1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright 2018, Michael Ellerman, IBM Corp.
5 * Test that an out-of-bounds branch to counter behaves as expected.
13 #include <sys/types.h>
21 #define BAD_NIP 0x788c545a18000000ull
23 static struct pt_regs signal_regs;
24 static jmp_buf setjmp_env;
26 static void save_regs(ucontext_t *ctxt)
28 struct pt_regs *regs = ctxt->uc_mcontext.regs;
30 memcpy(&signal_regs, regs, sizeof(signal_regs));
33 static void segv_handler(int signum, siginfo_t *info, void *ctxt_v)
36 longjmp(setjmp_env, 1);
39 static void usr2_handler(int signum, siginfo_t *info, void *ctxt_v)
46 printf("Everything is OK in here.\n");
50 #define REG_POISON 0x5a5aUL
51 #define POISONED_REG(n) ((REG_POISON << 48) | ((n) << 32) | (REG_POISON << 16) | (n))
53 static inline void poison_regs(void)
55 #define POISON_REG(n) \
56 "lis " __stringify(n) "," __stringify(REG_POISON) ";" \
57 "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";" \
58 "sldi " __stringify(n) "," __stringify(n) ", 32 ;" \
59 "oris " __stringify(n) "," __stringify(n) "," __stringify(REG_POISON) ";" \
60 "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";"
79 : "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25",
80 "26", "27", "28", "29"
85 static int check_regs(void)
89 for (i = 15; i <= 29; i++)
90 FAIL_IF(signal_regs.gpr[i] != POISONED_REG(i));
96 static void dump_regs(void)
98 for (int i = 0; i < 32; i += 4) {
99 printf("r%02d 0x%016lx r%02d 0x%016lx " \
100 "r%02d 0x%016lx r%02d 0x%016lx\n",
101 i, signal_regs.gpr[i],
102 i+1, signal_regs.gpr[i+1],
103 i+2, signal_regs.gpr[i+2],
104 i+3, signal_regs.gpr[i+3]);
108 int test_wild_bctr(void)
110 int (*func_ptr)(void);
111 struct sigaction segv = {
112 .sa_sigaction = segv_handler,
113 .sa_flags = SA_SIGINFO
115 struct sigaction usr2 = {
116 .sa_sigaction = usr2_handler,
117 .sa_flags = SA_SIGINFO
120 FAIL_IF(sigaction(SIGSEGV, &segv, NULL));
121 FAIL_IF(sigaction(SIGUSR2, &usr2, NULL));
123 bzero(&signal_regs, sizeof(signal_regs));
125 if (setjmp(setjmp_env) == 0) {
129 kill(getpid(), SIGUSR2);
130 printf("Regs before:\n");
132 bzero(&signal_regs, sizeof(signal_regs));
136 func_ptr = (int (*)(void))BAD_NIP;
139 FAIL_IF(1); /* we didn't segv? */
142 FAIL_IF(signal_regs.nip != BAD_NIP);
144 printf("All good - took SEGV as expected branching to 0x%llx\n", BAD_NIP);
147 FAIL_IF(check_regs());
154 return test_harness(test_wild_bctr, "wild_bctr");