From: Vincenzo Frascino <vincenzo.frascino@arm.com>
To: Boyan Karatotev <boyan.karatotev@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: amit.kachhap@arm.com, boian4o1@gmail.com,
Shuah Khan <shuah@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>
Subject: Re: [PATCH 2/4] kselftests/arm64: add nop checks for PAuth tests
Date: Fri, 28 Aug 2020 15:30:51 +0100 [thread overview]
Message-ID: <96f6009c-9f61-ebd2-9a2f-7d54486e85eb@arm.com> (raw)
In-Reply-To: <20200828131606.7946-3-boyan.karatotev@arm.com>
On 8/28/20 2:16 PM, Boyan Karatotev wrote:
> PAuth adds sign/verify controls to enable and disable groups of
> instructions in hardware for compatibility with libraries that do not
> implement PAuth. The kernel always enables them if it detects PAuth.
>
> Add a test that checks that each group of instructions is enabled, if the
> kernel reports PAuth as detected.
>
> Note: For groups, for the purpose of this patch, we intend instructions
> that use a certain key.
>
Reviewed-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com>
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
> ---
> .../testing/selftests/arm64/pauth/.gitignore | 1 +
> tools/testing/selftests/arm64/pauth/Makefile | 7 ++-
> tools/testing/selftests/arm64/pauth/helper.c | 41 +++++++++++++++
> tools/testing/selftests/arm64/pauth/helper.h | 10 ++++
> tools/testing/selftests/arm64/pauth/pac.c | 51 +++++++++++++++++++
> 5 files changed, 108 insertions(+), 2 deletions(-)
> create mode 100644 tools/testing/selftests/arm64/pauth/helper.c
>
> diff --git a/tools/testing/selftests/arm64/pauth/.gitignore b/tools/testing/selftests/arm64/pauth/.gitignore
> index b557c916720a..155137d92722 100644
> --- a/tools/testing/selftests/arm64/pauth/.gitignore
> +++ b/tools/testing/selftests/arm64/pauth/.gitignore
> @@ -1 +1,2 @@
> +exec_target
> pac
> diff --git a/tools/testing/selftests/arm64/pauth/Makefile b/tools/testing/selftests/arm64/pauth/Makefile
> index 785c775e5e41..a017d1c8dd58 100644
> --- a/tools/testing/selftests/arm64/pauth/Makefile
> +++ b/tools/testing/selftests/arm64/pauth/Makefile
> @@ -4,7 +4,7 @@
> CFLAGS += -mbranch-protection=pac-ret
>
> TEST_GEN_PROGS := pac
> -TEST_GEN_FILES := pac_corruptor.o
> +TEST_GEN_FILES := pac_corruptor.o helper.o
>
> include ../../lib.mk
>
> @@ -13,10 +13,13 @@ include ../../lib.mk
> $(OUTPUT)/pac_corruptor.o: pac_corruptor.S
> $(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a
>
> +$(OUTPUT)/helper.o: helper.c
> + $(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a
> +
> # when -mbranch-protection is enabled and the target architecture is ARMv8.3 or
> # greater, gcc emits pac* instructions which are not in HINT NOP space,
> # preventing the tests from occurring at all. Compile for ARMv8.2 so tests can
> # run on earlier targets and print a meaningful error messages
> -$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o
> +$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o $(OUTPUT)/helper.o
> $(CC) $^ -o $@ $(CFLAGS) -march=armv8.2-a
>
> diff --git a/tools/testing/selftests/arm64/pauth/helper.c b/tools/testing/selftests/arm64/pauth/helper.c
> new file mode 100644
> index 000000000000..8619afb16124
> --- /dev/null
> +++ b/tools/testing/selftests/arm64/pauth/helper.c
> @@ -0,0 +1,41 @@
> +// SPDX-License-Identifier: GPL-2.0
> +// Copyright (C) 2020 ARM Limited
> +
> +#include "helper.h"
> +
> +
> +size_t keyia_sign(size_t ptr)
> +{
> + asm volatile("paciza %0" : "+r" (ptr));
> + return ptr;
> +}
> +
> +size_t keyib_sign(size_t ptr)
> +{
> + asm volatile("pacizb %0" : "+r" (ptr));
> + return ptr;
> +}
> +
> +size_t keyda_sign(size_t ptr)
> +{
> + asm volatile("pacdza %0" : "+r" (ptr));
> + return ptr;
> +}
> +
> +size_t keydb_sign(size_t ptr)
> +{
> + asm volatile("pacdzb %0" : "+r" (ptr));
> + return ptr;
> +}
> +
> +size_t keyg_sign(size_t ptr)
> +{
> + /* output is encoded in the upper 32 bits */
> + size_t dest = 0;
> + size_t modifier = 0;
> +
> + asm volatile("pacga %0, %1, %2" : "=r" (dest) : "r" (ptr), "r" (modifier));
> +
> + return dest;
> +}
> +
> diff --git a/tools/testing/selftests/arm64/pauth/helper.h b/tools/testing/selftests/arm64/pauth/helper.h
> index f777f88acf0a..b3cf709e249d 100644
> --- a/tools/testing/selftests/arm64/pauth/helper.h
> +++ b/tools/testing/selftests/arm64/pauth/helper.h
> @@ -4,7 +4,17 @@
> #ifndef _HELPER_H_
> #define _HELPER_H_
>
> +#include <stdlib.h>
> +
> +
> void pac_corruptor(void);
>
> +/* PAuth sign a value with key ia and modifier value 0 */
> +size_t keyia_sign(size_t val);
> +size_t keyib_sign(size_t val);
> +size_t keyda_sign(size_t val);
> +size_t keydb_sign(size_t val);
> +size_t keyg_sign(size_t val);
> +
> #endif
>
> diff --git a/tools/testing/selftests/arm64/pauth/pac.c b/tools/testing/selftests/arm64/pauth/pac.c
> index ed445050f621..cdbffa8bf61e 100644
> --- a/tools/testing/selftests/arm64/pauth/pac.c
> +++ b/tools/testing/selftests/arm64/pauth/pac.c
> @@ -12,12 +12,25 @@
> * future version of the arm architecture
> */
>
> +#define PAC_COLLISION_ATTEMPTS 10
> +/*
> + * The kernel sets TBID by default. So bits 55 and above should remain
> + * untouched no matter what.
> + * The VA space size is 48 bits. Bigger is opt-in.
> + */
> +#define PAC_MASK (~0xff80ffffffffffff)
> #define ASSERT_PAUTH_ENABLED() \
> do { \
> unsigned long hwcaps = getauxval(AT_HWCAP); \
> /* data key instructions are not in NOP space. This prevents a SIGILL */ \
> ASSERT_NE(0, hwcaps & HWCAP_PACA) TH_LOG("PAUTH not enabled"); \
> } while (0)
> +#define ASSERT_GENERIC_PAUTH_ENABLED() \
> +do { \
> + unsigned long hwcaps = getauxval(AT_HWCAP); \
> + /* generic key instructions are not in NOP space. This prevents a SIGILL */ \
> + ASSERT_NE(0, hwcaps & HWCAP_PACG) TH_LOG("Generic PAUTH not enabled"); \
> +} while (0)
>
>
> /* check that a corrupted PAC results in SIGSEGV */
> @@ -28,5 +41,43 @@ TEST_SIGNAL(corrupt_pac, SIGSEGV)
> pac_corruptor();
> }
>
> +/*
> + * There are no separate pac* and aut* controls so checking only the pac*
> + * instructions is sufficient
> + */
> +TEST(pac_instructions_not_nop)
> +{
> + size_t keyia = 0;
> + size_t keyib = 0;
> + size_t keyda = 0;
> + size_t keydb = 0;
> +
> + ASSERT_PAUTH_ENABLED();
> +
> + for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) {
> + keyia |= keyia_sign(i) & PAC_MASK;
> + keyib |= keyib_sign(i) & PAC_MASK;
> + keyda |= keyda_sign(i) & PAC_MASK;
> + keydb |= keydb_sign(i) & PAC_MASK;
> + }
> +
> + ASSERT_NE(0, keyia) TH_LOG("keyia instructions did nothing");
> + ASSERT_NE(0, keyib) TH_LOG("keyib instructions did nothing");
> + ASSERT_NE(0, keyda) TH_LOG("keyda instructions did nothing");
> + ASSERT_NE(0, keydb) TH_LOG("keydb instructions did nothing");
> +}
> +
> +TEST(pac_instructions_not_nop_generic)
> +{
> + size_t keyg = 0;
> +
> + ASSERT_GENERIC_PAUTH_ENABLED();
> +
> + for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++)
> + keyg |= keyg_sign(i) & PAC_MASK;
> +
> + ASSERT_NE(0, keyg) TH_LOG("keyg instructions did nothing");
> +}
> +
> TEST_HARNESS_MAIN
>
>
--
Regards,
Vincenzo
next prev parent reply other threads:[~2020-08-28 14:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 13:16 [PATCH 0/4] kselftests/arm64: add PAuth tests Boyan Karatotev
2020-08-28 13:16 ` [PATCH 1/4] kselftests/arm64: add a basic Pointer Authentication test Boyan Karatotev
2020-08-28 14:28 ` Vincenzo Frascino
2020-08-31 8:05 ` Amit Kachhap
2020-09-02 16:49 ` Dave Martin
2020-09-03 10:12 ` Boyan Karatotev
2020-09-07 10:23 ` Dave Martin
2020-08-28 13:16 ` [PATCH 2/4] kselftests/arm64: add nop checks for PAuth tests Boyan Karatotev
2020-08-28 14:30 ` Vincenzo Frascino [this message]
2020-08-31 8:09 ` Amit Kachhap
2020-08-28 13:16 ` [PATCH 3/4] kselftests/arm64: add PAuth test for whether exec() changes keys Boyan Karatotev
2020-08-28 14:33 ` Vincenzo Frascino
2020-08-31 8:13 ` Amit Kachhap
2020-09-02 17:00 ` Dave Martin
2020-09-03 10:20 ` Boyan Karatotev
2020-09-07 10:27 ` Dave Martin
2020-09-15 15:18 ` Boyan Karatotev
2020-09-16 15:38 ` Dave Martin
2020-08-28 13:16 ` [PATCH 4/4] kselftests/arm64: add PAuth tests for single threaded consistency and key uniqueness Boyan Karatotev
2020-08-28 14:36 ` Vincenzo Frascino
2020-08-31 8:20 ` Amit Kachhap
2020-09-02 16:48 ` [PATCH 0/4] kselftests/arm64: add PAuth tests Dave Martin
2020-09-03 9:46 ` Boyan Karatotev
2020-09-07 10:29 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96f6009c-9f61-ebd2-9a2f-7d54486e85eb@arm.com \
--to=vincenzo.frascino@arm.com \
--cc=amit.kachhap@arm.com \
--cc=boian4o1@gmail.com \
--cc=boyan.karatotev@arm.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox