pkg/ifuzz/powerpc: fuzz the machine state register (MSR)

MSR is an SPR (Special Purpose Register) which controls endianness,
32/64 bits, privilege state and other CPU state bits. Some bits can be
changed by the "mtmsr" instruction ("Move To MSR") but for the privilege
bits "rfid" ("Return From Interrrupt Doubleword") needs to be used and
SRR0/SRR1 SPRs need to be preloaded with the desired mode and an address
to jump.

This adds an "rfid" pseudo instruction.

Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>

1 files changed, 27 insertions, 0 deletions

diff --git a/pkg/ifuzz/powerpc/pseudo.go b/pkg/ifuzz/powerpc/pseudo.go
index 4790cea9f..f67a38907 100644
--- a/pkg/ifuzz/powerpc/pseudo.go
+++ b/pkg/ifuzz/powerpc/pseudo.go
@@ -12,6 +12,8 @@ import (
 const (
 	// Valid hcall humbers at the momemt are: 4..0x450.
 	MaxHcall = 0x450 // MAX_HCALL
+	SprnSrr0 = 0x01A // pc for rfid (SPRN_SRR0)
+	SprnSrr1 = 0x01B // msr for rfid (SPRN_SRR1)
 )
 
 // nolint:dupl
@@ -56,6 +58,16 @@ func (insnset *InsnSet) initPseudo() {
 			return gen.text
 		},
 	})
+	insnset.Insns = append(insnset.Insns, &Insn{
+		Name:   "PSEUDO_rfid",
+		Priv:   true,
+		Pseudo: true,
+		generator: func(cfg *iset.Config, r *rand.Rand) []byte {
+			gen := makeGen(insnset, cfg, r)
+			gen.rfid()
+			return gen.text
+		},
+	})
 }
 
 type generator struct {
@@ -116,3 +128,18 @@ func (gen *generator) rtas() {
 
 	gen.byte(imap.sc(1))
 }
+
+func (gen *generator) rfid() {
+	imap := gen.imap
+	tmpreg := uint(gen.r.Intn(32))
+
+	// SRR0 contains a PC
+	gen.byte(imap.ld64(tmpreg, iset.GenerateInt(gen.cfg, gen.r, 8)))
+	gen.byte(imap["mtspr"].enc(map[string]uint{"RS": tmpreg, "SPR": SprnSrr0}))
+
+	// SRR1 contains an MSR
+	gen.byte(imap.ld64(tmpreg, gen.r.Uint64()))
+	gen.byte(imap["mtspr"].enc(map[string]uint{"RS": tmpreg, "SPR": SprnSrr1}))
+
+	gen.byte(imap["rfid"].enc(map[string]uint{}))
+}