Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp805952pxk; Mon, 31 Aug 2020 01:10:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzz13wgfXF7ESGp5qcymiZgoiU2G6LM9t8kKO0wmZzEk2+c5iy5IzwDZB8kt0CsejAo77v0 X-Received: by 2002:a17:906:a253:: with SMTP id bi19mr53584ejb.338.1598861444055; Mon, 31 Aug 2020 01:10:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598861444; cv=none; d=google.com; s=arc-20160816; b=RGiEZLb0mYAR1g6GrTmns70lTSJwxZCFEtysfBN03wt3W8WwG2H7XNi4mxb25TsKBc gfsBpPFBvK+SnrgqUOqett70rZF16i5vU6HyQRyK8FljTlw95NNKjIf89GhpqZ6EztZT I+K8RxZSUanE8CFY/99p5bjifM9cKTTUMH32tkXDVgemXZYz50qVDk+1Hh4aGErJaM7W 798M9naTBrI8U8oBE2LlFZ5E+Ip7+2M2Gbr7a4rR2Zc/1dZrQKsWakW9xY3c4gPlZb8N /MZuQe5d7RpaeTkciaUye1IXSj93ZD5SAMvFaDS1/64QPzJBMzfJFSNd+qmiYKxLlnZK vrsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=RPEr3HmFjtSB5B3guDGIW/s4j/ucowPv2WgOsZ6N7VA=; b=IvfBJ11OcSMBxisxh+09P0WHPve0y0ZjQ2g72+bMsf4iNGYp7XRssFNDQW7Vn9/DLK NCgco5szIoTwwGSBdebhsIqYNaAUPAsGOiB/lLsJzwDLSSksnIS08SARSj9GGnO71TCt WPzw+CnSru3LGrj9/gH7Z5n0y8gT4vX1PSeghwpjo8Jyiqe8HrIUF7wWA09W7exxSnbr PvumuaPc17wEvOF4NHbpxeWiuhi6LVzS5vZpH5DppjyAkyBNm8g6lS3IDr93o8yN0AyK by2+tQM41b7jeUC6iNoI9d9sYh3qY92+ggfP0d90TSFKYe3C4KhE02gp0iMc+D4NPoMZ 6cQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d2si4510691eds.533.2020.08.31.01.10.20; Mon, 31 Aug 2020 01:10:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728041AbgHaIJq (ORCPT + 99 others); Mon, 31 Aug 2020 04:09:46 -0400 Received: from foss.arm.com ([217.140.110.172]:54838 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725978AbgHaIJp (ORCPT ); Mon, 31 Aug 2020 04:09:45 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1D06031B; Mon, 31 Aug 2020 01:09:44 -0700 (PDT) Received: from [10.57.6.112] (unknown [10.57.6.112]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7D0B13F68F; Mon, 31 Aug 2020 01:09:41 -0700 (PDT) Subject: Re: [PATCH 2/4] kselftests/arm64: add nop checks for PAuth tests To: Boyan Karatotev , linux-arm-kernel@lists.infradead.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: vincenzo.frascino@arm.com, boian4o1@gmail.com, Shuah Khan , Catalin Marinas , Will Deacon References: <20200828131606.7946-1-boyan.karatotev@arm.com> <20200828131606.7946-3-boyan.karatotev@arm.com> From: Amit Kachhap Message-ID: <48091a65-2214-1017-6448-f03cfca36110@arm.com> Date: Mon, 31 Aug 2020 13:39:39 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <20200828131606.7946-3-boyan.karatotev@arm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/28/20 6:46 PM, Boyan Karatotev wrote: > PAuth adds sign/verify controls to enable and disable groups of > instructions in hardware for compatibility with libraries that do not > implement PAuth. The kernel always enables them if it detects PAuth. > > Add a test that checks that each group of instructions is enabled, if the > kernel reports PAuth as detected. > > Note: For groups, for the purpose of this patch, we intend instructions > that use a certain key. > > Cc: Shuah Khan > Cc: Catalin Marinas > Cc: Will Deacon > Signed-off-by: Boyan Karatotev The changes look fine so please free to add, Reviewed-by: Amit Daniel Kachhap > --- > .../testing/selftests/arm64/pauth/.gitignore | 1 + > tools/testing/selftests/arm64/pauth/Makefile | 7 ++- > tools/testing/selftests/arm64/pauth/helper.c | 41 +++++++++++++++ > tools/testing/selftests/arm64/pauth/helper.h | 10 ++++ > tools/testing/selftests/arm64/pauth/pac.c | 51 +++++++++++++++++++ > 5 files changed, 108 insertions(+), 2 deletions(-) > create mode 100644 tools/testing/selftests/arm64/pauth/helper.c > > diff --git a/tools/testing/selftests/arm64/pauth/.gitignore b/tools/testing/selftests/arm64/pauth/.gitignore > index b557c916720a..155137d92722 100644 > --- a/tools/testing/selftests/arm64/pauth/.gitignore > +++ b/tools/testing/selftests/arm64/pauth/.gitignore > @@ -1 +1,2 @@ > +exec_target > pac > diff --git a/tools/testing/selftests/arm64/pauth/Makefile b/tools/testing/selftests/arm64/pauth/Makefile > index 785c775e5e41..a017d1c8dd58 100644 > --- a/tools/testing/selftests/arm64/pauth/Makefile > +++ b/tools/testing/selftests/arm64/pauth/Makefile > @@ -4,7 +4,7 @@ > CFLAGS += -mbranch-protection=pac-ret > > TEST_GEN_PROGS := pac > -TEST_GEN_FILES := pac_corruptor.o > +TEST_GEN_FILES := pac_corruptor.o helper.o > > include ../../lib.mk > > @@ -13,10 +13,13 @@ include ../../lib.mk > $(OUTPUT)/pac_corruptor.o: pac_corruptor.S > $(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a > > +$(OUTPUT)/helper.o: helper.c > + $(CC) -c $^ -o $@ $(CFLAGS) -march=armv8.3-a > + > # when -mbranch-protection is enabled and the target architecture is ARMv8.3 or > # greater, gcc emits pac* instructions which are not in HINT NOP space, > # preventing the tests from occurring at all. Compile for ARMv8.2 so tests can > # run on earlier targets and print a meaningful error messages > -$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o > +$(OUTPUT)/pac: pac.c $(OUTPUT)/pac_corruptor.o $(OUTPUT)/helper.o > $(CC) $^ -o $@ $(CFLAGS) -march=armv8.2-a > > diff --git a/tools/testing/selftests/arm64/pauth/helper.c b/tools/testing/selftests/arm64/pauth/helper.c > new file mode 100644 > index 000000000000..8619afb16124 > --- /dev/null > +++ b/tools/testing/selftests/arm64/pauth/helper.c > @@ -0,0 +1,41 @@ > +// SPDX-License-Identifier: GPL-2.0 > +// Copyright (C) 2020 ARM Limited > + > +#include "helper.h" > + > + > +size_t keyia_sign(size_t ptr) > +{ > + asm volatile("paciza %0" : "+r" (ptr)); > + return ptr; > +} > + > +size_t keyib_sign(size_t ptr) > +{ > + asm volatile("pacizb %0" : "+r" (ptr)); > + return ptr; > +} > + > +size_t keyda_sign(size_t ptr) > +{ > + asm volatile("pacdza %0" : "+r" (ptr)); > + return ptr; > +} > + > +size_t keydb_sign(size_t ptr) > +{ > + asm volatile("pacdzb %0" : "+r" (ptr)); > + return ptr; > +} > + > +size_t keyg_sign(size_t ptr) > +{ > + /* output is encoded in the upper 32 bits */ > + size_t dest = 0; > + size_t modifier = 0; > + > + asm volatile("pacga %0, %1, %2" : "=r" (dest) : "r" (ptr), "r" (modifier)); > + > + return dest; > +} > + > diff --git a/tools/testing/selftests/arm64/pauth/helper.h b/tools/testing/selftests/arm64/pauth/helper.h > index f777f88acf0a..b3cf709e249d 100644 > --- a/tools/testing/selftests/arm64/pauth/helper.h > +++ b/tools/testing/selftests/arm64/pauth/helper.h > @@ -4,7 +4,17 @@ > #ifndef _HELPER_H_ > #define _HELPER_H_ > > +#include > + > + > void pac_corruptor(void); > > +/* PAuth sign a value with key ia and modifier value 0 */ > +size_t keyia_sign(size_t val); > +size_t keyib_sign(size_t val); > +size_t keyda_sign(size_t val); > +size_t keydb_sign(size_t val); > +size_t keyg_sign(size_t val); > + > #endif > > diff --git a/tools/testing/selftests/arm64/pauth/pac.c b/tools/testing/selftests/arm64/pauth/pac.c > index ed445050f621..cdbffa8bf61e 100644 > --- a/tools/testing/selftests/arm64/pauth/pac.c > +++ b/tools/testing/selftests/arm64/pauth/pac.c > @@ -12,12 +12,25 @@ > * future version of the arm architecture > */ > > +#define PAC_COLLISION_ATTEMPTS 10 > +/* > + * The kernel sets TBID by default. So bits 55 and above should remain > + * untouched no matter what. > + * The VA space size is 48 bits. Bigger is opt-in. > + */ > +#define PAC_MASK (~0xff80ffffffffffff) > #define ASSERT_PAUTH_ENABLED() \ > do { \ > unsigned long hwcaps = getauxval(AT_HWCAP); \ > /* data key instructions are not in NOP space. This prevents a SIGILL */ \ > ASSERT_NE(0, hwcaps & HWCAP_PACA) TH_LOG("PAUTH not enabled"); \ > } while (0) > +#define ASSERT_GENERIC_PAUTH_ENABLED() \ > +do { \ > + unsigned long hwcaps = getauxval(AT_HWCAP); \ > + /* generic key instructions are not in NOP space. This prevents a SIGILL */ \ > + ASSERT_NE(0, hwcaps & HWCAP_PACG) TH_LOG("Generic PAUTH not enabled"); \ > +} while (0) > > > /* check that a corrupted PAC results in SIGSEGV */ > @@ -28,5 +41,43 @@ TEST_SIGNAL(corrupt_pac, SIGSEGV) > pac_corruptor(); > } > > +/* > + * There are no separate pac* and aut* controls so checking only the pac* > + * instructions is sufficient > + */ > +TEST(pac_instructions_not_nop) > +{ > + size_t keyia = 0; > + size_t keyib = 0; > + size_t keyda = 0; > + size_t keydb = 0; > + > + ASSERT_PAUTH_ENABLED(); > + > + for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) { > + keyia |= keyia_sign(i) & PAC_MASK; > + keyib |= keyib_sign(i) & PAC_MASK; > + keyda |= keyda_sign(i) & PAC_MASK; > + keydb |= keydb_sign(i) & PAC_MASK; > + } > + > + ASSERT_NE(0, keyia) TH_LOG("keyia instructions did nothing"); > + ASSERT_NE(0, keyib) TH_LOG("keyib instructions did nothing"); > + ASSERT_NE(0, keyda) TH_LOG("keyda instructions did nothing"); > + ASSERT_NE(0, keydb) TH_LOG("keydb instructions did nothing"); > +} > + > +TEST(pac_instructions_not_nop_generic) > +{ > + size_t keyg = 0; > + > + ASSERT_GENERIC_PAUTH_ENABLED(); > + > + for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) > + keyg |= keyg_sign(i) & PAC_MASK; > + > + ASSERT_NE(0, keyg) TH_LOG("keyg instructions did nothing"); > +} > + > TEST_HARNESS_MAIN > >