* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
@ 2020-01-14 22:58 ` Richard Henderson
2020-01-16 20:47 ` Vincent Dehors
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-01-14 22:58 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: New => Confirmed
** Changed in: qemu
Assignee: (unassigned) => Richard Henderson (rth)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Confirmed
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
2020-01-14 22:58 ` [Bug 1859713] " Richard Henderson
@ 2020-01-16 20:47 ` Vincent Dehors
2020-01-16 22:04 ` Richard Henderson
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Vincent Dehors @ 2020-01-16 20:47 UTC (permalink / raw)
To: qemu-devel
Hi,
Here is a patch for this bug. The sbox function was using "b+=16"
instead of "b+=4".
Also, you check test vector using :
```c
uint64_t P = 0xfb623599da6e8127ull;
uint64_t T = 0x477d469dec0b8762ull;
uint64_t w0 = 0x84be85ce9804e94bull;
uint64_t k0 = 0xec2802d4e0a488e9ull;
ARMPACKey key = { .hi = w0, .lo = k0 };
uint64_t C5 = pauth_computepac(P, T, key);
/* C5 should be 0xc003b93999b33765 */
```
** Patch added: "0001-target-arm-Fix-PAuth-sbox-functions.patch"
https://bugs.launchpad.net/qemu/+bug/1859713/+attachment/5320937/+files/0001-target-arm-Fix-PAuth-sbox-functions.patch
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Confirmed
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
2020-01-14 22:58 ` [Bug 1859713] " Richard Henderson
2020-01-16 20:47 ` Vincent Dehors
@ 2020-01-16 22:04 ` Richard Henderson
2020-01-16 22:43 ` Richard Henderson
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-01-16 22:04 UTC (permalink / raw)
To: qemu-devel
Ooof. Good catch on the sbox error.
That said, how did you test pauth_computepac?
I still do not get the C5 result above, but 0x99d88f4472f3be39.
The following test case sets up the parameters.
** Patch added: "test case"
https://bugs.launchpad.net/qemu/+bug/1859713/+attachment/5320967/+files/0001-tests-tcg-aarch64-Add-pauth-3.patch
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Confirmed
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
` (2 preceding siblings ...)
2020-01-16 22:04 ` Richard Henderson
@ 2020-01-16 22:43 ` Richard Henderson
2020-01-23 21:56 ` Richard Henderson
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-01-16 22:43 UTC (permalink / raw)
To: qemu-devel
Oops again. The test case has the parts of the key the wrong way around.
I'll submit the pair of patches to the mailing list.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Confirmed
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
` (3 preceding siblings ...)
2020-01-16 22:43 ` Richard Henderson
@ 2020-01-23 21:56 ` Richard Henderson
2020-04-30 13:28 ` Laurent Vivier
2020-05-23 20:07 ` Philippe Mathieu-Daudé
6 siblings, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-01-23 21:56 UTC (permalink / raw)
To: qemu-devel
Now upstream as commit de0b1bae6461f67243282555475f88b2384a1eb9.
** Changed in: qemu
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Fix Committed
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
` (4 preceding siblings ...)
2020-01-23 21:56 ` Richard Henderson
@ 2020-04-30 13:28 ` Laurent Vivier
2020-05-23 20:07 ` Philippe Mathieu-Daudé
6 siblings, 0 replies; 8+ messages in thread
From: Laurent Vivier @ 2020-04-30 13:28 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Fix Released
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1859713] Re: ARM v8.3a pauth not working
2020-01-14 21:19 [Bug 1859713] [NEW] ARM v8.3a pauth not working Adrien Grassein
` (5 preceding siblings ...)
2020-04-30 13:28 ` Laurent Vivier
@ 2020-05-23 20:07 ` Philippe Mathieu-Daudé
6 siblings, 0 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-05-23 20:07 UTC (permalink / raw)
To: qemu-devel
Apparently this fixed bug is the official CVE-2020-10702:
https://security-tracker.debian.org/tracker/CVE-2020-10702
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10702
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859713
Title:
ARM v8.3a pauth not working
Status in QEMU:
Fix Released
Bug description:
Host: Ubuntu 19.10 - x86_64 machine
QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master)
ARMV8.3 pauth is not working well.
With a test code containing two pauth instructions:
- paciasp that sign LR with A key and sp as context;
- autiasp that verify the signature.
Test:
- Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664)
Expected:
- autiasp places an invalid pointer in LR
Result:
- autiasp successfully auth the pointer and places 0x0400660 in LR.
Further explanations:
Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating.
With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit.
Values of top_bit and bottom_bit are strictly the same and it should not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859713/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread