1 // SPDX-License-Identifier: GPL-2.0-only
5  * Check if thread endianness is flipped inadvertently to BE on trap
9  * The issue can be checked on LE machines simply by zeroing load_fp
10  * and load_vec and then causing a trap in TM. Since the endianness
11  * changes to BE on return from the signal handler, 'nop' is
19  * However, although the issue is also present on BE machines, it's a
20  * bit trickier to check it on BE machines because MSR.LE bit is set
21  * to zero which determines a BE endianness that is the native
22  * endianness on BE machines, so nothing notably critical happens,
24  * from the signal handler (as it happens on LE machines). Thus to test
25  * it on BE machines LE endianness is forced after a first trap and then
26  * the endianness is verified on subsequent traps to determine if the
27  * endianness "flipped back" to the native endianness (BE).
67 	thread_endianness = MSR_LE & ucp->uc_mcontext.gp_regs[PT_MSR];  in trap_signal_handler()
70 	 * Little-Endian Machine  in trap_signal_handler()
77 			 * event that endianness is flipped by the bug, so just  in trap_signal_handler()
78 			 * let the process return from the signal handler and  in trap_signal_handler()
79 			 * check on the second trap event if endianness is  in trap_signal_handler()
86 			 * Since trap was caught in TM on first trap event, if  in trap_signal_handler()
88 			 * after returning from the signal handler instruction  in trap_signal_handler()
90 			 * at address of tbegin. +4 (rollback addr). As (1) on  in trap_signal_handler()
94 			 * not in transacional mode). On te other hand, if after  in trap_signal_handler()
95 			 * the return from the signal handler the endianness in-  in trap_signal_handler()
98 			 * and (4) are executed (tbegin.; trap;) and we get sim-  in trap_signal_handler()
99 			 * ilaly on the trap signal handler, but now in TM mode.  in trap_signal_handler()
100 			 * Either way, it's now possible to check the MSR LE bit  in trap_signal_handler()
101 			 * once in the trap handler to verify if endianness was  in trap_signal_handler()
102 			 * flipped or not after the return from the second trap  in trap_signal_handler()
103 			 * event. If endianness is flipped, the bug is present.  in trap_signal_handler()
105 			 * worth noting because it affects the math to determine  in trap_signal_handler()
106 			 * the offset added to the NIP on return: the NIP for a  in trap_signal_handler()
107 			 * trap caught in TM is the rollback address, i.e. the  in trap_signal_handler()
108 			 * next instruction after 'tbegin.', whilst the NIP for  in trap_signal_handler()
109 			 * a trap caught in non-transactional mode is the very  in trap_signal_handler()
110 			 * same address of the 'trap' instruction that generated  in trap_signal_handler()
111 			 * the trap event.  in trap_signal_handler()
115 				/* Go to 'success', i.e. instruction (6) */  in trap_signal_handler()
116 				ucp->uc_mcontext.gp_regs[PT_NIP] += 16;  in trap_signal_handler()
121 				 * set NIP to go to 'failure', instruction (5).  in trap_signal_handler()
123 				ucp->uc_mcontext.gp_regs[PT_MSR] |= 1UL;  in trap_signal_handler()
124 				ucp->uc_mcontext.gp_regs[PT_NIP] += 4;  in trap_signal_handler()
130 	 * Big-Endian Machine  in trap_signal_handler()
141 			ucp->uc_mcontext.gp_regs[PT_MSR] |= 1UL;  in trap_signal_handler()
146 			 * Do nothing. If bug is present on return from this  in trap_signal_handler()
147 			 * second trap event endianness will flip back "automat-  in trap_signal_handler()
155 			 * Once here it means that after returning from the sec-  in trap_signal_handler()
158 			 * endianness is still LE as set on return from the  in trap_signal_handler()
160 			 * flipped back to BE on return from the second trap  in trap_signal_handler()
168 			 * Flip back to BE and go to instruction (6), i.e. go to  in trap_signal_handler()
171 			ucp->uc_mcontext.gp_regs[PT_MSR] &= ~1UL;  in trap_signal_handler()
172 			ucp->uc_mcontext.gp_regs[PT_NIP] += 8;  in trap_signal_handler()
201 		 * instruction is executed on machine's native endianness (in  in ping()
203 		 * [OP] means "Opposite Endianness", i.e. on a BE machine, it  in ping()
204 		 * tells how a instruction is executed as a LE instruction; con-  in ping()
205 		 * versely, on a LE machine, it tells how a instruction is  in ping()
207 		 * that the native interpretation of a given instruction is not  in ping()
208 		 * relevant for the test. Likewise when [OP] is omitted.  in ping()
238 		 * Induce context switches on ping() thread  in pong()
273 	// Set only one CPU in the mask. Both threads will be bound to that CPU.  in tm_trap_test()
283 	 * Bind thread ping() and pong() both to CPU 0 so they ping-pong and  in tm_trap_test()
284 	 * speed up context switches on ping() thread, speeding up the load_fp  in tm_trap_test()
291 	/* Figure out the machine endianness */  in tm_trap_test()
295 		le ? "Little-Endian" : "Big-Endian",  in tm_trap_test()
296 		"inadvertently on trap in TM... ");  in tm_trap_test()