Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7683fc6 authored by Michael Ellerman's avatar Michael Ellerman
Browse files

selftests/powerpc: Add a test of wild bctr 

This tests that a bctr (Branch to counter and link), ie. a function
call, to a wildly out-of-bounds address is handled correctly.

Some old kernel versions didn't handle it correctly, see eg:

  "powerpc/slb: Force a full SLB flush when we insert for a bad EA"
  https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-April/157397.html



Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent 0d923962

tools/testing/selftests/powerpc/include/reg.h

+1 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
				    : "memory")



#define mb()		asm volatile("sync" : : : "memory");

#define barrier()	asm volatile("" : : : "memory");



#define SPRN_MMCR2     769

#define SPRN_MMCRA     770

tools/testing/selftests/powerpc/mm/.gitignore

+2 −1
Original line number Diff line number Diff line
@@ -3,3 +3,4 @@ subpage_prot 
tempfile

prot_sao

segv_errors

wild_bctr
 
 No newline at end of file

tools/testing/selftests/powerpc/mm/Makefile

+3 −1
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
noarg:

	$(MAKE) -C ../



TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors

TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr

TEST_GEN_FILES := tempfile



top_srcdir = ../../../../..
@@ -12,6 +12,8 @@ $(TEST_GEN_PROGS): ../harness.c 


$(OUTPUT)/prot_sao: ../utils.c



$(OUTPUT)/wild_bctr: CFLAGS += -m64



$(OUTPUT)/tempfile:

	dd if=/dev/zero of=$@ bs=64k count=1

tools/testing/selftests/powerpc/mm/wild_bctr.c

0 → 100644
+155 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0+

/*

 * Copyright 2018, Michael Ellerman, IBM Corp.

 *

 * Test that an out-of-bounds branch to counter behaves as expected.

 */



#include <setjmp.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <sys/mman.h>

#include <sys/types.h>

#include <sys/wait.h>

#include <ucontext.h>

#include <unistd.h>



#include "utils.h"





#define BAD_NIP	0x788c545a18000000ull



static struct pt_regs signal_regs;

static jmp_buf setjmp_env;



static void save_regs(ucontext_t *ctxt)

{

	struct pt_regs *regs = ctxt->uc_mcontext.regs;



	memcpy(&signal_regs, regs, sizeof(signal_regs));

}



static void segv_handler(int signum, siginfo_t *info, void *ctxt_v)

{

	save_regs(ctxt_v);

	longjmp(setjmp_env, 1);

}



static void usr2_handler(int signum, siginfo_t *info, void *ctxt_v)

{

	save_regs(ctxt_v);

}



static int ok(void)

{

	printf("Everything is OK in here.\n");

	return 0;

}



#define REG_POISON	0x5a5aUL

#define POISONED_REG(n)	((REG_POISON << 48) | ((n) << 32) | (REG_POISON << 16) | (n))



static inline void poison_regs(void)

{

	#define POISON_REG(n)	\

	  "lis  " __stringify(n) "," __stringify(REG_POISON) ";" \

	  "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";" \

	  "sldi " __stringify(n) "," __stringify(n) ", 32 ;" \

	  "oris " __stringify(n) "," __stringify(n) "," __stringify(REG_POISON) ";" \

	  "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";"



	asm (POISON_REG(15)

	     POISON_REG(16)

	     POISON_REG(17)

	     POISON_REG(18)

	     POISON_REG(19)

	     POISON_REG(20)

	     POISON_REG(21)

	     POISON_REG(22)

	     POISON_REG(23)

	     POISON_REG(24)

	     POISON_REG(25)

	     POISON_REG(26)

	     POISON_REG(27)

	     POISON_REG(28)

	     POISON_REG(29)

	     : // inputs

	     : // outputs

	     : "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25",

	       "26", "27", "28", "29"

	);

	#undef POISON_REG

}



static int check_regs(void)

{

	unsigned long i;



	for (i = 15; i <= 29; i++)

		FAIL_IF(signal_regs.gpr[i] != POISONED_REG(i));



	printf("Regs OK\n");

	return 0;

}



static void dump_regs(void)

{

	for (int i = 0; i < 32; i += 4) {

		printf("r%02d 0x%016lx  r%02d 0x%016lx  " \

		       "r%02d 0x%016lx  r%02d 0x%016lx\n",

		       i, signal_regs.gpr[i],

		       i+1, signal_regs.gpr[i+1],

		       i+2, signal_regs.gpr[i+2],

		       i+3, signal_regs.gpr[i+3]);

	}

}



int test_wild_bctr(void)

{

	int (*func_ptr)(void);

	struct sigaction segv = {

		.sa_sigaction = segv_handler,

		.sa_flags = SA_SIGINFO

	};

	struct sigaction usr2 = {

		.sa_sigaction = usr2_handler,

		.sa_flags = SA_SIGINFO

	};



	FAIL_IF(sigaction(SIGSEGV, &segv, NULL));

	FAIL_IF(sigaction(SIGUSR2, &usr2, NULL));



	bzero(&signal_regs, sizeof(signal_regs));



	if (setjmp(setjmp_env) == 0) {

		func_ptr = ok;

		func_ptr();



		kill(getpid(), SIGUSR2);

		printf("Regs before:\n");

		dump_regs();

		bzero(&signal_regs, sizeof(signal_regs));



		poison_regs();



		func_ptr = (int (*)(void))BAD_NIP;

		func_ptr();



		FAIL_IF(1); /* we didn't segv? */

	}



	FAIL_IF(signal_regs.nip != BAD_NIP);



	printf("All good - took SEGV as expected branching to 0x%llx\n", BAD_NIP);



	dump_regs();

	FAIL_IF(check_regs());



	return 0;

}



int main(void)

{

	return test_harness(test_wild_bctr, "wild_bctr");

}