root/drivers/misc/lkdtm/powerpc.c 
// SPDX-License-Identifier: GPL-2.0

#include "lkdtm.h"
#include <linux/slab.h>
#include <linux/vmalloc.h>
#include <asm/mmu.h>

/* Inserts new slb entries */
static void insert_slb_entry(unsigned long p, int ssize, int page_size)
{
        unsigned long flags;

        flags = SLB_VSID_KERNEL | mmu_psize_defs[page_size].sllp;
        preempt_disable();

        asm volatile("slbmte %0,%1" :
                     : "r" (mk_vsid_data(p, ssize, flags)),
                       "r" (mk_esid_data(p, ssize, SLB_NUM_BOLTED))
                     : "memory");

        asm volatile("slbmte %0,%1" :
                        : "r" (mk_vsid_data(p, ssize, flags)),
                          "r" (mk_esid_data(p, ssize, SLB_NUM_BOLTED + 1))
                        : "memory");
        preempt_enable();
}

/* Inject slb multihit on vmalloc-ed address i.e 0xD00... */
static int inject_vmalloc_slb_multihit(void)
{
        char *p;

        p = vmalloc(PAGE_SIZE);
        if (!p)
                return -ENOMEM;

        insert_slb_entry((unsigned long)p, MMU_SEGSIZE_1T, mmu_vmalloc_psize);
        /*
         * This triggers exception, If handled correctly we must recover
         * from this error.
         */
        p[0] = '!';
        vfree(p);
        return 0;
}

/* Inject slb multihit on kmalloc-ed address i.e 0xC00... */
static int inject_kmalloc_slb_multihit(void)
{
        char *p;

        p = kmalloc(2048, GFP_KERNEL);
        if (!p)
                return -ENOMEM;

        insert_slb_entry((unsigned long)p, MMU_SEGSIZE_1T, mmu_linear_psize);
        /*
         * This triggers exception, If handled correctly we must recover
         * from this error.
         */
        p[0] = '!';
        kfree(p);
        return 0;
}

/*
 * Few initial SLB entries are bolted. Add a test to inject
 * multihit in bolted entry 0.
 */
static void insert_dup_slb_entry_0(void)
{
        unsigned long test_address = PAGE_OFFSET, *test_ptr;
        unsigned long esid, vsid;
        unsigned long i = 0;

        test_ptr = (unsigned long *)test_address;
        preempt_disable();

        asm volatile("slbmfee  %0,%1" : "=r" (esid) : "r" (i));
        asm volatile("slbmfev  %0,%1" : "=r" (vsid) : "r" (i));

        /* for i !=0 we would need to mask out the old entry number */
        asm volatile("slbmte %0,%1" :
                        : "r" (vsid),
                          "r" (esid | SLB_NUM_BOLTED)
                        : "memory");

        asm volatile("slbmfee  %0,%1" : "=r" (esid) : "r" (i));
        asm volatile("slbmfev  %0,%1" : "=r" (vsid) : "r" (i));

        /* for i !=0 we would need to mask out the old entry number */
        asm volatile("slbmte %0,%1" :
                        : "r" (vsid),
                          "r" (esid | (SLB_NUM_BOLTED + 1))
                        : "memory");

        pr_info("%s accessing test address 0x%lx: 0x%lx\n",
                __func__, test_address, *test_ptr);

        preempt_enable();
}

static void lkdtm_PPC_SLB_MULTIHIT(void)
{
        if (!radix_enabled()) {
                pr_info("Injecting SLB multihit errors\n");
                /*
                 * These need not be separate tests, And they do pretty
                 * much same thing. In any case we must recover from the
                 * errors introduced by these functions, machine would not
                 * survive these tests in case of failure to handle.
                 */
                inject_vmalloc_slb_multihit();
                inject_kmalloc_slb_multihit();
                insert_dup_slb_entry_0();
                pr_info("Recovered from SLB multihit errors\n");
        } else {
                pr_err("XFAIL: This test is for ppc64 and with hash mode MMU only\n");
        }
}

static struct crashtype crashtypes[] = {
        CRASHTYPE(PPC_SLB_MULTIHIT),
};

struct crashtype_category powerpc_crashtypes = {
        .crashtypes = crashtypes,
        .len        = ARRAY_SIZE(crashtypes),
};