qemu/tests/tcg/aarch64/pauth-5.c

#include <assert.h>

static int x;

int main()
{
    int *p0 = &x, *p1, *p2, *p3;
    unsigned long salt = 0;

    /*
     * With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so
     * a 1/128 chance of auth = pac(ptr,key,salt) producing zero.
     * Find a salt that creates auth != 0.
     */
    do {
        salt++;
        asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));
    } while (p0 == p1);

    /*
     * This pac must fail, because the input pointer bears an encryption,
     * and so is not properly extended within bits [55:47].  This will
     * toggle bit 54 in the output...
     */
    asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));

    /* ... so that the aut must fail, setting bit 53 in the output ... */
    asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));

    /* ... which means this equality must not hold. */
    assert(p3 != p0);
    return 0;
}
target/arm: Fix AddPAC error indication The definition of top_bit used in this function is one higher than that used in the Arm ARM psuedo-code, which put the error indication at top_bit - 1 at the wrong place, which meant that it wasn't visible to Auth. Fixing the definition of top_bit requires more changes, because its most common use is for the count of bits in top_bit:bot_bit, which would then need to be computed as top_bit - bot_bit + 1. For now, prefer the minimal fix to the error indication alone. Fixes: 63ff0ca94cb Reported-by: Derrick McKee <derrick.mckee@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200728195706.11087-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: added comment about the divergence from the pseudocode] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> 2020-08-03 19:55:03 +03:00			`#include <assert.h>`

			`static int x;`

			`int main()`
			`{`
			`int p0 = &x, p1, p2, p3;`
			`unsigned long salt = 0;`

			`/*`
			`* With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so`
			`* a 1/128 chance of auth = pac(ptr,key,salt) producing zero.`
			`* Find a salt that creates auth != 0.`
			`*/`
			`do {`
			`salt++;`
			`asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));`
			`} while (p0 == p1);`

			`/*`
			`* This pac must fail, because the input pointer bears an encryption,`
			`* and so is not properly extended within bits [55:47]. This will`
			`* toggle bit 54 in the output...`
			`*/`
			`asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));`

			`/* ... so that the aut must fail, setting bit 53 in the output ... */`
			`asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));`

			`/* ... which means this equality must not hold. */`
			`assert(p3 != p0);`
			`return 0;`
			`}`