mbox series

[v3,0/4] kselftests/arm64: add PAuth tests

Message ID 20200918104715.182310-1-boian4o1@gmail.com
Headers show
Series kselftests/arm64: add PAuth tests | expand

Message

Boyan Karatotev Sept. 18, 2020, 10:47 a.m. UTC
Pointer Authentication (PAuth) is a security feature introduced in ARMv8.3.
It introduces instructions to sign addresses and later check for potential
corruption using a second modifier value and one of a set of keys. The
signature, in the form of the Pointer Authentication Code (PAC), is stored
in some of the top unused bits of the virtual address (e.g. [54: 49] if
TBID0 is enabled and TnSZ is set to use a 48 bit VA space). A set of
controls are present to enable/disable groups of instructions (which use
certain keys) for compatibility with libraries that do not utilize the
feature. PAuth is used to verify the integrity of return addresses on the
stack with less memory than the stack canary.

This patchset adds kselftests to verify the kernel's configuration of the
feature and its runtime behaviour. There are 7 tests which verify that:
	* an authentication failure leads to a SIGSEGV
	* the data/instruction instruction groups are enabled
	* the generic instructions are enabled
	* all 5 keys are different for a single thread
	* exec() changes all keys to new different ones
	* context switching preserves the 4 data/instruction keys
	* context switching preserves the generic keys

The tests have been verified to work on qemu without a working PAUTH
Implementation and on ARM's FVP with a full or partial PAuth
implementation.

Changes in v3:
* remove double blank lines
* Patch 1: "kselftests: add a basic arm64 Pointer Authentication test"
    * shorten pac_corruptor.S to cut out unnecessary code
    * add second signal handler to cover ARMv8.6 compatibily
* Patch 3: "kselftests/arm64: add PAuth test for whether exec() changes keys"
    * change name of "exec_unique_keys" to "exec_changed_keys"
    * change reporting of error to be how many keys were left unchanged
* Path 4: "kselftests/arm64: add PAuth tests for single threaded consistency and key uniqueness"
    * change unique to different
    * rename "single_thread_unique_keys" to "single_thread_different_keys"
    * change reporting of error to be how many keys were left unchanged

Changes in v2:
* remove extra lines at end of files
* Patch 1: "kselftests: add a basic arm64 Pointer Authentication test"
	* add checks for a compatible compiler in Makefile
* Patch 4: "kselftests: add PAuth tests for single threaded consistency and
key uniqueness"
	* rephrase comment for clarity in pac.c

Cc: Shuah Khan <shuah@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com>
Reviewed-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>

Boyan Karatotev (4):
  kselftests/arm64: add a basic Pointer Authentication test
  kselftests/arm64: add nop checks for PAuth tests
  kselftests/arm64: add PAuth test for whether exec() changes keys
  kselftests/arm64: add PAuth tests for single threaded consistency and
    differently initialized keys

 tools/testing/selftests/arm64/Makefile        |   2 +-
 .../testing/selftests/arm64/pauth/.gitignore  |   2 +
 tools/testing/selftests/arm64/pauth/Makefile  |  39 ++
 .../selftests/arm64/pauth/exec_target.c       |  34 ++
 tools/testing/selftests/arm64/pauth/helper.c  |  39 ++
 tools/testing/selftests/arm64/pauth/helper.h  |  28 ++
 tools/testing/selftests/arm64/pauth/pac.c     | 368 ++++++++++++++++++
 .../selftests/arm64/pauth/pac_corruptor.S     |  19 +
 8 files changed, 530 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/arm64/pauth/.gitignore
 create mode 100644 tools/testing/selftests/arm64/pauth/Makefile
 create mode 100644 tools/testing/selftests/arm64/pauth/exec_target.c
 create mode 100644 tools/testing/selftests/arm64/pauth/helper.c
 create mode 100644 tools/testing/selftests/arm64/pauth/helper.h
 create mode 100644 tools/testing/selftests/arm64/pauth/pac.c
 create mode 100644 tools/testing/selftests/arm64/pauth/pac_corruptor.S

--
2.28.0

Comments

Will Deacon Sept. 18, 2020, 4:17 p.m. UTC | #1
On Fri, 18 Sep 2020 11:47:11 +0100, Boyan Karatotev wrote:
> Pointer Authentication (PAuth) is a security feature introduced in ARMv8.3.
> It introduces instructions to sign addresses and later check for potential
> corruption using a second modifier value and one of a set of keys. The
> signature, in the form of the Pointer Authentication Code (PAC), is stored
> in some of the top unused bits of the virtual address (e.g. [54: 49] if
> TBID0 is enabled and TnSZ is set to use a 48 bit VA space). A set of
> controls are present to enable/disable groups of instructions (which use
> certain keys) for compatibility with libraries that do not utilize the
> feature. PAuth is used to verify the integrity of return addresses on the
> stack with less memory than the stack canary.
> 
> [...]

Applied to arm64 (for-next/selftests), thanks!

[1/4] kselftests/arm64: add a basic Pointer Authentication test
      https://git.kernel.org/arm64/c/e74e1d557285
[2/4] kselftests/arm64: add nop checks for PAuth tests
      https://git.kernel.org/arm64/c/766d95b1ed93
[3/4] kselftests/arm64: add PAuth test for whether exec() changes keys
      https://git.kernel.org/arm64/c/806a15b2545e
[4/4] kselftests/arm64: add PAuth tests for single threaded consistency and differently initialized keys
      https://git.kernel.org/arm64/c/d21435e9670b

Cheers,