bc97f9f64f
Pointer authentication isn't perfect so measure the percentage of failed checks. As we want to vary the pointer we work through a bunch of different addresses. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Robert Foley <robert.foley@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200225124710.14152-20-alex.bennee@linaro.org>
46 lines
1.3 KiB
C
46 lines
1.3 KiB
C
#include <stdint.h>
|
|
#include <assert.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#define TESTS 1000
|
|
|
|
int main()
|
|
{
|
|
int i, count = 0;
|
|
float perc;
|
|
void *base = malloc(TESTS);
|
|
|
|
for (i = 0; i < TESTS; i++) {
|
|
uintptr_t in, x, y;
|
|
|
|
in = i + (uintptr_t) base;
|
|
|
|
asm("mov %0, %[in]\n\t"
|
|
"pacia %0, sp\n\t" /* sigill if pauth not supported */
|
|
"eor %0, %0, #4\n\t" /* corrupt single bit */
|
|
"mov %1, %0\n\t"
|
|
"autia %1, sp\n\t" /* validate corrupted pointer */
|
|
"xpaci %0\n\t" /* strip pac from corrupted pointer */
|
|
: /* out */ "=r"(x), "=r"(y)
|
|
: /* in */ [in] "r" (in)
|
|
: /* clobbers */);
|
|
|
|
/*
|
|
* Once stripped, the corrupted pointer is of the form 0x0000...wxyz.
|
|
* We expect the autia to indicate failure, producing a pointer of the
|
|
* form 0x000e....wxyz. Use xpaci and != for the test, rather than
|
|
* extracting explicit bits from the top, because the location of the
|
|
* error code "e" depends on the configuration of virtual memory.
|
|
*/
|
|
if (x != y) {
|
|
count++;
|
|
}
|
|
|
|
}
|
|
perc = (float) count / (float) TESTS;
|
|
printf("Checks Passed: %0.2f%%", perc * 100.0);
|
|
assert(perc > 0.95);
|
|
return 0;
|
|
}
|