0001
0002
0003
0004
0005
0006
0007
0008 #include <setjmp.h>
0009 #include <stdio.h>
0010 #include <stdlib.h>
0011 #include <string.h>
0012 #include <sys/mman.h>
0013 #include <sys/types.h>
0014 #include <sys/wait.h>
0015 #include <ucontext.h>
0016 #include <unistd.h>
0017
0018 #include "utils.h"
0019
0020
0021 #define BAD_NIP 0x788c545a18000000ull
0022
0023 static struct pt_regs signal_regs;
0024 static jmp_buf setjmp_env;
0025
0026 static void save_regs(ucontext_t *ctxt)
0027 {
0028 struct pt_regs *regs = ctxt->uc_mcontext.regs;
0029
0030 memcpy(&signal_regs, regs, sizeof(signal_regs));
0031 }
0032
0033 static void segv_handler(int signum, siginfo_t *info, void *ctxt_v)
0034 {
0035 save_regs(ctxt_v);
0036 longjmp(setjmp_env, 1);
0037 }
0038
0039 static void usr2_handler(int signum, siginfo_t *info, void *ctxt_v)
0040 {
0041 save_regs(ctxt_v);
0042 }
0043
0044 static int ok(void)
0045 {
0046 printf("Everything is OK in here.\n");
0047 return 0;
0048 }
0049
0050 #define REG_POISON 0x5a5a
0051 #define POISONED_REG(n) ((((unsigned long)REG_POISON) << 48) | ((n) << 32) | \
0052 (((unsigned long)REG_POISON) << 16) | (n))
0053
0054 static inline void poison_regs(void)
0055 {
0056 #define POISON_REG(n) \
0057 "lis " __stringify(n) "," __stringify(REG_POISON) ";" \
0058 "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";" \
0059 "sldi " __stringify(n) "," __stringify(n) ", 32 ;" \
0060 "oris " __stringify(n) "," __stringify(n) "," __stringify(REG_POISON) ";" \
0061 "addi " __stringify(n) "," __stringify(n) "," __stringify(n) ";"
0062
0063 asm (POISON_REG(15)
0064 POISON_REG(16)
0065 POISON_REG(17)
0066 POISON_REG(18)
0067 POISON_REG(19)
0068 POISON_REG(20)
0069 POISON_REG(21)
0070 POISON_REG(22)
0071 POISON_REG(23)
0072 POISON_REG(24)
0073 POISON_REG(25)
0074 POISON_REG(26)
0075 POISON_REG(27)
0076 POISON_REG(28)
0077 POISON_REG(29)
0078 :
0079 :
0080 : "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25",
0081 "26", "27", "28", "29"
0082 );
0083 #undef POISON_REG
0084 }
0085
0086 static int check_regs(void)
0087 {
0088 unsigned long i;
0089
0090 for (i = 15; i <= 29; i++)
0091 FAIL_IF(signal_regs.gpr[i] != POISONED_REG(i));
0092
0093 printf("Regs OK\n");
0094 return 0;
0095 }
0096
0097 static void dump_regs(void)
0098 {
0099 for (int i = 0; i < 32; i += 4) {
0100 printf("r%02d 0x%016lx r%02d 0x%016lx " \
0101 "r%02d 0x%016lx r%02d 0x%016lx\n",
0102 i, signal_regs.gpr[i],
0103 i+1, signal_regs.gpr[i+1],
0104 i+2, signal_regs.gpr[i+2],
0105 i+3, signal_regs.gpr[i+3]);
0106 }
0107 }
0108
0109 #ifdef _CALL_AIXDESC
0110 struct opd {
0111 unsigned long ip;
0112 unsigned long toc;
0113 unsigned long env;
0114 };
0115 static struct opd bad_opd = {
0116 .ip = BAD_NIP,
0117 };
0118 #define BAD_FUNC (&bad_opd)
0119 #else
0120 #define BAD_FUNC BAD_NIP
0121 #endif
0122
0123 int test_wild_bctr(void)
0124 {
0125 int (*func_ptr)(void);
0126 struct sigaction segv = {
0127 .sa_sigaction = segv_handler,
0128 .sa_flags = SA_SIGINFO
0129 };
0130 struct sigaction usr2 = {
0131 .sa_sigaction = usr2_handler,
0132 .sa_flags = SA_SIGINFO
0133 };
0134
0135 FAIL_IF(sigaction(SIGSEGV, &segv, NULL));
0136 FAIL_IF(sigaction(SIGUSR2, &usr2, NULL));
0137
0138 bzero(&signal_regs, sizeof(signal_regs));
0139
0140 if (setjmp(setjmp_env) == 0) {
0141 func_ptr = ok;
0142 func_ptr();
0143
0144 kill(getpid(), SIGUSR2);
0145 printf("Regs before:\n");
0146 dump_regs();
0147 bzero(&signal_regs, sizeof(signal_regs));
0148
0149 poison_regs();
0150
0151 func_ptr = (int (*)(void))BAD_FUNC;
0152 func_ptr();
0153
0154 FAIL_IF(1);
0155 }
0156
0157 FAIL_IF(signal_regs.nip != BAD_NIP);
0158
0159 printf("All good - took SEGV as expected branching to 0x%llx\n", BAD_NIP);
0160
0161 dump_regs();
0162 FAIL_IF(check_regs());
0163
0164 return 0;
0165 }
0166
0167 int main(void)
0168 {
0169 return test_harness(test_wild_bctr, "wild_bctr");
0170 }
