From patchwork Sat Aug 3 21:08:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 170516 Delivered-To: patch@linaro.org Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2431132ile; Sat, 3 Aug 2019 14:10:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqy8a02LIXYNBJhDagvzKHGXQHnhwhUEmN2dZX7oUazlFxxDBEFusF867sg95Tu4ZdLYPH2k X-Received: by 2002:a05:620a:64c:: with SMTP id a12mr96136678qka.391.1564866657724; Sat, 03 Aug 2019 14:10:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564866657; cv=none; d=google.com; s=arc-20160816; b=SHzxhg3zJEDD07roCfTK3nx8xZ/+YD+xuL3H0pMTO862jYKaYe9EeWQUuZBGvRHGJk Wh9QKFeAcSs8TB0h4Gyy8vcrSxSFWPAy/8My1bZ2A2+5mgEJIm2Tzi9O8EgFs/Bw4iVT TQLVe7K0RF/etgPunUw9CZ5B2lUwi3kJvK4E/RTMqC2dn5ae/XGYgcVhchbEOBvjVSZq RewWcdyXWdyvMrzmZHK3iIjmhxsAPcBhIDU4GRfN89JSnuhPr9cOWAFth+7pRAI+KHam MByiZpIa82NJUcJqGaOLHiZphK6nADuoqfF7iNqwX3x26a6ACDKgxmvqqyz2xjcjMpcg E4EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=; b=vKa0xLhnsK49DpAACtCe27/48SiKoMC7xfqlbWW8EEtHs723MKHSRPq6HxOwdhqObh ovj4KDjsueigslaXp0YsT+2G32r8inGQkW1v6wwXExfGF4+SRl52DsP8dH7S/RX9Dd4H AmCzxA+5CtpVydrrnHUpQTOCFFRGyKiPWOXmhdKWiqjn0Z/BxkiNR5VD/Smuk9YpMteu lHH/7qiiTFqMrm/NEkHwqlJmyJSSrOM9FNttYoTE4uAriTEjCYfS/UGTLfyqT/MTPSiY 2TyjBfvVpdk8PJG3kcjUiwIf7Na7hbYxumvrV/xZVKCZWxgeJeeWnRBi1Ld6SqRBj7xn qmdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=wXt7I3zB; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id n37si47966841qtk.173.2019.08.03.14.10.57 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 03 Aug 2019 14:10:57 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=wXt7I3zB; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:42040 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hu1In-0006w5-D2 for patch@linaro.org; Sat, 03 Aug 2019 17:10:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52056) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hu1GL-00017B-Pw for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hu1GK-0005TV-1B for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:25 -0400 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:46126) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hu1GJ-0005O2-Q4 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:23 -0400 Received: by mail-pg1-x544.google.com with SMTP id w3so546512pgt.13 for ; Sat, 03 Aug 2019 14:08:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=; b=wXt7I3zB3wMa4+YLho9mQUxPzGQBbZhOb362mB0lupmEWE5Ts5RvEoLDu8UMmPJ16A SsoSkjCXr6uWvF0RInoU3J/L5jkRaBe1XYxZ+aLOYjfq61vjnWvOjz6MsAIJ+KGps+dP Z6CJXwPSprvhq9I9y74vl96j3jmzv03HxjdCYgvAPcXky2VC/Bx8fnzlk9EblFtwRb+J m5OWJrUu4nILp0jOk5n6kdsSSIeD/eZGSdqtTSD7wkMp79ulM1J446NIGP8yF9ZLQCb+ MW8a3DtPA1epzLqQYc9cx9tv2xfmO/EyAHjtGFlLO34AJq3UjLE+s5fmwLrl9NWMCVA0 r5SQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=; b=UQB1y117WglQh7GqxJeaD/zHHE7aiRTWNjedb/lxbeHWeUGB2Se22QcJkP+bxWf7ui 2Jbk06kiPkFTTVxrX9ECJRDiKkugg6CFeaKS93h0RmDzKhI3ONso8wfBpb7lrHu7Yyiz l4uZX57727IU0uqei42J5Pspt1nNj8r6+rWpCoITNB85wVkw3mu7FgDamxpVdJZxPaZH 1jV4OjtOE4sDd8OhFh+xqKd78aS10TZV+miXK92C0m5PulEsUOTdElGo5Gay0AUaZncp dPMxuYGN9IsFJG5W07Q6rVPFlLHaZ1CorzfRqirKhhBQwQE1YOChfUwbEAW00r5hbR5z y0mQ== X-Gm-Message-State: APjAAAWTV3Hrf4QtK6Fvjd00bAxIq1jTrZWXZyB7gnM19GpYArKmoRFH USWwRvZExqBEXcfwb1GZuCygfhZqMzQ= X-Received: by 2002:a63:3006:: with SMTP id w6mr8164127pgw.440.1564866494221; Sat, 03 Aug 2019 14:08:14 -0700 (PDT) Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net. [97.113.7.119]) by smtp.gmail.com with ESMTPSA id x25sm110129644pfa.90.2019.08.03.14.08.13 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sat, 03 Aug 2019 14:08:13 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Sat, 3 Aug 2019 14:08:03 -0700 Message-Id: <20190803210803.5701-7-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org> References: <20190803210803.5701-1-richard.henderson@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::544 Subject: [Qemu-devel] [PATCH v7 6/6] tests/tcg/aarch64: Add bti smoke test X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org, Dave.Martin@arm.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" This will build with older toolchains, without the upstream support for -mbranch-protection. Such a toolchain will produce a warning in such cases, ld: warning: /tmp/ccyZt0kq.o: unsupported GNU_PROPERTY_TYPE (5) \ type: 0xc0000000 but the still places the note at the correct location in the binary for processing by the runtime loader. Signed-off-by: Richard Henderson --- tests/tcg/aarch64/bti-1.c | 77 +++++++++++++++++++++++++++++++ tests/tcg/aarch64/bti-crt.inc.c | 69 +++++++++++++++++++++++++++ tests/tcg/aarch64/Makefile.target | 3 ++ tests/tcg/aarch64/bti.ld | 15 ++++++ 4 files changed, 164 insertions(+) create mode 100644 tests/tcg/aarch64/bti-1.c create mode 100644 tests/tcg/aarch64/bti-crt.inc.c create mode 100644 tests/tcg/aarch64/bti.ld -- 2.17.1 diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c new file mode 100644 index 0000000000..2aee57ea7a --- /dev/null +++ b/tests/tcg/aarch64/bti-1.c @@ -0,0 +1,77 @@ +/* + * Branch target identification, basic notskip cases. + */ + +#include "bti-crt.inc.c" + +/* + * Work around lack of -mbranch-protection=standard in older toolchains. + * The signal handler is invoked by the kernel with PSTATE.BTYPE=2, which + * means that the handler must begin with a marker like BTI_C. + */ +asm("skip2_sigill1:\n\ + hint #34\n\ + b skip2_sigill2\n\ +.type skip2_sigill1,%function\n\ +.size skip2_sigill1,8"); + +extern void skip2_sigill1(int sig, siginfo_t *info, ucontext_t *uc) + __attribute__((visibility("hidden"))); + +static void __attribute__((used)) +skip2_sigill2(int sig, siginfo_t *info, ucontext_t *uc) +{ + uc->uc_mcontext.pc += 8; + uc->uc_mcontext.pstate = 1; +} + +#define NOP "nop" +#define BTI_N "hint #32" +#define BTI_C "hint #34" +#define BTI_J "hint #36" +#define BTI_JC "hint #38" + +#define BTYPE_1(DEST) \ + asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \ + : "=r"(skipped) : : "x16") + +#define BTYPE_2(DEST) \ + asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \ + : "=r"(skipped) : : "x16", "x30") + +#define BTYPE_3(DEST) \ + asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \ + : "=r"(skipped) : : "x15") + +#define TEST(WHICH, DEST, EXPECT) \ + do { WHICH(DEST); fail += skipped ^ EXPECT; } while (0) + + +int main() +{ + int fail = 0; + int skipped; + + /* Signal-like with SA_SIGINFO. */ + signal_info(SIGILL, skip2_sigill1); + + TEST(BTYPE_1, NOP, 1); + TEST(BTYPE_1, BTI_N, 1); + TEST(BTYPE_1, BTI_C, 0); + TEST(BTYPE_1, BTI_J, 0); + TEST(BTYPE_1, BTI_JC, 0); + + TEST(BTYPE_2, NOP, 1); + TEST(BTYPE_2, BTI_N, 1); + TEST(BTYPE_2, BTI_C, 0); + TEST(BTYPE_2, BTI_J, 1); + TEST(BTYPE_2, BTI_JC, 0); + + TEST(BTYPE_3, NOP, 1); + TEST(BTYPE_3, BTI_N, 1); + TEST(BTYPE_3, BTI_C, 1); + TEST(BTYPE_3, BTI_J, 0); + TEST(BTYPE_3, BTI_JC, 0); + + return fail; +} diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.inc.c new file mode 100644 index 0000000000..bb363853de --- /dev/null +++ b/tests/tcg/aarch64/bti-crt.inc.c @@ -0,0 +1,69 @@ +/* + * Minimal user-environment for testing BTI. + * + * Normal libc is not built with BTI support enabled, and so could + * generate a BTI TRAP before ever reaching main. + */ + +#include +#include +#include +#include + +int main(void); + +void _start(void) +{ + exit(main()); +} + +void exit(int ret) +{ + register int x0 __asm__("x0") = ret; + register int x8 __asm__("x8") = __NR_exit; + + asm volatile("svc #0" : : "r"(x0), "r"(x8)); + __builtin_unreachable(); +} + +/* + * Irritatingly, the user API struct sigaction does not match the + * kernel API struct sigaction. So for simplicity, isolate the + * kernel ABI here, and make this act like signal. + */ +void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *)) +{ + struct kernel_sigaction { + void (*handler)(int, siginfo_t *, ucontext_t *); + unsigned long flags; + unsigned long restorer; + unsigned long mask; + } sa = { fn, SA_SIGINFO, 0, 0 }; + + register int x0 __asm__("x0") = sig; + register void *x1 __asm__("x1") = &sa; + register void *x2 __asm__("x2") = 0; + register int x3 __asm__("x3") = sizeof(unsigned long); + register int x8 __asm__("x8") = __NR_rt_sigaction; + + asm volatile("svc #0" + : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory"); +} + +/* + * Create the PT_NOTE that will enable BTI in the page tables. + * This will be created by the compiler with -mbranch-protection=standard, + * but as of 2019-03-29, this is has not been committed to gcc mainline. + * This will probably be in GCC10. + */ +asm(".section .note.gnu.property,\"a\"\n\ + .align 3\n\ + .long 4\n\ + .long 16\n\ + .long 5\n\ + .string \"GNU\"\n\ + .long 0xc0000000\n\ + .long 4\n\ + .long 1\n\ + .align 3\n\ + .previous"); diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target index 31ba9cfcaa..68135c6ee8 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -18,4 +18,7 @@ run-fcvt: fcvt AARCH64_TESTS += pauth-1 pauth-2 run-pauth-%: QEMU += -cpu max +AARCH64_TESTS += bti-1 +bti-1: LDFLAGS += -nostdlib -Wl,-T,$(AARCH64_SRC)/bti.ld + TESTS:=$(AARCH64_TESTS) diff --git a/tests/tcg/aarch64/bti.ld b/tests/tcg/aarch64/bti.ld new file mode 100644 index 0000000000..a5ef98f8a2 --- /dev/null +++ b/tests/tcg/aarch64/bti.ld @@ -0,0 +1,15 @@ +ENTRY(_start) + +PHDRS +{ + text PT_LOAD FILEHDR PHDRS; + prop 0x6474e553 ; /* PT_GNU_PROPERTY */ +} + +SECTIONS +{ + . = 1M + SIZEOF_HEADERS; + .note.gnu.property : { *(.note.gnu.property) } :text :prop + .text : { *(.text) *(.rodata) } :text + /DISCARD/ : { *(.note.gnu.build-id) } +}