kselftests/arm64: add nop checks for PAuth tests

exec_target

pac

ifeq ($(pauth_cc_support),1)

TEST_GEN_PROGS := pac

TEST_GEN_FILES := pac_corruptor.o

TEST_GEN_FILES := pac_corruptor.o helper.o

endif

include ../../lib.mk

$(OUTPUT)/pac_corruptor.o: pac_corruptor.S

	$(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a

$(OUTPUT)/helper.o: helper.c

	$(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a

# when -mbranch-protection is enabled and the target architecture is ARMv8.3 or

# greater, gcc emits pac* instructions which are not in HINT NOP space,

# preventing the tests from occurring at all. Compile for ARMv8.2 so tests can

# run on earlier targets and print a meaningful error messages

$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o

$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o $(OUTPUT)/helper.o

	$(CC) $^ -o $@ $(CFLAGS) -march=armv8.2-a

endif

// SPDX-License-Identifier: GPL-2.0

// Copyright (C) 2020 ARM Limited

#include "helper.h"

size_t keyia_sign(size_t ptr)

{

	asm volatile("paciza %0" : "+r" (ptr));

	return ptr;

}

size_t keyib_sign(size_t ptr)

{

	asm volatile("pacizb %0" : "+r" (ptr));

	return ptr;

}

size_t keyda_sign(size_t ptr)

{

	asm volatile("pacdza %0" : "+r" (ptr));

	return ptr;

}

size_t keydb_sign(size_t ptr)

{

	asm volatile("pacdzb %0" : "+r" (ptr));

	return ptr;

}

size_t keyg_sign(size_t ptr)

{

	/* output is encoded in the upper 32 bits */

	size_t dest = 0;

	size_t modifier = 0;

	asm volatile("pacga %0, %1, %2" : "=r" (dest) : "r" (ptr), "r" (modifier));

	return dest;

}

#ifndef _HELPER_H_

#define _HELPER_H_

#include <stdlib.h>

void pac_corruptor(void);

/* PAuth sign a value with key ia and modifier value 0 */

size_t keyia_sign(size_t val);

size_t keyib_sign(size_t val);

size_t keyda_sign(size_t val);

size_t keydb_sign(size_t val);

size_t keyg_sign(size_t val);

#endif

#include "../../kselftest_harness.h"

#include "helper.h"

#define PAC_COLLISION_ATTEMPTS 10

/*

 * The kernel sets TBID by default. So bits 55 and above should remain

 * untouched no matter what.

 * The VA space size is 48 bits. Bigger is opt-in.

 */

#define PAC_MASK (~0xff80ffffffffffff)

#define ASSERT_PAUTH_ENABLED() \

do { \

	unsigned long hwcaps = getauxval(AT_HWCAP); \

	/* data key instructions are not in NOP space. This prevents a SIGILL */ \

	ASSERT_NE(0, hwcaps & HWCAP_PACA) TH_LOG("PAUTH not enabled"); \

} while (0)

#define ASSERT_GENERIC_PAUTH_ENABLED() \

do { \

	unsigned long hwcaps = getauxval(AT_HWCAP); \

	/* generic key instructions are not in NOP space. This prevents a SIGILL */ \

	ASSERT_NE(0, hwcaps & HWCAP_PACG) TH_LOG("Generic PAUTH not enabled"); \

} while (0)

sigjmp_buf jmpbuf;

void pac_signal_handler(int signum, siginfo_t *si, void *uc)

	}

}

/*

 * There are no separate pac* and aut* controls so checking only the pac*

 * instructions is sufficient

 */

TEST(pac_instructions_not_nop)

{

	size_t keyia = 0;

	size_t keyib = 0;

	size_t keyda = 0;

	size_t keydb = 0;

	ASSERT_PAUTH_ENABLED();

	for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) {

		keyia |= keyia_sign(i) & PAC_MASK;

		keyib |= keyib_sign(i) & PAC_MASK;

		keyda |= keyda_sign(i) & PAC_MASK;

		keydb |= keydb_sign(i) & PAC_MASK;

	}

	ASSERT_NE(0, keyia) TH_LOG("keyia instructions did nothing");

	ASSERT_NE(0, keyib) TH_LOG("keyib instructions did nothing");

	ASSERT_NE(0, keyda) TH_LOG("keyda instructions did nothing");

	ASSERT_NE(0, keydb) TH_LOG("keydb instructions did nothing");

}

TEST(pac_instructions_not_nop_generic)

{

	size_t keyg = 0;

	ASSERT_GENERIC_PAUTH_ENABLED();

	for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++)

		keyg |= keyg_sign(i) & PAC_MASK;

	ASSERT_NE(0, keyg)  TH_LOG("keyg instructions did nothing");

}

TEST_HARNESS_MAIN