1
2
3
4#define _GNU_SOURCE
5
6#include <sys/auxv.h>
7#include <sys/types.h>
8#include <sys/wait.h>
9#include <signal.h>
10#include <setjmp.h>
11#include <sched.h>
12
13#include "../../kselftest_harness.h"
14#include "helper.h"
15
16#define PAC_COLLISION_ATTEMPTS 10
17
18
19
20
21
22#define PAC_MASK (~0xff80ffffffffffff)
23#define ARBITRARY_VALUE (0x1234)
24#define ASSERT_PAUTH_ENABLED() \
25do { \
26 unsigned long hwcaps = getauxval(AT_HWCAP); \
27 \
28 if (!(hwcaps & HWCAP_PACA)) \
29 SKIP(return, "PAUTH not enabled"); \
30} while (0)
31#define ASSERT_GENERIC_PAUTH_ENABLED() \
32do { \
33 unsigned long hwcaps = getauxval(AT_HWCAP); \
34 \
35 if (!(hwcaps & HWCAP_PACG)) \
36 SKIP(return, "Generic PAUTH not enabled"); \
37} while (0)
38
39void sign_specific(struct signatures *sign, size_t val)
40{
41 sign->keyia = keyia_sign(val);
42 sign->keyib = keyib_sign(val);
43 sign->keyda = keyda_sign(val);
44 sign->keydb = keydb_sign(val);
45}
46
47void sign_all(struct signatures *sign, size_t val)
48{
49 sign->keyia = keyia_sign(val);
50 sign->keyib = keyib_sign(val);
51 sign->keyda = keyda_sign(val);
52 sign->keydb = keydb_sign(val);
53 sign->keyg = keyg_sign(val);
54}
55
56int n_same(struct signatures *old, struct signatures *new, int nkeys)
57{
58 int res = 0;
59
60 res += old->keyia == new->keyia;
61 res += old->keyib == new->keyib;
62 res += old->keyda == new->keyda;
63 res += old->keydb == new->keydb;
64 if (nkeys == NKEYS)
65 res += old->keyg == new->keyg;
66
67 return res;
68}
69
70int n_same_single_set(struct signatures *sign, int nkeys)
71{
72 size_t vals[nkeys];
73 int same = 0;
74
75 vals[0] = sign->keyia & PAC_MASK;
76 vals[1] = sign->keyib & PAC_MASK;
77 vals[2] = sign->keyda & PAC_MASK;
78 vals[3] = sign->keydb & PAC_MASK;
79
80 if (nkeys >= 4)
81 vals[4] = sign->keyg & PAC_MASK;
82
83 for (int i = 0; i < nkeys - 1; i++) {
84 for (int j = i + 1; j < nkeys; j++) {
85 if (vals[i] == vals[j])
86 same += 1;
87 }
88 }
89 return same;
90}
91
92int exec_sign_all(struct signatures *signed_vals, size_t val)
93{
94 int new_stdin[2];
95 int new_stdout[2];
96 int status;
97 int i;
98 ssize_t ret;
99 pid_t pid;
100 cpu_set_t mask;
101
102 ret = pipe(new_stdin);
103 if (ret == -1) {
104 perror("pipe returned error");
105 return -1;
106 }
107
108 ret = pipe(new_stdout);
109 if (ret == -1) {
110 perror("pipe returned error");
111 return -1;
112 }
113
114
115
116
117
118 sched_getaffinity(0, sizeof(mask), &mask);
119
120 for (i = 0; i < sizeof(cpu_set_t); i++)
121 if (CPU_ISSET(i, &mask))
122 break;
123
124 CPU_ZERO(&mask);
125 CPU_SET(i, &mask);
126 sched_setaffinity(0, sizeof(mask), &mask);
127
128 pid = fork();
129
130 if (pid == 0) {
131 dup2(new_stdin[0], STDIN_FILENO);
132 if (ret == -1) {
133 perror("dup2 returned error");
134 exit(1);
135 }
136
137 dup2(new_stdout[1], STDOUT_FILENO);
138 if (ret == -1) {
139 perror("dup2 returned error");
140 exit(1);
141 }
142
143 close(new_stdin[0]);
144 close(new_stdin[1]);
145 close(new_stdout[0]);
146 close(new_stdout[1]);
147
148 ret = execl("exec_target", "exec_target", (char *)NULL);
149 if (ret == -1) {
150 perror("exec returned error");
151 exit(1);
152 }
153 }
154
155 close(new_stdin[0]);
156 close(new_stdout[1]);
157
158 ret = write(new_stdin[1], &val, sizeof(size_t));
159 if (ret == -1) {
160 perror("write returned error");
161 return -1;
162 }
163
164
165
166
167
168
169 waitpid(pid, &status, 0);
170 if (WIFEXITED(status) == 0) {
171 fprintf(stderr, "worker exited unexpectedly\n");
172 return -1;
173 }
174 if (WEXITSTATUS(status) != 0) {
175 fprintf(stderr, "worker exited with error\n");
176 return -1;
177 }
178
179 ret = read(new_stdout[0], signed_vals, sizeof(struct signatures));
180 if (ret == -1) {
181 perror("read returned error");
182 return -1;
183 }
184
185 return 0;
186}
187
188sigjmp_buf jmpbuf;
189void pac_signal_handler(int signum, siginfo_t *si, void *uc)
190{
191 if (signum == SIGSEGV || signum == SIGILL)
192 siglongjmp(jmpbuf, 1);
193}
194
195
196TEST(corrupt_pac)
197{
198 struct sigaction sa;
199
200 ASSERT_PAUTH_ENABLED();
201 if (sigsetjmp(jmpbuf, 1) == 0) {
202 sa.sa_sigaction = pac_signal_handler;
203 sa.sa_flags = SA_SIGINFO | SA_RESETHAND;
204 sigemptyset(&sa.sa_mask);
205
206 sigaction(SIGSEGV, &sa, NULL);
207 sigaction(SIGILL, &sa, NULL);
208
209 pac_corruptor();
210 ASSERT_TRUE(0) TH_LOG("SIGSEGV/SIGILL signal did not occur");
211 }
212}
213
214
215
216
217
218TEST(pac_instructions_not_nop)
219{
220 size_t keyia = 0;
221 size_t keyib = 0;
222 size_t keyda = 0;
223 size_t keydb = 0;
224
225 ASSERT_PAUTH_ENABLED();
226
227 for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) {
228 keyia |= keyia_sign(i) & PAC_MASK;
229 keyib |= keyib_sign(i) & PAC_MASK;
230 keyda |= keyda_sign(i) & PAC_MASK;
231 keydb |= keydb_sign(i) & PAC_MASK;
232 }
233
234 ASSERT_NE(0, keyia) TH_LOG("keyia instructions did nothing");
235 ASSERT_NE(0, keyib) TH_LOG("keyib instructions did nothing");
236 ASSERT_NE(0, keyda) TH_LOG("keyda instructions did nothing");
237 ASSERT_NE(0, keydb) TH_LOG("keydb instructions did nothing");
238}
239
240TEST(pac_instructions_not_nop_generic)
241{
242 size_t keyg = 0;
243
244 ASSERT_GENERIC_PAUTH_ENABLED();
245
246 for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++)
247 keyg |= keyg_sign(i) & PAC_MASK;
248
249 ASSERT_NE(0, keyg) TH_LOG("keyg instructions did nothing");
250}
251
252TEST(single_thread_different_keys)
253{
254 int same = 10;
255 int nkeys = NKEYS;
256 int tmp;
257 struct signatures signed_vals;
258 unsigned long hwcaps = getauxval(AT_HWCAP);
259
260
261 ASSERT_PAUTH_ENABLED();
262 if (!(hwcaps & HWCAP_PACG)) {
263 TH_LOG("WARNING: Generic PAUTH not enabled. Skipping generic key checks");
264 nkeys = NKEYS - 1;
265 }
266
267
268
269
270
271
272
273
274
275
276 for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) {
277 if (nkeys == NKEYS)
278 sign_all(&signed_vals, i);
279 else
280 sign_specific(&signed_vals, i);
281
282 tmp = n_same_single_set(&signed_vals, nkeys);
283 if (tmp < same)
284 same = tmp;
285 }
286
287 ASSERT_EQ(0, same) TH_LOG("%d keys clashed every time", same);
288}
289
290
291
292
293
294TEST(exec_changed_keys)
295{
296 struct signatures new_keys;
297 struct signatures old_keys;
298 int ret;
299 int same = 10;
300 int nkeys = NKEYS;
301 unsigned long hwcaps = getauxval(AT_HWCAP);
302
303
304 ASSERT_PAUTH_ENABLED();
305 if (!(hwcaps & HWCAP_PACG)) {
306 TH_LOG("WARNING: Generic PAUTH not enabled. Skipping generic key checks");
307 nkeys = NKEYS - 1;
308 }
309
310 for (int i = 0; i < PAC_COLLISION_ATTEMPTS; i++) {
311 ret = exec_sign_all(&new_keys, i);
312 ASSERT_EQ(0, ret) TH_LOG("failed to run worker");
313
314 if (nkeys == NKEYS)
315 sign_all(&old_keys, i);
316 else
317 sign_specific(&old_keys, i);
318
319 ret = n_same(&old_keys, &new_keys, nkeys);
320 if (ret < same)
321 same = ret;
322 }
323
324 ASSERT_EQ(0, same) TH_LOG("exec() did not change %d keys", same);
325}
326
327TEST(context_switch_keep_keys)
328{
329 int ret;
330 struct signatures trash;
331 struct signatures before;
332 struct signatures after;
333
334 ASSERT_PAUTH_ENABLED();
335
336 sign_specific(&before, ARBITRARY_VALUE);
337
338
339 ret = exec_sign_all(&trash, ARBITRARY_VALUE);
340 ASSERT_EQ(0, ret) TH_LOG("failed to run worker");
341
342 sign_specific(&after, ARBITRARY_VALUE);
343
344 ASSERT_EQ(before.keyia, after.keyia) TH_LOG("keyia changed after context switching");
345 ASSERT_EQ(before.keyib, after.keyib) TH_LOG("keyib changed after context switching");
346 ASSERT_EQ(before.keyda, after.keyda) TH_LOG("keyda changed after context switching");
347 ASSERT_EQ(before.keydb, after.keydb) TH_LOG("keydb changed after context switching");
348}
349
350TEST(context_switch_keep_keys_generic)
351{
352 int ret;
353 struct signatures trash;
354 size_t before;
355 size_t after;
356
357 ASSERT_GENERIC_PAUTH_ENABLED();
358
359 before = keyg_sign(ARBITRARY_VALUE);
360
361
362 ret = exec_sign_all(&trash, ARBITRARY_VALUE);
363 ASSERT_EQ(0, ret) TH_LOG("failed to run worker");
364
365 after = keyg_sign(ARBITRARY_VALUE);
366
367 ASSERT_EQ(before, after) TH_LOG("keyg changed after context switching");
368}
369
370TEST_HARNESS_MAIN
371