Commit e74e1d55 authored by Boyan Karatotev's avatar Boyan Karatotev Committed by Will Deacon
Browse files

kselftests/arm64: add a basic Pointer Authentication test 



PAuth signs and verifies return addresses on the stack. It does so by
inserting a Pointer Authentication code (PAC) into some of the unused top
bits of an address. This is achieved by adding paciasp/autiasp instructions
at the beginning and end of a function.

This feature is partially backwards compatible with earlier versions of the
ARM architecture. To coerce the compiler into emitting fully backwards
compatible code the main file is compiled to target an earlier ARM version.
This allows the tests to check for the feature and print meaningful error
messages instead of crashing.

Add a test to verify that corrupting the return address results in a
SIGSEGV on return.

Signed-off-by: default avatarBoyan Karatotev <boyan.karatotev@arm.com>
Reviewed-by: default avatarVincenzo Frascino <Vincenzo.Frascino@arm.com>
Reviewed-by: default avatarAmit Daniel Kachhap <amit.kachhap@arm.com>
Acked-by: default avatarShuah Khan <skhan@linuxfoundation.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200918104715.182310-2-boian4o1@gmail.com


Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent f75aef39

tools/testing/selftests/arm64/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
ARCH ?= $(shell uname -m 2>/dev/null || echo not)



ifneq (,$(filter $(ARCH),aarch64 arm64))

ARM64_SUBTARGETS ?= tags signal

ARM64_SUBTARGETS ?= tags signal pauth

else

ARM64_SUBTARGETS :=

endif

tools/testing/selftests/arm64/pauth/.gitignore

0 → 100644
+1 −0
Original line number Diff line number Diff line 
pac

tools/testing/selftests/arm64/pauth/Makefile

0 → 100644
+32 −0
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

# Copyright (C) 2020 ARM Limited



# preserve CC value from top level Makefile

ifeq ($(CC),cc)

CC := $(CROSS_COMPILE)gcc

endif



CFLAGS += -mbranch-protection=pac-ret

# check if the compiler supports ARMv8.3 and branch protection with PAuth

pauth_cc_support := $(shell if ($(CC) $(CFLAGS) -march=armv8.3-a -E -x c /dev/null -o /dev/null 2>&1) then echo "1"; fi)



ifeq ($(pauth_cc_support),1)

TEST_GEN_PROGS := pac

TEST_GEN_FILES := pac_corruptor.o

endif



include ../../lib.mk



ifeq ($(pauth_cc_support),1)

# pac* and aut* instructions are not available on architectures berfore

# ARMv8.3. Therefore target ARMv8.3 wherever they are used directly

$(OUTPUT)/pac_corruptor.o: pac_corruptor.S

	$(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a



# when -mbranch-protection is enabled and the target architecture is ARMv8.3 or

# greater, gcc emits pac* instructions which are not in HINT NOP space,

# preventing the tests from occurring at all. Compile for ARMv8.2 so tests can

# run on earlier targets and print a meaningful error messages

$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o

	$(CC) $^ -o $@ $(CFLAGS) -march=armv8.2-a

endif

tools/testing/selftests/arm64/pauth/helper.h

0 → 100644
+9 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/* Copyright (C) 2020 ARM Limited */



#ifndef _HELPER_H_

#define _HELPER_H_



void pac_corruptor(void);



#endif

tools/testing/selftests/arm64/pauth/pac.c

0 → 100644
+44 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

// Copyright (C) 2020 ARM Limited



#include <sys/auxv.h>

#include <signal.h>

#include <setjmp.h>



#include "../../kselftest_harness.h"

#include "helper.h"



#define ASSERT_PAUTH_ENABLED() \

do { \

	unsigned long hwcaps = getauxval(AT_HWCAP); \

	/* data key instructions are not in NOP space. This prevents a SIGILL */ \

	ASSERT_NE(0, hwcaps & HWCAP_PACA) TH_LOG("PAUTH not enabled"); \

} while (0)



sigjmp_buf jmpbuf;

void pac_signal_handler(int signum, siginfo_t *si, void *uc)

{

	if (signum == SIGSEGV || signum == SIGILL)

		siglongjmp(jmpbuf, 1);

}



/* check that a corrupted PAC results in SIGSEGV or SIGILL */

TEST(corrupt_pac)

{

	struct sigaction sa;



	ASSERT_PAUTH_ENABLED();

	if (sigsetjmp(jmpbuf, 1) == 0) {

		sa.sa_sigaction = pac_signal_handler;

		sa.sa_flags = SA_SIGINFO | SA_RESETHAND;

		sigemptyset(&sa.sa_mask);



		sigaction(SIGSEGV, &sa, NULL);

		sigaction(SIGILL, &sa, NULL);



		pac_corruptor();

		ASSERT_TRUE(0) TH_LOG("SIGSEGV/SIGILL signal did not occur");

	}

}



TEST_HARNESS_MAIN

CRA Git | Maintained and supported by SUSTech CRA and CCSE