 0;
145 uint8_t n = 2;
146 for (; i < n; i++) {
147 msr = inb(FLOPPY_BASE + reg_msr);
148 if (msr == 0xd0) {
149 break;
151 sleep(1);
154 if (i >= n) {
155 return 1;
158 st0 = floppy_recv();
159 if (st0 != 0x40) {
160 ret = 1;
163 floppy_recv();
164 floppy_recv();
165 floppy_recv();
166 floppy_recv();
167 floppy_recv();
168 floppy_recv();
170 return ret;
173 static uint8_t send_read_no_dma_command(int nb_sect, uint8_t expected_st0)
175 uint8_t drive = 0;
176 uint8_t head = 0;
177 uint8_t cyl = 0;
178 uint8_t sect_addr = 1;
179 uint8_t sect_size = 2;
180 uint8_t eot = nb_sect;
181 uint8_t gap = 0x1b;
182 uint8_t gpl = 0xff;
184 uint8_t msr = 0;
185 uint8_t st0;
187 uint8_t ret = 0;
189 floppy_send(CMD_READ);
190 floppy_send(head << 2 | drive);
191 g_assert(!get_irq(FLOPPY_IRQ));
192 floppy_send(cyl);
193 floppy_send(head);
194 floppy_send(sect_addr);
195 floppy_send(sect_size);
196 floppy_send(eot);
197 floppy_send(gap);
198 floppy_send(gpl);
200 uint16_t i = 0;
201 uint8_t n = 2;
202 for (; i < n; i++) {
203 msr = inb(FLOPPY_BASE + reg_msr);
204 if (msr == (BUSY | NONDMA | DIO | RQM)) {
205 break;
207 sleep(1);
210 if (i >= n) {
211 return 1;
214 /* Non-DMA mode */
215 for (i = 0; i < 512 * 2 * nb_sect; i++) {
216 msr = inb(FLOPPY_BASE + reg_msr);
217 assert_bit_set(msr, BUSY | RQM | DIO);
218 inb(FLOPPY_BASE + reg_fifo);
221 msr = inb(FLOPPY_BASE + reg_msr);
222 assert_bit_set(msr, BUSY | RQM | DIO);
223 g_assert(get_irq(FLOPPY_IRQ));
225 st0 = floppy_recv();
226 if (st0 != expected_st0) {
227 ret = 1;
230 floppy_recv();
231 floppy_recv();
232 floppy_recv();
233 floppy_recv();
234 floppy_recv();
235 g_assert(get_irq(FLOPPY_IRQ));
236 floppy_recv();
238 /* Check that we're back in command phase */
239 msr = inb(FLOPPY_BASE + reg_msr);
240 assert_bit_clear(msr, BUSY | DIO);
241 assert_bit_set(msr, RQM);
242 g_assert(!get_irq(FLOPPY_IRQ));
244 return ret;
247 static void send_seek(int cyl)
249 int drive = 0;
250 int head = 0;
252 floppy_send(CMD_SEEK);
253 floppy_send(head << 2 | drive);
254 g_assert(!get_irq(FLOPPY_IRQ));
255 floppy_send(cyl);
256 ack_irq(NULL);
259 static uint8_t cmos_read(uint8_t reg)
261 outb(base + 0, reg);
262 return inb(base + 1);
265 static void test_cmos(void)
267 uint8_t cmos;
269 cmos = cmos_read(CMOS_FLOPPY);
270 g_assert(cmos == 0x40);
273 static void test_no_media_on_start(void)
275 uint8_t dir;
277 /* Media changed bit must be set all time after start if there is
278 * no media in drive. */
279 dir = inb(FLOPPY_BASE + reg_dir);
280 assert_bit_set(dir, DSKCHG);
281 dir = inb(FLOPPY_BASE + reg_dir);
282 assert_bit_set(dir, DSKCHG);
283 send_seek(1);
284 dir = inb(FLOPPY_BASE + reg_dir);
285 assert_bit_set(dir, DSKCHG);
286 dir = inb(FLOPPY_BASE + reg_dir);
287 assert_bit_set(dir, DSKCHG);
290 static void test_read_without_media(void)
292 uint8_t ret;
294 ret = send_read_command(CMD_READ);
295 g_assert(ret == 0);
298 static void test_media_insert(void)
300 uint8_t dir;
302 /* Insert media in drive. DSKCHK should not be reset until a step pulse
303 * is sent. */
304 qmp_discard_response("{'execute':'change', 'arguments':{"
305 " 'device':'floppy0', 'target': %s, 'arg': 'raw' }}",
306 test_image);
307 qmp_discard_response(""); /* ignore event
308 (FIXME open -> open transition?!) */
309 qmp_discard_response(""); /* ignore event */
311 dir = inb(FLOPPY_BASE + reg_dir);
312 assert_bit_set(dir, DSKCHG);
313 dir = inb(FLOPPY_BASE + reg_dir);
314 assert_bit_set(dir, DSKCHG);
316 send_seek(0);
317 dir = inb(FLOPPY_BASE + reg_dir);
318 assert_bit_set(dir, DSKCHG);
319 dir = inb(FLOPPY_BASE + reg_dir);
320 assert_bit_set(dir, DSKCHG);
322 /* Step to next track should clear DSKCHG bit. */
323 send_seek(1);
324 dir = inb(FLOPPY_BASE + reg_dir);
325 assert_bit_clear(dir, DSKCHG);
326 dir = inb(FLOPPY_BASE + reg_dir);
327 assert_bit_clear(dir, DSKCHG);
330 static void test_media_change(void)
332 uint8_t dir;
334 test_media_insert();
336 /* Eject the floppy and check that DSKCHG is set. Reading it out doesn't
337 * reset the bit. */
338 qmp_discard_response("{'execute':'eject', 'arguments':{"
339 " 'device':'floppy0' }}");
340 qmp_discard_response(""); /* ignore event */
342 dir = inb(FLOPPY_BASE + reg_dir);
343 assert_bit_set(dir, DSKCHG);
344 dir = inb(FLOPPY_BASE + reg_dir);
345 assert_bit_set(dir, DSKCHG);
347 send_seek(0);
348 dir = inb(FLOPPY_BASE + reg_dir);
349 assert_bit_set(dir, DSKCHG);
350 dir = inb(FLOPPY_BASE + reg_dir);
351 assert_bit_set(dir, DSKCHG);
353 send_seek(1);
354 dir = inb(FLOPPY_BASE + reg_dir);
355 assert_bit_set(dir, DSKCHG);
356 dir = inb(FLOPPY_BASE + reg_dir);
357 assert_bit_set(dir, DSKCHG);
360 static void test_sense_interrupt(void)
362 int drive = 0;
363 int head = 0;
364 int cyl = 0;
365 int ret = 0;
367 floppy_send(CMD_SENSE_INT);
368 ret = floppy_recv();
369 g_assert(ret == 0x80);
371 floppy_send(CMD_SEEK);
372 floppy_send(head << 2 | drive);
373 g_assert(!get_irq(FLOPPY_IRQ));
374 floppy_send(cyl);
376 floppy_send(CMD_SENSE_INT);
377 ret = floppy_recv();
378 g_assert(ret == 0x20);
379 floppy_recv();
382 static void test_relative_seek(void)
384 uint8_t drive = 0;
385 uint8_t head = 0;
386 uint8_t cyl = 1;
387 uint8_t pcn;
389 /* Send seek to track 0 */
390 send_seek(0);
392 /* Send relative seek to increase track by 1 */
393 floppy_send(CMD_RELATIVE_SEEK_IN);
394 floppy_send(head << 2 | drive);
395 g_assert(!get_irq(FLOPPY_IRQ));
396 floppy_send(cyl);
398 ack_irq(&pcn);
399 g_assert(pcn == 1);
401 /* Send relative seek to decrease track by 1 */
402 floppy_send(CMD_RELATIVE_SEEK_OUT);
403 floppy_send(head << 2 | drive);
404 g_assert(!get_irq(FLOPPY_IRQ));
405 floppy_send(cyl);
407 ack_irq(&pcn);
408 g_assert(pcn == 0);
411 static void test_read_id(void)
413 uint8_t drive = 0;
414 uint8_t head = 0;
415 uint8_t cyl;
416 uint8_t st0;
417 uint8_t msr;
419 /* Seek to track 0 and check with READ ID */
420 send_seek(0);
422 floppy_send(CMD_READ_ID);
423 g_assert(!get_irq(FLOPPY_IRQ));
424 floppy_send(head << 2 | drive);
426 msr = inb(FLOPPY_BASE + reg_msr);
427 if (!get_irq(FLOPPY_IRQ)) {
428 assert_bit_set(msr, BUSY);
429 assert_bit_clear(msr, RQM);
432 while (!get_irq(FLOPPY_IRQ)) {
433 /* qemu involves a timer with READ ID... */
434 clock_step(1000000000LL / 50);
437 msr = inb(FLOPPY_BASE + reg_msr);
438 assert_bit_set(msr, BUSY | RQM | DIO);
440 st0 = floppy_recv();
441 floppy_recv();
442 floppy_recv();
443 cyl = floppy_recv();
444 head = floppy_recv();
445 floppy_recv();
446 g_assert(get_irq(FLOPPY_IRQ));
447 floppy_recv();
448 g_assert(!get_irq(FLOPPY_IRQ));
450 g_assert_cmpint(cyl, ==, 0);
451 g_assert_cmpint(head, ==, 0);
452 g_assert_cmpint(st0, ==, head << 2);
454 /* Seek to track 8 on head 1 and check with READ ID */
455 head = 1;
456 cyl = 8;
458 floppy_send(CMD_SEEK);
459 floppy_send(head << 2 | drive);
460 g_assert(!get_irq(FLOPPY_IRQ));
461 floppy_send(cyl);
462 g_assert(get_irq(FLOPPY_IRQ));
463 ack_irq(NULL);
465 floppy_send(CMD_READ_ID);
466 g_assert(!get_irq(FLOPPY_IRQ));
467 floppy_send(head << 2 | drive);
469 msr = inb(FLOPPY_BASE + reg_msr);
470 if (!get_irq(FLOPPY_IRQ)) {
471 assert_bit_set(msr, BUSY);
472 assert_bit_clear(msr, RQM);
475 while (!get_irq(FLOPPY_IRQ)) {
476 /* qemu involves a timer with READ ID... */
477 clock_step(1000000000LL / 50);
480 msr = inb(FLOPPY_BASE + reg_msr);
481 assert_bit_set(msr, BUSY | RQM | DIO);
483 st0 = floppy_recv();
484 floppy_recv();
485 floppy_recv();
486 cyl = floppy_recv();
487 head = floppy_recv();
488 floppy_recv();
489 g_assert(get_irq(FLOPPY_IRQ));
490 floppy_recv();
491 g_assert(!get_irq(FLOPPY_IRQ));
493 g_assert_cmpint(cyl, ==, 8);
494 g_assert_cmpint(head, ==, 1);
495 g_assert_cmpint(st0, ==, head << 2);
498 static void test_read_no_dma_1(void)
500 uint8_t ret;
502 outb(FLOPPY_BASE + reg_dor, inb(FLOPPY_BASE + reg_dor) & ~0x08);
503 send_seek(0);
504 ret = send_read_no_dma_command(1, 0x04);
505 g_assert(ret == 0);
508 static void test_read_no_dma_18(void)
510 uint8_t ret;
512 outb(FLOPPY_BASE + reg_dor, inb(FLOPPY_BASE + reg_dor) & ~0x08);
513 send_seek(0);
514 ret = send_read_no_dma_command(18, 0x04);
515 g_assert(ret == 0);
518 static void test_read_no_dma_19(void)
520 uint8_t ret;
522 outb(FLOPPY_BASE + reg_dor, inb(FLOPPY_BASE + reg_dor) & ~0x08);
523 send_seek(0);
524 ret = send_read_no_dma_command(19, 0x20);
525 g_assert(ret == 0);
528 static void test_verify(void)
530 uint8_t ret;
532 ret = send_read_command(CMD_VERIFY);
533 g_assert(ret == 0);
536 /* success if no crash or abort */
537 static void fuzz_registers(void)
539 unsigned int i;
541 for (i = 0; i < 1000; i++) {
542 uint8_t reg, val;
544 reg = (uint8_t)g_test_rand_int_range(0, 8);
545 val = (uint8_t)g_test_rand_int_range(0, 256);
547 outb(FLOPPY_BASE + reg, val);
548 inb(FLOPPY_BASE + reg);
552 int main(int argc, char **argv)
554 const char *arch = qtest_get_arch();
555 int fd;
556 int ret;
558 /* Check architecture */
559 if (strcmp(arch, "i386") && strcmp(arch, "x86_64")) {
560 g_test_message("Skipping test for non-x86\n");
561 return 0;
564 /* Create a temporary raw image */
565 fd = mkstemp(test_image);
566 g_assert(fd >= 0);
567 ret = ftruncate(fd, TEST_IMAGE_SIZE);
568 g_assert(ret == 0);
569 close(fd);
571 /* Run the tests */
572 g_test_init(&argc, &argv, NULL);
574 qtest_start(NULL);
575 qtest_irq_intercept_in(global_qtest, "ioapic");
576 qtest_add_func("/fdc/cmos", test_cmos);
577 qtest_add_func("/fdc/no_media_on_start", test_no_media_on_start);
578 qtest_add_func("/fdc/read_without_media", test_read_without_media);
579 qtest_add_func("/fdc/media_change", test_media_change);
580 qtest_add_func("/fdc/sense_interrupt", test_sense_interrupt);
581 qtest_add_func("/fdc/relative_seek", test_relative_seek);
582 qtest_add_func("/fdc/read_id", test_read_id);
583 qtest_add_func("/fdc/verify", test_verify);
584 qtest_add_func("/fdc/media_insert", test_media_insert);
585 qtest_add_func("/fdc/read_no_dma_1", test_read_no_dma_1);
586 qtest_add_func("/fdc/read_no_dma_18", test_read_no_dma_18);
587 qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19);
588 qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
590 ret = g_test_run();
592 /* Cleanup */
593 qtest_end();
594 unlink(test_image);
596 return ret;