From ca8716cc3a7a2ca6b077951ee3c0629a18f7bc28 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Mon, 13 Sep 2021 15:30:43 +1000 Subject: pkg/ifuzz/powerpc: fuzz the machine state register (MSR) MSR is an SPR (Special Purpose Register) which controls endianness, 32/64 bits, privilege state and other CPU state bits. Some bits can be changed by the "mtmsr" instruction ("Move To MSR") but for the privilege bits "rfid" ("Return From Interrrupt Doubleword") needs to be used and SRR0/SRR1 SPRs need to be preloaded with the desired mode and an address to jump. This adds an "rfid" pseudo instruction. Signed-off-by: Alexey Kardashevskiy --- pkg/ifuzz/powerpc/pseudo.go | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/pkg/ifuzz/powerpc/pseudo.go b/pkg/ifuzz/powerpc/pseudo.go index 4790cea9f..f67a38907 100644 --- a/pkg/ifuzz/powerpc/pseudo.go +++ b/pkg/ifuzz/powerpc/pseudo.go @@ -12,6 +12,8 @@ import ( const ( // Valid hcall humbers at the momemt are: 4..0x450. MaxHcall = 0x450 // MAX_HCALL + SprnSrr0 = 0x01A // pc for rfid (SPRN_SRR0) + SprnSrr1 = 0x01B // msr for rfid (SPRN_SRR1) ) // nolint:dupl @@ -56,6 +58,16 @@ func (insnset *InsnSet) initPseudo() { return gen.text }, }) + insnset.Insns = append(insnset.Insns, &Insn{ + Name: "PSEUDO_rfid", + Priv: true, + Pseudo: true, + generator: func(cfg *iset.Config, r *rand.Rand) []byte { + gen := makeGen(insnset, cfg, r) + gen.rfid() + return gen.text + }, + }) } type generator struct { @@ -116,3 +128,18 @@ func (gen *generator) rtas() { gen.byte(imap.sc(1)) } + +func (gen *generator) rfid() { + imap := gen.imap + tmpreg := uint(gen.r.Intn(32)) + + // SRR0 contains a PC + gen.byte(imap.ld64(tmpreg, iset.GenerateInt(gen.cfg, gen.r, 8))) + gen.byte(imap["mtspr"].enc(map[string]uint{"RS": tmpreg, "SPR": SprnSrr0})) + + // SRR1 contains an MSR + gen.byte(imap.ld64(tmpreg, gen.r.Uint64())) + gen.byte(imap["mtspr"].enc(map[string]uint{"RS": tmpreg, "SPR": SprnSrr1})) + + gen.byte(imap["rfid"].enc(map[string]uint{})) +} -- cgit mrf-deployment