From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 41/41] tests/tcg/aarch64: Add bti smoke tests
Date: Tue, 20 Oct 2020 16:56:56 +0100 [thread overview]
Message-ID: <20201020155656.8045-42-peter.maydell@linaro.org> (raw)
In-Reply-To: <20201020155656.8045-1-peter.maydell@linaro.org>
From: Richard Henderson <richard.henderson@linaro.org>
The note test requires gcc 10 for -mbranch-protection=standard.
The mmap test uses PROT_BTI and does not require special compiler support.
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201016184207.786698-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
tests/tcg/aarch64/bti-1.c | 62 +++++++++++++++++
tests/tcg/aarch64/bti-2.c | 108 ++++++++++++++++++++++++++++++
tests/tcg/aarch64/bti-crt.inc.c | 51 ++++++++++++++
tests/tcg/aarch64/Makefile.target | 10 +++
tests/tcg/configure.sh | 4 ++
5 files changed, 235 insertions(+)
create mode 100644 tests/tcg/aarch64/bti-1.c
create mode 100644 tests/tcg/aarch64/bti-2.c
create mode 100644 tests/tcg/aarch64/bti-crt.inc.c
diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
new file mode 100644
index 00000000000..61924f0d7a4
--- /dev/null
+++ b/tests/tcg/aarch64/bti-1.c
@@ -0,0 +1,62 @@
+/*
+ * Branch target identification, basic notskip cases.
+ */
+
+#include "bti-crt.inc.c"
+
+static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
+{
+ uc->uc_mcontext.pc += 8;
+ uc->uc_mcontext.pstate = 1;
+}
+
+#define NOP "nop"
+#define BTI_N "hint #32"
+#define BTI_C "hint #34"
+#define BTI_J "hint #36"
+#define BTI_JC "hint #38"
+
+#define BTYPE_1(DEST) \
+ asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \
+ : "=r"(skipped) : : "x16")
+
+#define BTYPE_2(DEST) \
+ asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \
+ : "=r"(skipped) : : "x16", "x30")
+
+#define BTYPE_3(DEST) \
+ asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \
+ : "=r"(skipped) : : "x15")
+
+#define TEST(WHICH, DEST, EXPECT) \
+ do { WHICH(DEST); fail += skipped ^ EXPECT; } while (0)
+
+
+int main()
+{
+ int fail = 0;
+ int skipped;
+
+ /* Signal-like with SA_SIGINFO. */
+ signal_info(SIGILL, skip2_sigill);
+
+ TEST(BTYPE_1, NOP, 1);
+ TEST(BTYPE_1, BTI_N, 1);
+ TEST(BTYPE_1, BTI_C, 0);
+ TEST(BTYPE_1, BTI_J, 0);
+ TEST(BTYPE_1, BTI_JC, 0);
+
+ TEST(BTYPE_2, NOP, 1);
+ TEST(BTYPE_2, BTI_N, 1);
+ TEST(BTYPE_2, BTI_C, 0);
+ TEST(BTYPE_2, BTI_J, 1);
+ TEST(BTYPE_2, BTI_JC, 0);
+
+ TEST(BTYPE_3, NOP, 1);
+ TEST(BTYPE_3, BTI_N, 1);
+ TEST(BTYPE_3, BTI_C, 1);
+ TEST(BTYPE_3, BTI_J, 0);
+ TEST(BTYPE_3, BTI_JC, 0);
+
+ return fail;
+}
diff --git a/tests/tcg/aarch64/bti-2.c b/tests/tcg/aarch64/bti-2.c
new file mode 100644
index 00000000000..6dc8908b5a5
--- /dev/null
+++ b/tests/tcg/aarch64/bti-2.c
@@ -0,0 +1,108 @@
+/*
+ * Branch target identification, basic notskip cases.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mman.h>
+
+#ifndef PROT_BTI
+#define PROT_BTI 0x10
+#endif
+
+static void skip2_sigill(int sig, siginfo_t *info, void *vuc)
+{
+ ucontext_t *uc = vuc;
+ uc->uc_mcontext.pc += 8;
+ uc->uc_mcontext.pstate = 1;
+}
+
+#define NOP "nop"
+#define BTI_N "hint #32"
+#define BTI_C "hint #34"
+#define BTI_J "hint #36"
+#define BTI_JC "hint #38"
+
+#define BTYPE_1(DEST) \
+ "mov x1, #1\n\t" \
+ "adr x16, 1f\n\t" \
+ "br x16\n" \
+"1: " DEST "\n\t" \
+ "mov x1, #0"
+
+#define BTYPE_2(DEST) \
+ "mov x1, #1\n\t" \
+ "adr x16, 1f\n\t" \
+ "blr x16\n" \
+"1: " DEST "\n\t" \
+ "mov x1, #0"
+
+#define BTYPE_3(DEST) \
+ "mov x1, #1\n\t" \
+ "adr x15, 1f\n\t" \
+ "br x15\n" \
+"1: " DEST "\n\t" \
+ "mov x1, #0"
+
+#define TEST(WHICH, DEST, EXPECT) \
+ WHICH(DEST) "\n" \
+ ".if " #EXPECT "\n\t" \
+ "eor x1, x1," #EXPECT "\n" \
+ ".endif\n\t" \
+ "add x0, x0, x1\n\t"
+
+extern char test_begin[], test_end[];
+
+asm("\n"
+"test_begin:\n\t"
+ BTI_C "\n\t"
+ "mov x2, x30\n\t"
+ "mov x0, #0\n\t"
+
+ TEST(BTYPE_1, NOP, 1)
+ TEST(BTYPE_1, BTI_N, 1)
+ TEST(BTYPE_1, BTI_C, 0)
+ TEST(BTYPE_1, BTI_J, 0)
+ TEST(BTYPE_1, BTI_JC, 0)
+
+ TEST(BTYPE_2, NOP, 1)
+ TEST(BTYPE_2, BTI_N, 1)
+ TEST(BTYPE_2, BTI_C, 0)
+ TEST(BTYPE_2, BTI_J, 1)
+ TEST(BTYPE_2, BTI_JC, 0)
+
+ TEST(BTYPE_3, NOP, 1)
+ TEST(BTYPE_3, BTI_N, 1)
+ TEST(BTYPE_3, BTI_C, 1)
+ TEST(BTYPE_3, BTI_J, 0)
+ TEST(BTYPE_3, BTI_JC, 0)
+
+ "ret x2\n"
+"test_end:"
+);
+
+int main()
+{
+ struct sigaction sa;
+
+ void *p = mmap(0, getpagesize(),
+ PROT_EXEC | PROT_READ | PROT_WRITE | PROT_BTI,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ if (p == MAP_FAILED) {
+ perror("mmap");
+ return 1;
+ }
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_sigaction = skip2_sigill;
+ sa.sa_flags = SA_SIGINFO;
+ if (sigaction(SIGILL, &sa, NULL) < 0) {
+ perror("sigaction");
+ return 1;
+ }
+
+ memcpy(p, test_begin, test_end - test_begin);
+ return ((int (*)(void))p)();
+}
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.inc.c
new file mode 100644
index 00000000000..47805f4e35b
--- /dev/null
+++ b/tests/tcg/aarch64/bti-crt.inc.c
@@ -0,0 +1,51 @@
+/*
+ * Minimal user-environment for testing BTI.
+ *
+ * Normal libc is not (yet) built with BTI support enabled,
+ * and so could generate a BTI TRAP before ever reaching main.
+ */
+
+#include <stdlib.h>
+#include <signal.h>
+#include <ucontext.h>
+#include <asm/unistd.h>
+
+int main(void);
+
+void _start(void)
+{
+ exit(main());
+}
+
+void exit(int ret)
+{
+ register int x0 __asm__("x0") = ret;
+ register int x8 __asm__("x8") = __NR_exit;
+
+ asm volatile("svc #0" : : "r"(x0), "r"(x8));
+ __builtin_unreachable();
+}
+
+/*
+ * Irritatingly, the user API struct sigaction does not match the
+ * kernel API struct sigaction. So for simplicity, isolate the
+ * kernel ABI here, and make this act like signal.
+ */
+void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *))
+{
+ struct kernel_sigaction {
+ void (*handler)(int, siginfo_t *, ucontext_t *);
+ unsigned long flags;
+ unsigned long restorer;
+ unsigned long mask;
+ } sa = { fn, SA_SIGINFO, 0, 0 };
+
+ register int x0 __asm__("x0") = sig;
+ register void *x1 __asm__("x1") = &sa;
+ register void *x2 __asm__("x2") = 0;
+ register int x3 __asm__("x3") = sizeof(unsigned long);
+ register int x8 __asm__("x8") = __NR_rt_sigaction;
+
+ asm volatile("svc #0"
+ : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory");
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index e7249915e7e..d7d33e293c0 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -25,6 +25,16 @@ run-pauth-%: QEMU_OPTS += -cpu max
run-plugin-pauth-%: QEMU_OPTS += -cpu max
endif
+# BTI Tests
+# bti-1 tests the elf notes, so we require special compiler support.
+ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_BTI),)
+AARCH64_TESTS += bti-1
+bti-1: CFLAGS += -mbranch-protection=standard
+bti-1: LDFLAGS += -nostdlib
+endif
+# bti-2 tests PROT_BTI, so no special compiler support required.
+AARCH64_TESTS += bti-2
+
# Semihosting smoke test for linux-user
AARCH64_TESTS += semihosting
run-semihosting: semihosting
diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index be51bdb5a4a..e1b70e25f23 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -240,6 +240,10 @@ for target in $target_list; do
-march=armv8.3-a -o $TMPE $TMPC; then
echo "CROSS_CC_HAS_ARMV8_3=y" >> $config_target_mak
fi
+ if do_compiler "$target_compiler" $target_compiler_cflags \
+ -mbranch-protection=standard -o $TMPE $TMPC; then
+ echo "CROSS_CC_HAS_ARMV8_BTI=y" >> $config_target_mak
+ fi
;;
esac
--
2.20.1
next prev parent reply other threads:[~2020-10-20 16:23 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-20 15:56 [PULL 00/41] target-arm queue Peter Maydell
2020-10-20 15:56 ` [PULL 01/41] target/arm: Fix SMLAD incorrect setting of Q bit Peter Maydell
2020-10-20 15:56 ` [PULL 02/41] target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest Peter Maydell
2020-10-20 15:56 ` [PULL 03/41] hw/arm/strongarm: Fix 'time to transmit a char' unit comment Peter Maydell
2020-10-20 15:56 ` [PULL 04/41] hw/arm: Restrict APEI tables generation to the 'virt' machine Peter Maydell
2020-10-20 15:56 ` [PULL 05/41] hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition Peter Maydell
2020-10-20 15:56 ` [PULL 06/41] hw/timer/bcm2835: Rename variable holding CTRL_STATUS register Peter Maydell
2020-10-20 15:56 ` [PULL 07/41] hw/timer/bcm2835: Support the timer COMPARE registers Peter Maydell
2020-10-20 15:56 ` [PULL 08/41] hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs Peter Maydell
2020-10-20 15:56 ` [PULL 09/41] accel/tcg: Add tlb_flush_page_bits_by_mmuidx* Peter Maydell
2020-10-20 15:56 ` [PULL 10/41] target/arm: Use tlb_flush_page_bits_by_mmuidx* Peter Maydell
2020-10-20 15:56 ` [PULL 11/41] tests/qtest: Add npcm7xx timer test Peter Maydell
2020-10-20 15:56 ` [PULL 12/41] loads-stores.rst: add footnote that clarifies GETPC usage Peter Maydell
2020-10-20 15:56 ` [PULL 13/41] hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers Peter Maydell
2020-10-20 15:56 ` [PULL 14/41] hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers Peter Maydell
2020-10-20 15:56 ` [PULL 15/41] target/arm: Remove redundant mmu_idx lookup Peter Maydell
2020-10-20 15:56 ` [PULL 16/41] target/arm: Fix reported EL for mte_check_fail Peter Maydell
2020-10-20 15:56 ` [PULL 17/41] target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11 Peter Maydell
2020-10-20 15:56 ` [PULL 18/41] microbit_i2c: Fix coredump when dump-vmstate Peter Maydell
2020-10-20 15:56 ` [PULL 19/41] hw/arm/nseries: Fix loading kernel image on n8x0 machines Peter Maydell
2020-10-20 15:56 ` [PULL 20/41] decodetree: Fix codegen for non-overlapping group inside overlapping group Peter Maydell
2020-10-20 15:56 ` [PULL 21/41] target/arm: Implement v8.1M NOCP handling Peter Maydell
2020-10-20 15:56 ` [PULL 22/41] target/arm: Implement v8.1M conditional-select insns Peter Maydell
2020-10-20 15:56 ` [PULL 23/41] target/arm: Make the t32 insn[25:23]=111 group non-overlapping Peter Maydell
2020-10-20 15:56 ` [PULL 24/41] target/arm: Don't allow BLX imm for M-profile Peter Maydell
2020-10-20 15:56 ` [PULL 25/41] target/arm: Implement v8.1M branch-future insns (as NOPs) Peter Maydell
2020-10-20 15:56 ` [PULL 26/41] target/arm: Implement v8.1M low-overhead-loop instructions Peter Maydell
2020-10-20 15:56 ` [PULL 27/41] target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile Peter Maydell
2020-10-20 15:56 ` [PULL 28/41] target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16 Peter Maydell
2020-10-20 15:56 ` [PULL 29/41] target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension Peter Maydell
2020-10-20 15:56 ` [PULL 30/41] linux-user/aarch64: Reset btype for signals Peter Maydell
2020-10-20 15:56 ` [PULL 31/41] linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI Peter Maydell
2020-10-20 15:56 ` [PULL 32/41] include/elf: Add defines related to GNU property notes for AArch64 Peter Maydell
2020-10-20 15:56 ` [PULL 33/41] linux-user/elfload: Avoid leaking interp_name using GLib memory API Peter Maydell
2020-10-20 15:56 ` [PULL 34/41] linux-user/elfload: Fix coding style in load_elf_image Peter Maydell
2020-10-20 15:56 ` [PULL 35/41] linux-user/elfload: Adjust iteration over phdr Peter Maydell
2020-10-20 15:56 ` [PULL 36/41] linux-user/elfload: Move PT_INTERP detection to first loop Peter Maydell
2020-10-20 15:56 ` [PULL 37/41] linux-user/elfload: Use Error for load_elf_image Peter Maydell
2020-10-20 15:56 ` [PULL 38/41] linux-user/elfload: Use Error for load_elf_interp Peter Maydell
2020-10-20 15:56 ` [PULL 39/41] linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes Peter Maydell
2020-10-20 15:56 ` [PULL 40/41] linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND Peter Maydell
2020-10-20 15:56 ` Peter Maydell [this message]
2020-10-20 16:36 ` [PULL 00/41] target-arm queue Philippe Mathieu-Daudé
2020-10-20 16:36 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201020155656.8045-42-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.