1*4882a593Smuzhiyun/* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun/* Copyright (C) 2019 ARM Limited */ 3*4882a593Smuzhiyun 4*4882a593Smuzhiyun#include <asm/unistd.h> 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun.section .rodata, "a" 7*4882a593Smuzhiyuncall_fmt: 8*4882a593Smuzhiyun .asciz "Calling sigreturn with fake sigframe sized:%zd at SP @%08lX\n" 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun.text 11*4882a593Smuzhiyun 12*4882a593Smuzhiyun.globl fake_sigreturn 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun/* fake_sigreturn x0:&sigframe, x1:sigframe_size, x2:misalign_bytes */ 15*4882a593Smuzhiyunfake_sigreturn: 16*4882a593Smuzhiyun stp x29, x30, [sp, #-16]! 17*4882a593Smuzhiyun mov x29, sp 18*4882a593Smuzhiyun 19*4882a593Smuzhiyun mov x20, x0 20*4882a593Smuzhiyun mov x21, x1 21*4882a593Smuzhiyun mov x22, x2 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun /* create space on the stack for fake sigframe 16 bytes-aligned */ 24*4882a593Smuzhiyun add x0, x21, x22 25*4882a593Smuzhiyun add x0, x0, #15 26*4882a593Smuzhiyun bic x0, x0, #15 /* round_up(sigframe_size + misalign_bytes, 16) */ 27*4882a593Smuzhiyun sub sp, sp, x0 28*4882a593Smuzhiyun add x23, sp, x22 /* new sigframe base with misaligment if any */ 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun ldr x0, =call_fmt 31*4882a593Smuzhiyun mov x1, x21 32*4882a593Smuzhiyun mov x2, x23 33*4882a593Smuzhiyun bl printf 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun /* memcpy the provided content, while still keeping SP aligned */ 36*4882a593Smuzhiyun mov x0, x23 37*4882a593Smuzhiyun mov x1, x20 38*4882a593Smuzhiyun mov x2, x21 39*4882a593Smuzhiyun bl memcpy 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* 42*4882a593Smuzhiyun * Here saving a last minute SP to current->token acts as a marker: 43*4882a593Smuzhiyun * if we got here, we are successfully faking a sigreturn; in other 44*4882a593Smuzhiyun * words we are sure no bad fatal signal has been raised till now 45*4882a593Smuzhiyun * for unrelated reasons, so we should consider the possibly observed 46*4882a593Smuzhiyun * fatal signal like SEGV coming from Kernel restore_sigframe() and 47*4882a593Smuzhiyun * triggered as expected from our test-case. 48*4882a593Smuzhiyun * For simplicity this assumes that current field 'token' is laid out 49*4882a593Smuzhiyun * as first in struct tdescr 50*4882a593Smuzhiyun */ 51*4882a593Smuzhiyun ldr x0, current 52*4882a593Smuzhiyun str x23, [x0] 53*4882a593Smuzhiyun /* finally move SP to misaligned address...if any requested */ 54*4882a593Smuzhiyun mov sp, x23 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun mov x8, #__NR_rt_sigreturn 57*4882a593Smuzhiyun svc #0 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun /* 60*4882a593Smuzhiyun * Above sigreturn should not return...looping here leads to a timeout 61*4882a593Smuzhiyun * and ensure proper and clean test failure, instead of jumping around 62*4882a593Smuzhiyun * on a potentially corrupted stack. 63*4882a593Smuzhiyun */ 64*4882a593Smuzhiyun b . 65