qemu/tests/tcg/aarch64/pauth-5.c
Richard Henderson 8796fe40dd target/arm: Fix AddPAC error indication
The definition of top_bit used in this function is one higher
than that used in the Arm ARM psuedo-code, which put the error
indication at top_bit - 1 at the wrong place, which meant that
it wasn't visible to Auth.

Fixing the definition of top_bit requires more changes, because
its most common use is for the count of bits in top_bit:bot_bit,
which would then need to be computed as top_bit - bot_bit + 1.

For now, prefer the minimal fix to the error indication alone.

Fixes: 63ff0ca94c
Reported-by: Derrick McKee <derrick.mckee@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200728195706.11087-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added comment about the divergence from the pseudocode]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-03 17:55:03 +01:00

34 lines
901 B
C

#include <assert.h>
static int x;
int main()
{
int *p0 = &x, *p1, *p2, *p3;
unsigned long salt = 0;
/*
* With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so
* a 1/128 chance of auth = pac(ptr,key,salt) producing zero.
* Find a salt that creates auth != 0.
*/
do {
salt++;
asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));
} while (p0 == p1);
/*
* This pac must fail, because the input pointer bears an encryption,
* and so is not properly extended within bits [55:47]. This will
* toggle bit 54 in the output...
*/
asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));
/* ... so that the aut must fail, setting bit 53 in the output ... */
asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));
/* ... which means this equality must not hold. */
assert(p3 != p0);
return 0;
}