xref: /OK3568_Linux_fs/kernel/arch/mips/tools/loongson3-llsc-check.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun #include <byteswap.h>
3*4882a593Smuzhiyun #include <elf.h>
4*4882a593Smuzhiyun #include <endian.h>
5*4882a593Smuzhiyun #include <errno.h>
6*4882a593Smuzhiyun #include <fcntl.h>
7*4882a593Smuzhiyun #include <inttypes.h>
8*4882a593Smuzhiyun #include <stdbool.h>
9*4882a593Smuzhiyun #include <stdio.h>
10*4882a593Smuzhiyun #include <stdlib.h>
11*4882a593Smuzhiyun #include <string.h>
12*4882a593Smuzhiyun #include <sys/mman.h>
13*4882a593Smuzhiyun #include <sys/types.h>
14*4882a593Smuzhiyun #include <sys/stat.h>
15*4882a593Smuzhiyun #include <unistd.h>
16*4882a593Smuzhiyun 
17*4882a593Smuzhiyun #ifdef be32toh
18*4882a593Smuzhiyun /* If libc provides le{16,32,64}toh() then we'll use them */
19*4882a593Smuzhiyun #elif BYTE_ORDER == LITTLE_ENDIAN
20*4882a593Smuzhiyun # define le16toh(x)	(x)
21*4882a593Smuzhiyun # define le32toh(x)	(x)
22*4882a593Smuzhiyun # define le64toh(x)	(x)
23*4882a593Smuzhiyun #elif BYTE_ORDER == BIG_ENDIAN
24*4882a593Smuzhiyun # define le16toh(x)	bswap_16(x)
25*4882a593Smuzhiyun # define le32toh(x)	bswap_32(x)
26*4882a593Smuzhiyun # define le64toh(x)	bswap_64(x)
27*4882a593Smuzhiyun #endif
28*4882a593Smuzhiyun 
29*4882a593Smuzhiyun /* MIPS opcodes, in bits 31:26 of an instruction */
30*4882a593Smuzhiyun #define OP_SPECIAL	0x00
31*4882a593Smuzhiyun #define OP_REGIMM	0x01
32*4882a593Smuzhiyun #define OP_BEQ		0x04
33*4882a593Smuzhiyun #define OP_BNE		0x05
34*4882a593Smuzhiyun #define OP_BLEZ		0x06
35*4882a593Smuzhiyun #define OP_BGTZ		0x07
36*4882a593Smuzhiyun #define OP_BEQL		0x14
37*4882a593Smuzhiyun #define OP_BNEL		0x15
38*4882a593Smuzhiyun #define OP_BLEZL	0x16
39*4882a593Smuzhiyun #define OP_BGTZL	0x17
40*4882a593Smuzhiyun #define OP_LL		0x30
41*4882a593Smuzhiyun #define OP_LLD		0x34
42*4882a593Smuzhiyun #define OP_SC		0x38
43*4882a593Smuzhiyun #define OP_SCD		0x3c
44*4882a593Smuzhiyun 
45*4882a593Smuzhiyun /* Bits 20:16 of OP_REGIMM instructions */
46*4882a593Smuzhiyun #define REGIMM_BLTZ	0x00
47*4882a593Smuzhiyun #define REGIMM_BGEZ	0x01
48*4882a593Smuzhiyun #define REGIMM_BLTZL	0x02
49*4882a593Smuzhiyun #define REGIMM_BGEZL	0x03
50*4882a593Smuzhiyun #define REGIMM_BLTZAL	0x10
51*4882a593Smuzhiyun #define REGIMM_BGEZAL	0x11
52*4882a593Smuzhiyun #define REGIMM_BLTZALL	0x12
53*4882a593Smuzhiyun #define REGIMM_BGEZALL	0x13
54*4882a593Smuzhiyun 
55*4882a593Smuzhiyun /* Bits 5:0 of OP_SPECIAL instructions */
56*4882a593Smuzhiyun #define SPECIAL_SYNC	0x0f
57*4882a593Smuzhiyun 
usage(FILE * f)58*4882a593Smuzhiyun static void usage(FILE *f)
59*4882a593Smuzhiyun {
60*4882a593Smuzhiyun 	fprintf(f, "Usage: loongson3-llsc-check /path/to/vmlinux\n");
61*4882a593Smuzhiyun }
62*4882a593Smuzhiyun 
se16(uint16_t x)63*4882a593Smuzhiyun static int se16(uint16_t x)
64*4882a593Smuzhiyun {
65*4882a593Smuzhiyun 	return (int16_t)x;
66*4882a593Smuzhiyun }
67*4882a593Smuzhiyun 
is_ll(uint32_t insn)68*4882a593Smuzhiyun static bool is_ll(uint32_t insn)
69*4882a593Smuzhiyun {
70*4882a593Smuzhiyun 	switch (insn >> 26) {
71*4882a593Smuzhiyun 	case OP_LL:
72*4882a593Smuzhiyun 	case OP_LLD:
73*4882a593Smuzhiyun 		return true;
74*4882a593Smuzhiyun 
75*4882a593Smuzhiyun 	default:
76*4882a593Smuzhiyun 		return false;
77*4882a593Smuzhiyun 	}
78*4882a593Smuzhiyun }
79*4882a593Smuzhiyun 
is_sc(uint32_t insn)80*4882a593Smuzhiyun static bool is_sc(uint32_t insn)
81*4882a593Smuzhiyun {
82*4882a593Smuzhiyun 	switch (insn >> 26) {
83*4882a593Smuzhiyun 	case OP_SC:
84*4882a593Smuzhiyun 	case OP_SCD:
85*4882a593Smuzhiyun 		return true;
86*4882a593Smuzhiyun 
87*4882a593Smuzhiyun 	default:
88*4882a593Smuzhiyun 		return false;
89*4882a593Smuzhiyun 	}
90*4882a593Smuzhiyun }
91*4882a593Smuzhiyun 
is_sync(uint32_t insn)92*4882a593Smuzhiyun static bool is_sync(uint32_t insn)
93*4882a593Smuzhiyun {
94*4882a593Smuzhiyun 	/* Bits 31:11 should all be zeroes */
95*4882a593Smuzhiyun 	if (insn >> 11)
96*4882a593Smuzhiyun 		return false;
97*4882a593Smuzhiyun 
98*4882a593Smuzhiyun 	/* Bits 5:0 specify the SYNC special encoding */
99*4882a593Smuzhiyun 	if ((insn & 0x3f) != SPECIAL_SYNC)
100*4882a593Smuzhiyun 		return false;
101*4882a593Smuzhiyun 
102*4882a593Smuzhiyun 	return true;
103*4882a593Smuzhiyun }
104*4882a593Smuzhiyun 
is_branch(uint32_t insn,int * off)105*4882a593Smuzhiyun static bool is_branch(uint32_t insn, int *off)
106*4882a593Smuzhiyun {
107*4882a593Smuzhiyun 	switch (insn >> 26) {
108*4882a593Smuzhiyun 	case OP_BEQ:
109*4882a593Smuzhiyun 	case OP_BEQL:
110*4882a593Smuzhiyun 	case OP_BNE:
111*4882a593Smuzhiyun 	case OP_BNEL:
112*4882a593Smuzhiyun 	case OP_BGTZ:
113*4882a593Smuzhiyun 	case OP_BGTZL:
114*4882a593Smuzhiyun 	case OP_BLEZ:
115*4882a593Smuzhiyun 	case OP_BLEZL:
116*4882a593Smuzhiyun 		*off = se16(insn) + 1;
117*4882a593Smuzhiyun 		return true;
118*4882a593Smuzhiyun 
119*4882a593Smuzhiyun 	case OP_REGIMM:
120*4882a593Smuzhiyun 		switch ((insn >> 16) & 0x1f) {
121*4882a593Smuzhiyun 		case REGIMM_BGEZ:
122*4882a593Smuzhiyun 		case REGIMM_BGEZL:
123*4882a593Smuzhiyun 		case REGIMM_BGEZAL:
124*4882a593Smuzhiyun 		case REGIMM_BGEZALL:
125*4882a593Smuzhiyun 		case REGIMM_BLTZ:
126*4882a593Smuzhiyun 		case REGIMM_BLTZL:
127*4882a593Smuzhiyun 		case REGIMM_BLTZAL:
128*4882a593Smuzhiyun 		case REGIMM_BLTZALL:
129*4882a593Smuzhiyun 			*off = se16(insn) + 1;
130*4882a593Smuzhiyun 			return true;
131*4882a593Smuzhiyun 
132*4882a593Smuzhiyun 		default:
133*4882a593Smuzhiyun 			return false;
134*4882a593Smuzhiyun 		}
135*4882a593Smuzhiyun 
136*4882a593Smuzhiyun 	default:
137*4882a593Smuzhiyun 		return false;
138*4882a593Smuzhiyun 	}
139*4882a593Smuzhiyun }
140*4882a593Smuzhiyun 
check_ll(uint64_t pc,uint32_t * code,size_t sz)141*4882a593Smuzhiyun static int check_ll(uint64_t pc, uint32_t *code, size_t sz)
142*4882a593Smuzhiyun {
143*4882a593Smuzhiyun 	ssize_t i, max, sc_pos;
144*4882a593Smuzhiyun 	int off;
145*4882a593Smuzhiyun 
146*4882a593Smuzhiyun 	/*
147*4882a593Smuzhiyun 	 * Every LL must be preceded by a sync instruction in order to ensure
148*4882a593Smuzhiyun 	 * that instruction reordering doesn't allow a prior memory access to
149*4882a593Smuzhiyun 	 * execute after the LL & cause erroneous results.
150*4882a593Smuzhiyun 	 */
151*4882a593Smuzhiyun 	if (!is_sync(le32toh(code[-1]))) {
152*4882a593Smuzhiyun 		fprintf(stderr, "%" PRIx64 ": LL not preceded by sync\n", pc);
153*4882a593Smuzhiyun 		return -EINVAL;
154*4882a593Smuzhiyun 	}
155*4882a593Smuzhiyun 
156*4882a593Smuzhiyun 	/* Find the matching SC instruction */
157*4882a593Smuzhiyun 	max = sz / 4;
158*4882a593Smuzhiyun 	for (sc_pos = 0; sc_pos < max; sc_pos++) {
159*4882a593Smuzhiyun 		if (is_sc(le32toh(code[sc_pos])))
160*4882a593Smuzhiyun 			break;
161*4882a593Smuzhiyun 	}
162*4882a593Smuzhiyun 	if (sc_pos >= max) {
163*4882a593Smuzhiyun 		fprintf(stderr, "%" PRIx64 ": LL has no matching SC\n", pc);
164*4882a593Smuzhiyun 		return -EINVAL;
165*4882a593Smuzhiyun 	}
166*4882a593Smuzhiyun 
167*4882a593Smuzhiyun 	/*
168*4882a593Smuzhiyun 	 * Check branches within the LL/SC loop target sync instructions,
169*4882a593Smuzhiyun 	 * ensuring that speculative execution can't generate memory accesses
170*4882a593Smuzhiyun 	 * due to instructions outside of the loop.
171*4882a593Smuzhiyun 	 */
172*4882a593Smuzhiyun 	for (i = 0; i < sc_pos; i++) {
173*4882a593Smuzhiyun 		if (!is_branch(le32toh(code[i]), &off))
174*4882a593Smuzhiyun 			continue;
175*4882a593Smuzhiyun 
176*4882a593Smuzhiyun 		/*
177*4882a593Smuzhiyun 		 * If the branch target is within the LL/SC loop then we don't
178*4882a593Smuzhiyun 		 * need to worry about it.
179*4882a593Smuzhiyun 		 */
180*4882a593Smuzhiyun 		if ((off >= -i) && (off <= sc_pos))
181*4882a593Smuzhiyun 			continue;
182*4882a593Smuzhiyun 
183*4882a593Smuzhiyun 		/* If the branch targets a sync instruction we're all good... */
184*4882a593Smuzhiyun 		if (is_sync(le32toh(code[i + off])))
185*4882a593Smuzhiyun 			continue;
186*4882a593Smuzhiyun 
187*4882a593Smuzhiyun 		/* ...but if not, we have a problem */
188*4882a593Smuzhiyun 		fprintf(stderr, "%" PRIx64 ": Branch target not a sync\n",
189*4882a593Smuzhiyun 			pc + (i * 4));
190*4882a593Smuzhiyun 		return -EINVAL;
191*4882a593Smuzhiyun 	}
192*4882a593Smuzhiyun 
193*4882a593Smuzhiyun 	return 0;
194*4882a593Smuzhiyun }
195*4882a593Smuzhiyun 
check_code(uint64_t pc,uint32_t * code,size_t sz)196*4882a593Smuzhiyun static int check_code(uint64_t pc, uint32_t *code, size_t sz)
197*4882a593Smuzhiyun {
198*4882a593Smuzhiyun 	int err = 0;
199*4882a593Smuzhiyun 
200*4882a593Smuzhiyun 	if (sz % 4) {
201*4882a593Smuzhiyun 		fprintf(stderr, "%" PRIx64 ": Section size not a multiple of 4\n",
202*4882a593Smuzhiyun 			pc);
203*4882a593Smuzhiyun 		err = -EINVAL;
204*4882a593Smuzhiyun 		sz -= (sz % 4);
205*4882a593Smuzhiyun 	}
206*4882a593Smuzhiyun 
207*4882a593Smuzhiyun 	if (is_ll(le32toh(code[0]))) {
208*4882a593Smuzhiyun 		fprintf(stderr, "%" PRIx64 ": First instruction in section is an LL\n",
209*4882a593Smuzhiyun 			pc);
210*4882a593Smuzhiyun 		err = -EINVAL;
211*4882a593Smuzhiyun 	}
212*4882a593Smuzhiyun 
213*4882a593Smuzhiyun #define advance() (	\
214*4882a593Smuzhiyun 	code++,		\
215*4882a593Smuzhiyun 	pc += 4,	\
216*4882a593Smuzhiyun 	sz -= 4		\
217*4882a593Smuzhiyun )
218*4882a593Smuzhiyun 
219*4882a593Smuzhiyun 	/*
220*4882a593Smuzhiyun 	 * Skip the first instructionm allowing check_ll to look backwards
221*4882a593Smuzhiyun 	 * unconditionally.
222*4882a593Smuzhiyun 	 */
223*4882a593Smuzhiyun 	advance();
224*4882a593Smuzhiyun 
225*4882a593Smuzhiyun 	/* Now scan through the code looking for LL instructions */
226*4882a593Smuzhiyun 	for (; sz; advance()) {
227*4882a593Smuzhiyun 		if (is_ll(le32toh(code[0])))
228*4882a593Smuzhiyun 			err |= check_ll(pc, code, sz);
229*4882a593Smuzhiyun 	}
230*4882a593Smuzhiyun 
231*4882a593Smuzhiyun 	return err;
232*4882a593Smuzhiyun }
233*4882a593Smuzhiyun 
main(int argc,char * argv[])234*4882a593Smuzhiyun int main(int argc, char *argv[])
235*4882a593Smuzhiyun {
236*4882a593Smuzhiyun 	int vmlinux_fd, status, err, i;
237*4882a593Smuzhiyun 	const char *vmlinux_path;
238*4882a593Smuzhiyun 	struct stat st;
239*4882a593Smuzhiyun 	Elf64_Ehdr *eh;
240*4882a593Smuzhiyun 	Elf64_Shdr *sh;
241*4882a593Smuzhiyun 	void *vmlinux;
242*4882a593Smuzhiyun 
243*4882a593Smuzhiyun 	status = EXIT_FAILURE;
244*4882a593Smuzhiyun 
245*4882a593Smuzhiyun 	if (argc < 2) {
246*4882a593Smuzhiyun 		usage(stderr);
247*4882a593Smuzhiyun 		goto out_ret;
248*4882a593Smuzhiyun 	}
249*4882a593Smuzhiyun 
250*4882a593Smuzhiyun 	vmlinux_path = argv[1];
251*4882a593Smuzhiyun 	vmlinux_fd = open(vmlinux_path, O_RDONLY);
252*4882a593Smuzhiyun 	if (vmlinux_fd == -1) {
253*4882a593Smuzhiyun 		perror("Unable to open vmlinux");
254*4882a593Smuzhiyun 		goto out_ret;
255*4882a593Smuzhiyun 	}
256*4882a593Smuzhiyun 
257*4882a593Smuzhiyun 	err = fstat(vmlinux_fd, &st);
258*4882a593Smuzhiyun 	if (err) {
259*4882a593Smuzhiyun 		perror("Unable to stat vmlinux");
260*4882a593Smuzhiyun 		goto out_close;
261*4882a593Smuzhiyun 	}
262*4882a593Smuzhiyun 
263*4882a593Smuzhiyun 	vmlinux = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, vmlinux_fd, 0);
264*4882a593Smuzhiyun 	if (vmlinux == MAP_FAILED) {
265*4882a593Smuzhiyun 		perror("Unable to mmap vmlinux");
266*4882a593Smuzhiyun 		goto out_close;
267*4882a593Smuzhiyun 	}
268*4882a593Smuzhiyun 
269*4882a593Smuzhiyun 	eh = vmlinux;
270*4882a593Smuzhiyun 	if (memcmp(eh->e_ident, ELFMAG, SELFMAG)) {
271*4882a593Smuzhiyun 		fprintf(stderr, "vmlinux is not an ELF?\n");
272*4882a593Smuzhiyun 		goto out_munmap;
273*4882a593Smuzhiyun 	}
274*4882a593Smuzhiyun 
275*4882a593Smuzhiyun 	if (eh->e_ident[EI_CLASS] != ELFCLASS64) {
276*4882a593Smuzhiyun 		fprintf(stderr, "vmlinux is not 64b?\n");
277*4882a593Smuzhiyun 		goto out_munmap;
278*4882a593Smuzhiyun 	}
279*4882a593Smuzhiyun 
280*4882a593Smuzhiyun 	if (eh->e_ident[EI_DATA] != ELFDATA2LSB) {
281*4882a593Smuzhiyun 		fprintf(stderr, "vmlinux is not little endian?\n");
282*4882a593Smuzhiyun 		goto out_munmap;
283*4882a593Smuzhiyun 	}
284*4882a593Smuzhiyun 
285*4882a593Smuzhiyun 	for (i = 0; i < le16toh(eh->e_shnum); i++) {
286*4882a593Smuzhiyun 		sh = vmlinux + le64toh(eh->e_shoff) + (i * le16toh(eh->e_shentsize));
287*4882a593Smuzhiyun 
288*4882a593Smuzhiyun 		if (sh->sh_type != SHT_PROGBITS)
289*4882a593Smuzhiyun 			continue;
290*4882a593Smuzhiyun 		if (!(sh->sh_flags & SHF_EXECINSTR))
291*4882a593Smuzhiyun 			continue;
292*4882a593Smuzhiyun 
293*4882a593Smuzhiyun 		err = check_code(le64toh(sh->sh_addr),
294*4882a593Smuzhiyun 				 vmlinux + le64toh(sh->sh_offset),
295*4882a593Smuzhiyun 				 le64toh(sh->sh_size));
296*4882a593Smuzhiyun 		if (err)
297*4882a593Smuzhiyun 			goto out_munmap;
298*4882a593Smuzhiyun 	}
299*4882a593Smuzhiyun 
300*4882a593Smuzhiyun 	status = EXIT_SUCCESS;
301*4882a593Smuzhiyun out_munmap:
302*4882a593Smuzhiyun 	munmap(vmlinux, st.st_size);
303*4882a593Smuzhiyun out_close:
304*4882a593Smuzhiyun 	close(vmlinux_fd);
305*4882a593Smuzhiyun out_ret:
306*4882a593Smuzhiyun 	fprintf(stdout, "loongson3-llsc-check returns %s\n",
307*4882a593Smuzhiyun 		status ? "failure" : "success");
308*4882a593Smuzhiyun 	return status;
309*4882a593Smuzhiyun }
310