pauth-4.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt

pauth-4.c (1342B)

      1#include <stdint.h>
      2#include <assert.h>
      3#include <stdio.h>
      4#include <stdlib.h>
      5
      6#define TESTS 1000
      7
      8int main()
      9{
     10    int i, count = 0;
     11    float perc;
     12    void *base = malloc(TESTS);
     13
     14    for (i = 0; i < TESTS; i++) {
     15        uintptr_t in, x, y;
     16
     17        in = i + (uintptr_t) base;
     18
     19        asm("mov %0, %[in]\n\t"
     20            "pacia %0, sp\n\t"        /* sigill if pauth not supported */
     21            "eor %0, %0, #4\n\t"      /* corrupt single bit */
     22            "mov %1, %0\n\t"
     23            "autia %1, sp\n\t"        /* validate corrupted pointer */
     24            "xpaci %0\n\t"            /* strip pac from corrupted pointer */
     25            : /* out */ "=r"(x), "=r"(y)
     26            : /* in */ [in] "r" (in)
     27            : /* clobbers */);
     28
     29        /*
     30         * Once stripped, the corrupted pointer is of the form 0x0000...wxyz.
     31         * We expect the autia to indicate failure, producing a pointer of the
     32         * form 0x000e....wxyz.  Use xpaci and != for the test, rather than
     33         * extracting explicit bits from the top, because the location of the
     34         * error code "e" depends on the configuration of virtual memory.
     35         */
     36        if (x != y) {
     37            count++;
     38        }
     39
     40    }
     41    perc = (float) count / (float) TESTS;
     42    printf("Checks Passed: %0.2f%%", perc * 100.0);
     43    assert(perc > 0.95);
     44    return 0;
     45}