Skip to content

Commit 7660136

Browse files
wearyzenhenrikbrixandersen
wearyzen
authored and
henrikbrixandersen
committed
tests: arm: validate arm PAC with pseudo rng
Add tests to validate pointer authentication code (PAC) in 2 scenarios: 1. when the PAC key itself is corrupted 2. when lr is corrupted on stack Signed-off-by: Sudan Landge <[email protected]>
1 parent 5efbd54 commit 7660136

File tree

3 files changed

+56
-0
lines changed

3 files changed

+56
-0
lines changed

tests/arch/arm/arm_pacbti/prj.conf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,6 @@
11
CONFIG_ZTEST=y
22
CONFIG_ZTEST_FATAL_HOOK=y
3+
4+
CONFIG_TEST_RANDOM_GENERATOR=y
5+
CONFIG_TIMER_RANDOM_INITIAL_STATE=123456789
6+
CONFIG_TIMER_RANDOM_GENERATOR=y

tests/arch/arm/arm_pacbti/src/main.c

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,57 @@ void test_arm_pacbti(void)
1616
ztest_test_fail();
1717
}
1818

19+
/* Without PAC this function would have returned to test_arm_pacbti() but with PAC enabled
20+
* the AUT instruction should result in a USAGE FAULT since the `lr` was corrupted on stack.
21+
*/
22+
__asm__ (".thumb\n"
23+
".thumb_func\n"
24+
".global corrupt_lr_on_stack\n"
25+
"corrupt_lr_on_stack:\n"
26+
" pacbti r12, lr, sp\n"
27+
" stmdb sp!, {ip, lr}\n"
28+
" ldr r0,=test_arm_pacbti\n"
29+
" str r0, [sp, #4]\n"
30+
" ldmia.w sp!, {ip, lr}\n"
31+
" aut r12, lr, sp\n"
32+
" bx lr\n");
33+
void corrupt_lr_on_stack();
34+
35+
static int set_invalid_pac_key(void)
36+
{
37+
struct pac_keys test_pac_keys = {0};
38+
39+
__get_PAC_KEY_P((uint32_t *)&test_pac_keys);
40+
41+
/* Change PAC KEY for the current thread */
42+
test_pac_keys.key_0 += 1;
43+
test_pac_keys.key_1 += 1;
44+
test_pac_keys.key_2 += 1;
45+
test_pac_keys.key_3 += 1;
46+
47+
__set_PAC_KEY_P((uint32_t *)&test_pac_keys);
48+
49+
/* The AUT instruction before this test returns should now result in a USAGE FAULT */
50+
return 1;
51+
}
52+
53+
ZTEST(arm_pacbti, test_arm_pac_corrupt_lr)
54+
{
55+
ztest_set_fault_valid(true);
56+
57+
corrupt_lr_on_stack();
58+
}
59+
60+
ZTEST(arm_pacbti, test_arm_pac_invalid_key)
61+
{
62+
ztest_set_fault_valid(true);
63+
64+
if (set_invalid_pac_key()) {
65+
printf("set_invalid_pac_key should never have returned if AUT was enforced\n");
66+
ztest_test_fail();
67+
}
68+
}
69+
1970
ZTEST(arm_pacbti, test_arm_bti)
2071
{
2172
/* Try jumping to middle of a random function and mark that fault as expected because if

tests/arch/arm/arm_pacbti/testcase.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,4 @@ tests:
1212
skip: true
1313
extra_configs:
1414
- CONFIG_ARM_PACBTI_STANDARD=y
15+
- CONFIG_ARM_PAC_PER_THREAD=y

0 commit comments

Comments
 (0)